Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-08-02 03:16:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

AppArmor profiles for Onionshare, written by Tails developers

Browse source
This commit is contained in:
Ulrike Uhlig 2016-11-19 21:26:57 +01:00
parent cdbdd366ba
commit 338e9d04c1
5 changed files with 71 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

31
apparmor/abstractions/onionshare Normal file
View file

@ -0,0 +1,31 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/python>
# Why are these not in abstractions/python?
/usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
/usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,
/bin/dash rix,
/proc/*/mounts r,
/proc/*/fd/ r,
/sbin/ldconfig rix,
/sbin/ldconfig.real rix,
/bin/uname rix,
/{,lib/live/mount/rootfs/filesystem.squashfs/}etc/mime.types r,
/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/ r,
/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/** r,
/tmp/ rw,
/tmp/** rw,
# Allow all user data except .gnupg, .ssh and other potential
# places for critically sensitive application data.
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ mrwkl,
audit deny @{HOME}/.*/** mrwkl,
owner @{HOME}/ r,
owner @{HOME}/** r,