diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X index fe2048cd8..2214cb713 100644 --- a/profiles/apparmor.d/abstractions/X +++ b/profiles/apparmor.d/abstractions/X @@ -52,3 +52,6 @@ # mouse themes /etc/X11/cursors/ r, /etc/X11/cursors/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/apache2-common b/profiles/apparmor.d/abstractions/apache2-common index e0a44de80..fe066af4b 100644 --- a/profiles/apparmor.d/abstractions/apache2-common +++ b/profiles/apparmor.d/abstractions/apache2-common @@ -32,3 +32,6 @@ # OCSP stapling /{var/,}run/lock/apache2/stapling-cache* rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/aspell b/profiles/apparmor.d/abstractions/aspell index 954768924..bec20e098 100644 --- a/profiles/apparmor.d/abstractions/aspell +++ b/profiles/apparmor.d/abstractions/aspell @@ -11,3 +11,6 @@ /usr/share/aspell/ r, /usr/share/aspell/* r, /var/lib/aspell/* r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio index 6964a6659..139ce1b2e 100644 --- a/profiles/apparmor.d/abstractions/audio +++ b/profiles/apparmor.d/abstractions/audio @@ -76,3 +76,6 @@ owner @{HOME}/.local/share/openal/hrtf/{,**} r, # wildmidi /etc/wildmidi/wildmidi.cfg r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/authentication b/profiles/apparmor.d/abstractions/authentication index adc338be1..b92516f91 100644 --- a/profiles/apparmor.d/abstractions/authentication +++ b/profiles/apparmor.d/abstractions/authentication @@ -49,3 +49,6 @@ # p11-kit (PKCS#11 modules configuration) #include + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base index 2a39ee04c..38aa81f2c 100644 --- a/profiles/apparmor.d/abstractions/base +++ b/profiles/apparmor.d/abstractions/base @@ -161,3 +161,6 @@ # new-style encrypted $HOME owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/bash b/profiles/apparmor.d/abstractions/bash index e8dcd75cb..97f72a0f8 100644 --- a/profiles/apparmor.d/abstractions/bash +++ b/profiles/apparmor.d/abstractions/bash @@ -42,3 +42,6 @@ /etc/DIR_COLORS r, /{usr/,}bin/ls mix, /usr/bin/dircolors mix, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/consoles b/profiles/apparmor.d/abstractions/consoles index d6c30be83..97bae036c 100644 --- a/profiles/apparmor.d/abstractions/consoles +++ b/profiles/apparmor.d/abstractions/consoles @@ -21,3 +21,6 @@ /dev/pts/[0-9]* rw, /dev/pts/ r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/cups-client b/profiles/apparmor.d/abstractions/cups-client index f38ac0979..4cfd68d82 100644 --- a/profiles/apparmor.d/abstractions/cups-client +++ b/profiles/apparmor.d/abstractions/cups-client @@ -16,3 +16,6 @@ # client should be able to read user-specified cups configuration owner @{HOME}/.cups/client.conf r, owner @{HOME}/.cups/lpoptions r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dbus b/profiles/apparmor.d/abstractions/dbus index c670fc2d9..26df2a12b 100644 --- a/profiles/apparmor.d/abstractions/dbus +++ b/profiles/apparmor.d/abstractions/dbus @@ -14,3 +14,6 @@ #include dbus bus=system, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility b/profiles/apparmor.d/abstractions/dbus-accessibility index 40a330844..77434fc22 100644 --- a/profiles/apparmor.d/abstractions/dbus-accessibility +++ b/profiles/apparmor.d/abstractions/dbus-accessibility @@ -14,3 +14,6 @@ #include dbus bus=accessibility, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility-strict b/profiles/apparmor.d/abstractions/dbus-accessibility-strict index a853ce209..a1b1e80cf 100644 --- a/profiles/apparmor.d/abstractions/dbus-accessibility-strict +++ b/profiles/apparmor.d/abstractions/dbus-accessibility-strict @@ -15,3 +15,6 @@ interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus), + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session index eb1ed91e4..16075ae78 100644 --- a/profiles/apparmor.d/abstractions/dbus-session +++ b/profiles/apparmor.d/abstractions/dbus-session @@ -15,3 +15,6 @@ #include /usr/bin/dbus-launch ix, dbus bus=session, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dbus-session-strict b/profiles/apparmor.d/abstractions/dbus-session-strict index ce6f4f861..f25b6edc2 100644 --- a/profiles/apparmor.d/abstractions/dbus-session-strict +++ b/profiles/apparmor.d/abstractions/dbus-session-strict @@ -26,3 +26,6 @@ interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus), + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dbus-strict b/profiles/apparmor.d/abstractions/dbus-strict index 01a426e46..19cbbe8ae 100644 --- a/profiles/apparmor.d/abstractions/dbus-strict +++ b/profiles/apparmor.d/abstractions/dbus-strict @@ -17,3 +17,6 @@ interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus), + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dconf b/profiles/apparmor.d/abstractions/dconf index 7ef697832..e57cce067 100644 --- a/profiles/apparmor.d/abstractions/dconf +++ b/profiles/apparmor.d/abstractions/dconf @@ -6,3 +6,6 @@ /etc/dconf/** r, owner /{,var/}run/user/*/dconf/user r, owner @{HOME}/.config/dconf/user r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dovecot-common b/profiles/apparmor.d/abstractions/dovecot-common index e1681d9a0..b8be97314 100644 --- a/profiles/apparmor.d/abstractions/dovecot-common +++ b/profiles/apparmor.d/abstractions/dovecot-common @@ -17,3 +17,6 @@ signal receive peer=dovecot, /{var/,}run/dovecot/config rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dri-common b/profiles/apparmor.d/abstractions/dri-common index d6337727d..ac6a5d70c 100644 --- a/profiles/apparmor.d/abstractions/dri-common +++ b/profiles/apparmor.d/abstractions/dri-common @@ -10,3 +10,6 @@ /etc/drirc r, owner @{HOME}/.drirc r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/dri-enumerate b/profiles/apparmor.d/abstractions/dri-enumerate index e101be5cb..c0fb206ce 100644 --- a/profiles/apparmor.d/abstractions/dri-enumerate +++ b/profiles/apparmor.d/abstractions/dri-enumerate @@ -6,3 +6,6 @@ @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/enchant b/profiles/apparmor.d/abstractions/enchant index fd3c81309..66d7248db 100644 --- a/profiles/apparmor.d/abstractions/enchant +++ b/profiles/apparmor.d/abstractions/enchant @@ -54,3 +54,6 @@ # per-user dictionaries owner @{HOME}/.config/enchant/ rw, owner @{HOME}/.config/enchant/* rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/fcitx b/profiles/apparmor.d/abstractions/fcitx index 3d26cc955..0160b3acf 100644 --- a/profiles/apparmor.d/abstractions/fcitx +++ b/profiles/apparmor.d/abstractions/fcitx @@ -11,3 +11,6 @@ #include dbus bus=fcitx, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/fcitx-strict b/profiles/apparmor.d/abstractions/fcitx-strict index d77373417..575265e2c 100644 --- a/profiles/apparmor.d/abstractions/fcitx-strict +++ b/profiles/apparmor.d/abstractions/fcitx-strict @@ -19,3 +19,6 @@ peer=(name=org.freedesktop.DBus), owner @{HOME}/.config/fcitx/dbus/* r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/fonts b/profiles/apparmor.d/abstractions/fonts index 0be55964b..561858466 100644 --- a/profiles/apparmor.d/abstractions/fonts +++ b/profiles/apparmor.d/abstractions/fonts @@ -59,3 +59,6 @@ # data files for LibThai /usr/share/libthai/thbrk.tri r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/freedesktop.org b/profiles/apparmor.d/abstractions/freedesktop.org index ff9746738..2aeb5619d 100644 --- a/profiles/apparmor.d/abstractions/freedesktop.org +++ b/profiles/apparmor.d/abstractions/freedesktop.org @@ -26,3 +26,6 @@ owner @{user_share_dirs}/applications/{**,} r, owner @{user_share_dirs}/icons/{**,} r, owner @{user_share_dirs}/mime/{**,} r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/gnome b/profiles/apparmor.d/abstractions/gnome index c77cc4b98..2c1585829 100644 --- a/profiles/apparmor.d/abstractions/gnome +++ b/profiles/apparmor.d/abstractions/gnome @@ -102,3 +102,6 @@ unix (send, receive, connect) type=stream peer=(addr="@/dbus-vfs-daemon/socket-*"), + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/gnupg b/profiles/apparmor.d/abstractions/gnupg index d04c920df..7d7e5f633 100644 --- a/profiles/apparmor.d/abstractions/gnupg +++ b/profiles/apparmor.d/abstractions/gnupg @@ -9,3 +9,6 @@ owner @{HOME}/.gnupg/secring.gpg r, owner @{HOME}/.gnupg/so/*.x86_64 mr, owner @{HOME}/.gnupg/trustdb.gpg rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ibus b/profiles/apparmor.d/abstractions/ibus index c76fe3bfe..79a4a386c 100644 --- a/profiles/apparmor.d/abstractions/ibus +++ b/profiles/apparmor.d/abstractions/ibus @@ -13,3 +13,6 @@ owner @{HOME}/.config/ibus/ r, owner @{HOME}/.config/ibus/bus/ rw, owner @{HOME}/.config/ibus/bus/* rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/kde b/profiles/apparmor.d/abstractions/kde index be03995cb..3dc525b6f 100644 --- a/profiles/apparmor.d/abstractions/kde +++ b/profiles/apparmor.d/abstractions/kde @@ -73,3 +73,6 @@ owner @{HOME}/.config/trashrc r, # Used by KFileWidget /usr/lib/@{multiarch}/qt4/lib*/lib*so* mr, /usr/lib/@{multiarch}/qt4/plugins/** mr, /usr/share/qt4/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/kde-globals-write b/profiles/apparmor.d/abstractions/kde-globals-write index 5f878e845..c2b218649 100644 --- a/profiles/apparmor.d/abstractions/kde-globals-write +++ b/profiles/apparmor.d/abstractions/kde-globals-write @@ -8,3 +8,6 @@ owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*, owner @{HOME}/.config/kdeglobals.lock rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/kde-icon-cache-write b/profiles/apparmor.d/abstractions/kde-icon-cache-write index d37fb3b8e..7e78560c6 100644 --- a/profiles/apparmor.d/abstractions/kde-icon-cache-write +++ b/profiles/apparmor.d/abstractions/kde-icon-cache-write @@ -5,3 +5,6 @@ owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/kde-language-write b/profiles/apparmor.d/abstractions/kde-language-write index 8e9539929..f519e432c 100644 --- a/profiles/apparmor.d/abstractions/kde-language-write +++ b/profiles/apparmor.d/abstractions/kde-language-write @@ -10,3 +10,6 @@ owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*, owner @{HOME}/.config/klanguageoverridesrc.lock rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/kerberosclient b/profiles/apparmor.d/abstractions/kerberosclient index eab762a2f..8b08c146b 100644 --- a/profiles/apparmor.d/abstractions/kerberosclient +++ b/profiles/apparmor.d/abstractions/kerberosclient @@ -30,3 +30,6 @@ # credential caches /tmp/krb5cc* r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ldapclient b/profiles/apparmor.d/abstractions/ldapclient index 0c527282f..1c5de438a 100644 --- a/profiles/apparmor.d/abstractions/ldapclient +++ b/profiles/apparmor.d/abstractions/ldapclient @@ -22,3 +22,6 @@ /{,var/}run/nslcd/socket rw, #include + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/libpam-systemd b/profiles/apparmor.d/abstractions/libpam-systemd index 76ee86933..1526a867f 100644 --- a/profiles/apparmor.d/abstractions/libpam-systemd +++ b/profiles/apparmor.d/abstractions/libpam-systemd @@ -17,3 +17,6 @@ path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={CreateSession,ReleaseSession}, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/likewise b/profiles/apparmor.d/abstractions/likewise index 7482842a6..58b7da58d 100644 --- a/profiles/apparmor.d/abstractions/likewise +++ b/profiles/apparmor.d/abstractions/likewise @@ -11,3 +11,6 @@ /tmp/.lwidentity/pipe rw, /var/lib/likewise-open/lwidentity_privileged/pipe rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/mdns b/profiles/apparmor.d/abstractions/mdns index e05ef3a45..2aa6fff2c 100644 --- a/profiles/apparmor.d/abstractions/mdns +++ b/profiles/apparmor.d/abstractions/mdns @@ -11,3 +11,6 @@ # mdnsd /etc/nss_mdns.conf r, /{,var/}run/mdnsd w, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/mesa b/profiles/apparmor.d/abstractions/mesa index 6e4a8c9a6..7a58db0ba 100644 --- a/profiles/apparmor.d/abstractions/mesa +++ b/profiles/apparmor.d/abstractions/mesa @@ -12,3 +12,6 @@ owner @{HOME}/.cache/mesa_shader_cache/??