summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui')
-rw-r--r--config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui28
1 files changed, 28 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui b/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui
new file mode 100644
index 0000000..746dadc
--- /dev/null
+++ b/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui
@@ -0,0 +1,28 @@
+#include <tunables/global>
+
+/usr/bin/onionshare-gui {
+ #include <abstractions/gnome>
+ #include <abstractions/ibus>
+ #include <abstractions/onionshare>
+
+ /usr/bin/ r,
+ /usr/bin/onionshare-gui r,
+ /proc/*/cmdline r,
+
+ # The freedesktop.org abstraction doesn't allow `k`
+ /usr/share/icons/*/index.theme k,
+
+ # Why do these still emit audit journal entries?
+ owner @{HOME}/.config/ibus/bus/ rw,
+ owner @{HOME}/.config/ibus/bus/* rw,
+ deny @{HOME}/.ICEauthority r,
+
+ deny /etc/machine-id r,
+ deny /var/lib/dbus/machine-id.* rw,
+
+ # Accessibility support
+ owner /{,var/}run/user/*/at-spi2-*/ rw,
+ owner /{,var/}run/user/*/at-spi2-*/** rw,
+
+ #include <local/usr.bin.onionshare-gui>
+}