mirror of
https://github.com/onionshare/onionshare.git
synced 2024-12-18 04:04:45 -05:00
6cceac3b3e
Work from Tails Developers, main git repository, currently devel branch. Upstream commits: commit 6e7ad41ca9664246856fe9553c202f09a1d1066b Remove superfluous AppArmor rule. The pattern `[^.]*` matches a subset of `[^.]**`, so we only need to keep the latter. commit b3a827d8e3c3fee78ec18450dfaf38a3d4eaf270 Make onionshare-gui able to access folders beneath $HOME. Without this change e.g. ~/Documents is inaccessible. To be honest, this does not makes sense to me, as my interpretation of the old patterns clearly should allow subfolders and files therein. commit db2b3a3f73aa01a54c9b7cb5ab83da1d083b7169 WIP: AppArmor profile improvements.
29 lines
695 B
Plaintext
29 lines
695 B
Plaintext
#include <tunables/global>
|
|
|
|
/usr/bin/onionshare-gui {
|
|
#include <abstractions/gnome>
|
|
#include <abstractions/ibus>
|
|
#include <abstractions/onionshare>
|
|
|
|
/usr/bin/ r,
|
|
/usr/bin/onionshare-gui r,
|
|
/proc/*/cmdline r,
|
|
|
|
# The freedesktop.org abstraction doesn't allow `k`
|
|
/usr/share/icons/*/index.theme k,
|
|
|
|
# Why do these still emit audit journal entries?
|
|
owner @{HOME}/.config/ibus/bus/ rw,
|
|
owner @{HOME}/.config/ibus/bus/* rw,
|
|
deny @{HOME}/.ICEauthority r,
|
|
|
|
deny /etc/machine-id r,
|
|
deny /var/lib/dbus/machine-id.* rw,
|
|
|
|
# Accessibility support
|
|
owner /{,var/}run/user/*/at-spi2-*/ rw,
|
|
owner /{,var/}run/user/*/at-spi2-*/** rw,
|
|
|
|
#include <local/usr.bin.onionshare-gui>
|
|
}
|