/ w, owner @{HOME}/.cache/mesa_shader_cache/??/* rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/mir b/profiles/apparmor.d/abstractions/mir index 16c57ec33..c6233d7f4 100644 --- a/profiles/apparmor.d/abstractions/mir +++ b/profiles/apparmor.d/abstractions/mir @@ -15,3 +15,6 @@ /usr/lib/@{multiarch}/mir/**/*.so* mr, # unprivileged mir socket for clients + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/mozc b/profiles/apparmor.d/abstractions/mozc index f736bc26e..da200c50a 100644 --- a/profiles/apparmor.d/abstractions/mozc +++ b/profiles/apparmor.d/abstractions/mozc @@ -10,3 +10,6 @@ # ------------------------------------------------------------------ unix (connect, receive, send) type=stream peer=(addr="@tmp/.mozc.*"), + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/mysql b/profiles/apparmor.d/abstractions/mysql index fed759bb0..007936a4b 100644 --- a/profiles/apparmor.d/abstractions/mysql +++ b/profiles/apparmor.d/abstractions/mysql @@ -13,3 +13,6 @@ /{var/,}run/mysql{,d}/mysql{,d}.sock rw, /usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r, /usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice index ef2c5b2e5..ec639cdaf 100644 --- a/profiles/apparmor.d/abstractions/nameservice +++ b/profiles/apparmor.d/abstractions/nameservice @@ -99,3 +99,6 @@ # interface details @{PROC}/@{pid}/net/route r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/nis b/profiles/apparmor.d/abstractions/nis index 690e6796a..84776be85 100644 --- a/profiles/apparmor.d/abstractions/nis +++ b/profiles/apparmor.d/abstractions/nis @@ -13,3 +13,6 @@ # portmapper may ask root processes to do nis/ldap at low ports capability net_bind_service, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia index b01ef8b55..4d86c19cf 100644 --- a/profiles/apparmor.d/abstractions/nvidia +++ b/profiles/apparmor.d/abstractions/nvidia @@ -26,3 +26,6 @@ owner @{HOME}/.nv/GLCache/** rwk, unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"), + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/opencl b/profiles/apparmor.d/abstractions/opencl index 32a21b2a5..5e19d683f 100644 --- a/profiles/apparmor.d/abstractions/opencl +++ b/profiles/apparmor.d/abstractions/opencl @@ -7,3 +7,6 @@ #include #include + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/opencl-common b/profiles/apparmor.d/abstractions/opencl-common index 0ad3d559a..a0cf64ab9 100644 --- a/profiles/apparmor.d/abstractions/opencl-common +++ b/profiles/apparmor.d/abstractions/opencl-common @@ -8,3 +8,6 @@ @{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so @{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/opencl-intel b/profiles/apparmor.d/abstractions/opencl-intel index 353eeca29..858642251 100644 --- a/profiles/apparmor.d/abstractions/opencl-intel +++ b/profiles/apparmor.d/abstractions/opencl-intel @@ -15,3 +15,6 @@ @{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?) /usr/lib/@{multiarch}/beignet/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/opencl-mesa b/profiles/apparmor.d/abstractions/opencl-mesa index 9d7f82b27..c348acfe6 100644 --- a/profiles/apparmor.d/abstractions/opencl-mesa +++ b/profiles/apparmor.d/abstractions/opencl-mesa @@ -18,3 +18,6 @@ owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/opencl-nvidia b/profiles/apparmor.d/abstractions/opencl-nvidia index 8a4764ecb..677a4d6dd 100644 --- a/profiles/apparmor.d/abstractions/opencl-nvidia +++ b/profiles/apparmor.d/abstractions/opencl-nvidia @@ -28,3 +28,6 @@ owner @{HOME}/.nv/ComputeCache/** rw, owner @{HOME}/.nv/ComputeCache/index rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/opencl-pocl b/profiles/apparmor.d/abstractions/opencl-pocl index 054689abc..a66142878 100644 --- a/profiles/apparmor.d/abstractions/opencl-pocl +++ b/profiles/apparmor.d/abstractions/opencl-pocl @@ -74,3 +74,6 @@ owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw, } + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/openssl b/profiles/apparmor.d/abstractions/openssl index 697da7aeb..60bb51017 100644 --- a/profiles/apparmor.d/abstractions/openssl +++ b/profiles/apparmor.d/abstractions/openssl @@ -12,3 +12,6 @@ /usr/share/ssl/openssl.cnf r, @{PROC}/sys/crypto/fips_enabled r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/orbit2 b/profiles/apparmor.d/abstractions/orbit2 index b8df9df6d..b80904f82 100644 --- a/profiles/apparmor.d/abstractions/orbit2 +++ b/profiles/apparmor.d/abstractions/orbit2 @@ -3,3 +3,6 @@ # system library /usr/lib/orbit-2.0/*.so mr, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/p11-kit b/profiles/apparmor.d/abstractions/p11-kit index 84b7b11d6..3b231a158 100644 --- a/profiles/apparmor.d/abstractions/p11-kit +++ b/profiles/apparmor.d/abstractions/p11-kit @@ -25,3 +25,6 @@ # p11-kit also supports reading user configuration from ~/.pkcs11 depending # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be # included in this abstraction. + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/perl b/profiles/apparmor.d/abstractions/perl index 0e20aeb5c..245a9c927 100644 --- a/profiles/apparmor.d/abstractions/perl +++ b/profiles/apparmor.d/abstractions/perl @@ -21,3 +21,6 @@ /usr/share/perl/** r, /usr/share/perl5/** r, /etc/perl/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php index 4aba2415c..b6a166254 100644 --- a/profiles/apparmor.d/abstractions/php +++ b/profiles/apparmor.d/abstractions/php @@ -37,3 +37,6 @@ # Zend opcache /tmp/.ZendSem.* rwlk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/php5 b/profiles/apparmor.d/abstractions/php5 index 9f5355f98..b20961242 100644 --- a/profiles/apparmor.d/abstractions/php5 +++ b/profiles/apparmor.d/abstractions/php5 @@ -1,3 +1,6 @@ #backwards compatibility include, actual abstraction moved from php5 to php #include + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/postfix-common b/profiles/apparmor.d/abstractions/postfix-common index d3550c41a..19f47824a 100644 --- a/profiles/apparmor.d/abstractions/postfix-common +++ b/profiles/apparmor.d/abstractions/postfix-common @@ -35,3 +35,6 @@ /var/spool/postfix/lib/@{multiarch}/lib*.so* mr, /etc/postfix/dynamicmaps.cf.d/ r, + + Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/private-files b/profiles/apparmor.d/abstractions/private-files index 09f6d9bdc..24cf3bd4c 100644 --- a/profiles/apparmor.d/abstractions/private-files +++ b/profiles/apparmor.d/abstractions/private-files @@ -45,3 +45,6 @@ deny @{HOME}/.zshenv mrk, audit deny @{HOME}/.zshenv wl, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict index 31934318f..b0175a815 100644 --- a/profiles/apparmor.d/abstractions/private-files-strict +++ b/profiles/apparmor.d/abstractions/private-files-strict @@ -23,3 +23,6 @@ audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl, audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/python b/profiles/apparmor.d/abstractions/python index 925161c11..e2d109847 100644 --- a/profiles/apparmor.d/abstractions/python +++ b/profiles/apparmor.d/abstractions/python @@ -35,3 +35,6 @@ # python build configuration and headers /usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/qt5 b/profiles/apparmor.d/abstractions/qt5 index 2e3e5ceda..a872a5a58 100644 --- a/profiles/apparmor.d/abstractions/qt5 +++ b/profiles/apparmor.d/abstractions/qt5 @@ -19,3 +19,6 @@ owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access) owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/qt5-compose-cache-write