summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/etc/apparmor.d/usr.bin.onioncircuits
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/etc/apparmor.d/usr.bin.onioncircuits')
-rw-r--r--config/chroot_local-includes/etc/apparmor.d/usr.bin.onioncircuits27
1 files changed, 27 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/apparmor.d/usr.bin.onioncircuits b/config/chroot_local-includes/etc/apparmor.d/usr.bin.onioncircuits
new file mode 100644
index 0000000..61c0cb6
--- /dev/null
+++ b/config/chroot_local-includes/etc/apparmor.d/usr.bin.onioncircuits
@@ -0,0 +1,27 @@
+#include <tunables/global>
+
+/usr/bin/onioncircuits {
+ #include <abstractions/base>
+ #include <abstractions/gnome>
+ #include <abstractions/ibus>
+ #include <abstractions/nameservice>
+ #include <abstractions/python>
+
+ # Why are these not in abstractions/python?
+ /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
+ /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
+ /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
+ /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
+ /usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
+ /usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,
+
+ /usr/bin/ r,
+ /usr/bin/onioncircuits r,
+ /usr/share/xml/iso-codes/** r,
+
+ deny /etc/machine-id r,
+
+ # Accessibility support
+ owner /{,var/}run/user/*/at-spi2-*/ rw,
+ owner /{,var/}run/user/*/at-spi2-*/** rw,
+}