mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

Merge Initial profile for qpdf

Browse Source 
It doesn't seem to need a lot of rules, and I've tried running upstream test suite with this profile and it passed.

Signed-off-by: Allen Huang <allen.huang@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1660
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Merged-by: Maxime Bélair <maxime.belair@canonical.com>
This commit is contained in:
Maxime Bélair 2025-05-12 13:41:01 +00:00
commit 6da9502774
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
profiles/apparmor.d/qpdf Normal file
View File

@ -0,0 +1,42 @@
abi <abi/4.0>,
include <tunables/global>
profile qpdf /usr/bin/qpdf {
include <abstractions/base>
/usr/bin/qpdf mr,
# common file formats for qpdf are included: .pdf, .json and .qdf
# user's home directories
owner @{HOME}/[^.]**.[qQpP][dD][fF] rw,
owner @{HOME}/[^.]**.[jJ][sS][oO][nN] rw,
# allow less common .in and .out files within user's directories
owner @{HOME}/[^.]**.[iI][nN] rw,
owner @{HOME}/[^.]**.[oO][uU][tT] rw,
# tmp directories
owner /tmp/**.[qQpP][dD][fF] rw,
owner /tmp/**.[jJ][sS][oO][nN] rw,
owner /var/tmp/**.[qQpP][dD][fF] rw,
owner /var/tmp/**.[jJ][sS][oO][nN] rw,
# mounts
owner /mnt/**.[qQpP][dD][fF] rw,
owner /mnt/**.[jJ][sS][oO][nN] rw,
owner /media/**.[qQpP][dD][fF] rw,
owner /media/**.[jJ][sS][oO][nN] rw,
/mnt/**.[qQpP][dD][fF] r,
/mnt/**.[jJ][sS][oO][nN] r,
/media/**.[qQpP][dD][fF] r,
/media/**.[jJ][sS][oO][nN] r,
# system locations
/usr/**.[qQpP][dD][fF] r,
/usr/**.[jJ][sS][oO][nN] r,
/opt/**.[qQpP][dD][fF] r,
/opt/**.[jJ][sS][oO][nN] r,
include if exists <local/qpdf>
}