b/profiles/apparmor.d/abstractions/qt5-compose-cache-write index 38cb23486..990dca8fd 100644 --- a/profiles/apparmor.d/abstractions/qt5-compose-cache-write +++ b/profiles/apparmor.d/abstractions/qt5-compose-cache-write @@ -6,3 +6,6 @@ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9], owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory) + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/qt5-settings-write b/profiles/apparmor.d/abstractions/qt5-settings-write index 07d10972d..bf64129de 100644 --- a/profiles/apparmor.d/abstractions/qt5-settings-write +++ b/profiles/apparmor.d/abstractions/qt5-settings-write @@ -9,3 +9,6 @@ owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{HOME}/.config/QtProject.conf.lock rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/recent-documents-write b/profiles/apparmor.d/abstractions/recent-documents-write index d95febb8f..5b285ca88 100644 --- a/profiles/apparmor.d/abstractions/recent-documents-write +++ b/profiles/apparmor.d/abstractions/recent-documents-write @@ -8,3 +8,6 @@ owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*, owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ruby b/profiles/apparmor.d/abstractions/ruby index ff4ac9fac..5277f766a 100644 --- a/profiles/apparmor.d/abstractions/ruby +++ b/profiles/apparmor.d/abstractions/ruby @@ -19,3 +19,6 @@ /usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/ r, /usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/samba b/profiles/apparmor.d/abstractions/samba index 1cab7309e..28d06d25e 100644 --- a/profiles/apparmor.d/abstractions/samba +++ b/profiles/apparmor.d/abstractions/samba @@ -25,3 +25,6 @@ # required for clustering /var/lib/ctdb/** rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/smbpass b/profiles/apparmor.d/abstractions/smbpass index eb4cf26bb..ca458e9ff 100644 --- a/profiles/apparmor.d/abstractions/smbpass +++ b/profiles/apparmor.d/abstractions/smbpass @@ -11,3 +11,6 @@ # libpam-smbpass/pam_smbpass.so permissions /var/lib/samba/*.[lt]db rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs index b5382ec96..910fcff35 100644 --- a/profiles/apparmor.d/abstractions/ssl_certs +++ b/profiles/apparmor.d/abstractions/ssl_certs @@ -38,3 +38,6 @@ /etc/letsencrypt/archive/*/cert*.pem r, /etc/letsencrypt/archive/*/chain*.pem r, /etc/letsencrypt/archive/*/fullchain*.pem r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys index 84f5c503d..ff131c925 100644 --- a/profiles/apparmor.d/abstractions/ssl_keys +++ b/profiles/apparmor.d/abstractions/ssl_keys @@ -26,3 +26,6 @@ # certbot / letsencrypt /etc/letsencrypt/archive/*/privkey*.pem r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/svn-repositories b/profiles/apparmor.d/abstractions/svn-repositories index 68ac5e0be..6bb5fa4b8 100644 --- a/profiles/apparmor.d/abstractions/svn-repositories +++ b/profiles/apparmor.d/abstractions/svn-repositories @@ -50,3 +50,6 @@ /tmp/apr* rwl, /var/tmp/apr* rwl, /tmp/report*.tmp rwl, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients index fb820c5a5..9b76012c7 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients +++ b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients @@ -15,3 +15,6 @@ /usr/bin/ktorrent Cxr -> sanitized_helper, /usr/bin/qbittorrent Cxr -> sanitized_helper, /usr/bin/transmission{,-gtk,-qt,-cli} Cxr -> sanitized_helper, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-browsers b/profiles/apparmor.d/abstractions/ubuntu-console-browsers index 554469e75..7a3423f72 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-console-browsers +++ b/profiles/apparmor.d/abstractions/ubuntu-console-browsers @@ -16,3 +16,6 @@ /usr/bin/netrik Cx -> sanitized_helper, /usr/bin/w3m Cx -> sanitized_helper, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-email b/profiles/apparmor.d/abstractions/ubuntu-console-email index