2016-11-19 15:26:57 -05:00
|
|
|
#include <tunables/global>
|
|
|
|
|
|
2017-01-18 14:58:03 -05:00
|
|
|
/usr/bin/onionshare-gui {
|
2016-11-19 15:26:57 -05:00
|
|
|
#include <abstractions/gnome>
|
|
|
|
|
#include <abstractions/ibus>
|
|
|
|
|
#include <abstractions/onionshare>
|
|
|
|
|
|
|
|
|
|
/usr/bin/ r,
|
|
|
|
|
/usr/bin/onionshare-gui r,
|
|
|
|
|
/proc/*/cmdline r,
|
2017-01-18 14:58:03 -05:00
|
|
|
|
|
|
|
|
# The freedesktop.org abstraction doesn't allow `k`
|
|
|
|
|
/usr/share/icons/*/index.theme k,
|
2016-11-19 15:26:57 -05:00
|
|
|
|
|
|
|
|
# Why do these still emit audit journal entries?
|
|
|
|
|
owner @{HOME}/.config/ibus/bus/ rw,
|
|
|
|
|
owner @{HOME}/.config/ibus/bus/* rw,
|
|
|
|
|
deny @{HOME}/.ICEauthority r,
|
|
|
|
|
|
2017-01-18 14:58:03 -05:00
|
|
|
deny /etc/machine-id r,
|
2016-11-19 15:26:57 -05:00
|
|
|
deny /var/lib/dbus/machine-id.* rw,
|
|
|
|
|
|
|
|
|
|
# Accessibility support
|
|
|
|
|
owner /{,var/}run/user/*/at-spi2-*/ rw,
|
|
|
|
|
owner /{,var/}run/user/*/at-spi2-*/** rw,
|
|
|
|
|
|
|
|
|
|
#include <local/usr.bin.onionshare-gui>
|
|
|
|
|
}
|
