summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare')
-rw-r--r--config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare29
1 files changed, 29 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare b/config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare
new file mode 100644
index 0000000..b90e243
--- /dev/null
+++ b/config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare
@@ -0,0 +1,29 @@
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/private-files-strict>
+ #include <abstractions/python>
+
+ # Why are these not in abstractions/python?
+ /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
+ /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
+ /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
+ /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
+ /usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
+ /usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,
+
+ /bin/dash rix,
+ /proc/*/mounts r,
+ /proc/*/fd/ r,
+ /sbin/ldconfig rix,
+ /sbin/ldconfig.real rix,
+ /bin/uname rix,
+ /etc/mime.types r,
+ /usr/share/onionshare/ r,
+ /usr/share/onionshare/** r,
+ /tmp/ rw,
+ /tmp/** rw,
+
+ # Allow read on almost anything in @{HOME}. Lenient, but
+ # private-files-strict is in effect.
+ owner @{HOME}/ r,
+ owner @{HOME}/[^.]** r,