f77c9bd62..98d098236 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-console-email +++ b/profiles/apparmor.d/abstractions/ubuntu-console-email @@ -16,3 +16,6 @@ /usr/bin/elmo Cx -> sanitized_helper, /usr/bin/mutt Cx -> sanitized_helper, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-email b/profiles/apparmor.d/abstractions/ubuntu-email index 48e0c6f40..41c3e8983 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-email +++ b/profiles/apparmor.d/abstractions/ubuntu-email @@ -22,3 +22,6 @@ /usr/bin/thunderbird Cx -> sanitized_helper, # used by gio-launch-desktop /usr/lib/thunderbird*/thunderbird{,.sh,-bin} Cx -> sanitized_helper, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-feed-readers b/profiles/apparmor.d/abstractions/ubuntu-feed-readers index 85379e300..232a5f115 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-feed-readers +++ b/profiles/apparmor.d/abstractions/ubuntu-feed-readers @@ -8,3 +8,6 @@ /usr/bin/akregator Cxr -> sanitized_helper, /usr/bin/liferea-add-feed Cxr -> sanitized_helper, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal index 7604df1e7..32bd3bb5d 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal +++ b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal @@ -8,3 +8,6 @@ # do not use ux or PUx here. Use at a minimum ix /usr/bin/gnome-terminal ix, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-konsole b/profiles/apparmor.d/abstractions/ubuntu-konsole index baa8fb395..0b493a9da 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-konsole +++ b/profiles/apparmor.d/abstractions/ubuntu-konsole @@ -15,3 +15,6 @@ # do not use ux or Ux here. Use at a minimum ix /usr/bin/konsole ix, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-media-players b/profiles/apparmor.d/abstractions/ubuntu-media-players index 5918cb8c1..cd13447e8 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-media-players +++ b/profiles/apparmor.d/abstractions/ubuntu-media-players @@ -58,3 +58,6 @@ /etc/gnashpluginrc r, owner @{HOME}/.gnash/ rw, owner @{HOME}/.gnash/** rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-base b/profiles/apparmor.d/abstractions/ubuntu-unity7-base index 25e88b692..7651cefea 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-unity7-base +++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-base @@ -98,3 +98,6 @@ # Deny potentially dangerous access # deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher b/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher index 52f6cd438..64e8fdb36 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher +++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher @@ -5,3 +5,6 @@ bus=session interface="com.canonical.Unity.LauncherEntry" member="Update", + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging b/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging index 828592eef..139266326 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging +++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging @@ -5,3 +5,6 @@ dbus (receive, send) bus=session path="/com/canonical/indicator/messages/*", + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/ubuntu-xterm b/profiles/apparmor.d/abstractions/ubuntu-xterm index a062cc72b..6e56e777c 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-xterm +++ b/profiles/apparmor.d/abstractions/ubuntu-xterm @@ -11,3 +11,6 @@ # do not use ux or Ux here. Use at a minimum ix /usr/bin/xterm ix, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/user-download b/profiles/apparmor.d/abstractions/user-download index ea1043a33..b14507784 100644 --- a/profiles/apparmor.d/abstractions/user-download +++ b/profiles/apparmor.d/abstractions/user-download @@ -22,3 +22,6 @@ owner @{HOME}/@{XDG_DOWNLOAD_DIR}/* rwl, owner "@{HOME}/My Downloads/" r, owner "@{HOME}/My Downloads/**" rwl, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/user-mail