From fbb8486fe68c80c34ddf7675e6bbd3fb59409cdf Mon Sep 17 00:00:00 2001
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Thu, 27 Sep 2018 11:53:52 -0500
Subject: [PATCH] abstractions/private-files: disallow writes to thumbnailer
 dir (LP: #1788929)

---
 profiles/apparmor.d/abstractions/private-files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/profiles/apparmor.d/abstractions/private-files b/profiles/apparmor.d/abstractions/private-files
index 3149b0d1d..b1c348f4c 100644
--- a/profiles/apparmor.d/abstractions/private-files
+++ b/profiles/apparmor.d/abstractions/private-files
@@ -19,6 +19,7 @@
   audit deny @{HOME}/.init/** wl,
   audit deny @{HOME}/.kde{,4}/Autostart/** wl,
   audit deny @{HOME}/.kde{,4}/env/** wl,
+  audit deny @{HOME}/.local/share/thumbnailers/** wl,
   audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
 
   # don't allow reading/updating of run control files