AppArmor

Merge lp:~jpds/apparmor/pidgin-profile into lp:~ubuntu-core-dev/apparmor/profiles-devel

  1. pidgin-profile
  2. Merge into profiles-devel
Proposed by Jonathan Davies
Status: Merged
Merge reported by: Jamie Strandboge
Merged at revision: not available
Proposed branch: lp:~jpds/apparmor/pidgin-profile
Merge into: lp:~ubuntu-core-dev/apparmor/profiles-devel
Diff against target: None lines
To merge this branch: bzr merge lp:~jpds/apparmor/pidgin-profile
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Review via email: mp+5034@code.launchpad.net
To post a comment you must log in.
lp:~jpds/apparmor/pidgin-profile updated
8. By Jonathan Davies

Removed denies for /etc/kernel and passwd.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Sorry I didn't see this until now. It is approved and merged.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'usr.bin.pidgin'
2--- usr.bin.pidgin 1970-01-01 00:00:00 +0000
3+++ usr.bin.pidgin 2009-03-30 15:41:55 +0000
4@@ -0,0 +1,85 @@
5+#
6+# AppArmor Pidgin profile for Ubuntu 9.04 Jaunty
7+#
8+# This program is free software; you can redistribute it and/or
9+# modify it under the terms of version 2 of the GNU General Public
10+# License published by the Free Software Foundation.
11+#
12+
13+
14+#include <tunables/global>
15+/usr/bin/pidgin {
16+ #include <abstractions/audio>
17+ #include <abstractions/aspell>
18+ #include <abstractions/base>
19+ #include <abstractions/bash>
20+ #include <abstractions/consoles>
21+ #include <abstractions/dbus>
22+ #include <abstractions/fonts>
23+ #include <abstractions/freedesktop.org>
24+ #include <abstractions/gnome>
25+ #include <abstractions/nameservice>
26+ #include <abstractions/launchpad-integration>
27+ #include <abstractions/user-download>
28+ #include <abstractions/user-tmp>
29+ #include <abstractions/X>
30+
31+ capability sys_ptrace,
32+
33+ deny /etc/kernel rm,
34+ deny /etc/passwd rm,
35+
36+ deny @{HOME}/.bash* rw,
37+ deny @{HOME}/.cshrc rw,
38+ deny @{HOME}/.profile rw,
39+ deny @{HOME}/.ssh/* rw,
40+ deny @{HOME}/.zshrc rw,
41+
42+ owner @{HOME}/.config/enchant/ rw,
43+ owner @{HOME}/.config/enchant/* rwk,
44+ owner @{HOME}/.local/share/icons/ r,
45+ owner @{HOME}/.local/share/mime/* r,
46+ owner @{HOME}/.gnome2/nautilus-sendto/** rw,
47+ owner @{HOME}/.gstreamer*/ rw,
48+ owner @{HOME}/.gstreamer*/** rw,
49+ owner @{HOME}/.pulse/ rw,
50+ owner @{HOME}/.pulse/** rw,
51+ owner @{HOME}/.pulse-cookie rwk,
52+ owner @{HOME}/.purple/ rw,
53+ owner @{HOME}/.purple/** rwk,
54+
55+ /bin/dash rix,
56+
57+ /dev/shm/ r,
58+ /dev/shm/* rw,
59+
60+ /etc/ r,
61+ /etc/pulse/client.conf r,
62+ /etc/ssl/certs/ r,
63+ /etc/ssl/certs/ssl-cert-snakeoil.pem r,
64+
65+ owner /tmp/orbit-*/* w,
66+ owner /tmp/pulse-*/* w,
67+
68+ /usr/bin/gconftool-2 rix,
69+ /usr/bin/gnome-default-applications-properties ix,
70+ /usr/bin/gnome-network-preferences ix,
71+ /usr/bin/gnome-open rmix,
72+ /usr/bin/pidgin r,
73+ /usr/bin/xdg-open rmix,
74+
75+ /usr/lib/ r,
76+ /usr/lib/firefox-*/firefox.sh Px,
77+ /usr/lib/libvisual-*/**.so rm,
78+ /usr/lib/pidgin/*.so rm,
79+ /usr/lib/purple*/*.so rm,
80+
81+ /usr/share/ca-certificates/*/** r,
82+ /usr/share/enchant/enchant.ordering r,
83+ /usr/share/locale-langpack/** rm,
84+ /usr/share/purple/ca-certs/ r,
85+ /usr/share/purple/ca-certs/** r,
86+ /usr/share/myspell/dicts/ r,
87+ /usr/share/myspell/dicts/** r,
88+ /usr/share/tcltk/** r,
89+}
90
91=== renamed file 'usr.lib.firefox-3.0.7.firefox' => 'usr.lib.firefox-3.0.8.firefox'
92--- usr.lib.firefox-3.0.7.firefox 2009-03-25 18:27:20 +0000
93+++ usr.lib.firefox-3.0.8.firefox 2009-03-30 15:40:31 +0000
94@@ -4,7 +4,7 @@
95
96 #include <tunables/global>
97
98-/usr/lib/firefox-3.0.7/firefox {
99+/usr/lib/firefox-3.0.8/firefox {
100 #include <abstractions/audio>
101 #include <abstractions/base>
102 #include <abstractions/cups-client>

Subscribers

People subscribed via source and target branches