b/profiles/apparmor.d/abstractions/user-mail index b799ffcac..2475ead1e 100644 --- a/profiles/apparmor.d/abstractions/user-mail +++ b/profiles/apparmor.d/abstractions/user-mail @@ -21,3 +21,6 @@ owner @{HOME}/.forward r, owner @{HOME}/Maildir/ r, owner @{HOME}/Maildir/** rwl, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/user-manpages b/profiles/apparmor.d/abstractions/user-manpages index b7cc0cb8e..1a641508f 100644 --- a/profiles/apparmor.d/abstractions/user-manpages +++ b/profiles/apparmor.d/abstractions/user-manpages @@ -22,3 +22,6 @@ /usr/local/share/man/man?/** r, /usr/{share,X11R6,local,kerberos}/man/** r, /usr/man/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/user-tmp b/profiles/apparmor.d/abstractions/user-tmp index 63993d60d..e291e4e60 100644 --- a/profiles/apparmor.d/abstractions/user-tmp +++ b/profiles/apparmor.d/abstractions/user-tmp @@ -18,3 +18,6 @@ /var/tmp/ rw, owner /tmp/** rwkl, /tmp/ rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/user-write b/profiles/apparmor.d/abstractions/user-write index c6ea29bdf..ecaf9e623 100644 --- a/profiles/apparmor.d/abstractions/user-write +++ b/profiles/apparmor.d/abstractions/user-write @@ -19,3 +19,6 @@ owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl, owner @{HOME}/@{XDG_DOCUMENTS_DIR}/** rwl, owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/** rwl, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/video b/profiles/apparmor.d/abstractions/video index 00a834681..442b15b1d 100644 --- a/profiles/apparmor.d/abstractions/video +++ b/profiles/apparmor.d/abstractions/video @@ -4,3 +4,6 @@ # System devices @{sys}/class/video4linux r, @{sys}/class/video4linux/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/vulkan b/profiles/apparmor.d/abstractions/vulkan index 39b5d5ff9..5b0dd379d 100644 --- a/profiles/apparmor.d/abstractions/vulkan +++ b/profiles/apparmor.d/abstractions/vulkan @@ -12,3 +12,6 @@ # User files owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/wayland b/profiles/apparmor.d/abstractions/wayland index fe0bb7857..aca31340c 100644 --- a/profiles/apparmor.d/abstractions/wayland +++ b/profiles/apparmor.d/abstractions/wayland @@ -11,3 +11,6 @@ owner /run/user/*/wayland-[0-9]* rw, owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/web-data b/profiles/apparmor.d/abstractions/web-data index 0baf29902..f24a6b853 100644 --- a/profiles/apparmor.d/abstractions/web-data +++ b/profiles/apparmor.d/abstractions/web-data @@ -23,3 +23,6 @@ /var/www/html/ r, /var/www/html/** r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/winbind b/profiles/apparmor.d/abstractions/winbind index e982889ea..7b0db370d 100644 --- a/profiles/apparmor.d/abstractions/winbind +++ b/profiles/apparmor.d/abstractions/winbind @@ -19,3 +19,6 @@ /usr/lib*/samba/lowcase.dat r, /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/wutmp b/profiles/apparmor.d/abstractions/wutmp index d7509558a..3d9778ffd 100644 --- a/profiles/apparmor.d/abstractions/wutmp +++ b/profiles/apparmor.d/abstractions/wutmp @@ -14,3 +14,6 @@ /var/log/lastlog rwk, /var/log/wtmp wk, /{,var/}run/utmp rwk, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/xad b/profiles/apparmor.d/abstractions/xad index 54b0f40e2..18f4f3d33 100644 --- a/profiles/apparmor.d/abstractions/xad +++ b/profiles/apparmor.d/abstractions/xad @@ -23,3 +23,6 @@ /var/opt/novell/nici/* r, /var/opt/novell/nici/*/ r, /var/opt/novell/nici/*/* rw, + + # Include additions to the abstraction + #include if exists diff --git a/profiles/apparmor.d/abstractions/xdg-desktop b/profiles/apparmor.d/abstractions/xdg-desktop index bc8f6a00c..f87a1a69d 100644 --- a/profiles/apparmor.d/abstractions/xdg-desktop +++ b/profiles/apparmor.d/abstractions/xdg-desktop @@ -22,3 +22,6 @@ # fallbacks /usr/share/ r, /usr/local/share/ r, + + # Include additions to the abstraction + #include if exists