mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

abstractions/private-files: disallow access to the dirs of private files

Browse Source 
Reference:
https://launchpad.net/bugs/1794820
This commit is contained in:
Emerson Bernier
2018-09-27 19:07:21 +00:00
committed by John Johansen
parent d0ffb0fb48
commit 660de9d4c3
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
profiles/apparmor.d/abstractions/private-files
View File

@@ -13,14 +13,14 @@
deny @{HOME}/.*.bak mrwkl,
# special attention to (potentially) executable files
audit deny @{HOME}/bin/** wl,
audit deny @{HOME}/.config/autostart/** wl,
audit deny @{HOME}/.config/upstart/** wl,
audit deny @{HOME}/.init/** wl,
audit deny @{HOME}/.kde{,4}/Autostart/** wl,
audit deny @{HOME}/.kde{,4}/env/** wl,
audit deny @{HOME}/.local/share/thumbnailers/** wl,
audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
audit deny @{HOME}/bin/{,**} wl,
audit deny @{HOME}/.config/autostart/{,**} wl,
audit deny @{HOME}/.config/upstart/{,**} wl,
audit deny @{HOME}/.init/{,**} wl,
audit deny @{HOME}/.kde{,4}/Autostart/{,**} wl,
audit deny @{HOME}/.kde{,4}/env/{,**} wl,
audit deny @{HOME}/.local/share/thumbnailers/{,**} wl,
audit deny @{HOME}/.pki/{,nssdb}/{,*.so{,.[0-9]*}} wl,
# don't allow reading/updating of run control files
deny @{HOME}/.*rc mrk,