mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-05 16:55:32 +00:00
ad0a6ac6bf
Reported on IRC by finalspacevoid
Acked-by: Steve Beattie <steve@nxnw.org>
Merge branch 'cboltz-kwallet-path' into 'master'
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/704
(cherry picked from commit 15e897cad0)
(Fixed up conflict due to 2.13 not containing the include rule for
abstractions/private-files-strict.d/)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
# vim:syntax=apparmor
|
|
# privacy-violations-strict contains additional rules for sensitive
|
|
# files that you want to explicitly deny access
|
|
|
|
#include <abstractions/private-files>
|
|
|
|
# potentially extremely sensitive files
|
|
audit deny @{HOME}/.aws/{,**} mrwkl,
|
|
audit deny @{HOME}/.gnupg/{,**} mrwkl,
|
|
audit deny @{HOME}/.ssh/{,**} mrwkl,
|
|
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
|
|
audit deny @{HOME}/.gnome2/ w,
|
|
audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
|
|
# don't allow access to any gnome-keyring modules
|
|
audit deny /{,var/}run/user/[0-9]*/keyring** mrwkl,
|
|
audit deny @{HOME}/.mozilla/{,**} mrwkl,
|
|
audit deny @{HOME}/.config/ w,
|
|
audit deny @{HOME}/.config/chromium/{,**} mrwkl,
|
|
audit deny @{HOME}/.config/evolution/{,**} mrwkl,
|
|
audit deny @{HOME}/.evolution/{,**} mrwkl,
|
|
audit deny @{HOME}/.{,mozilla-}thunderbird/{,**} mrwkl,
|
|
audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
|
|
audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl,
|
|
audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
|
|
audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
|