summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/etc/apparmor.d/abstractions/onionshare
blob: b90e2436a662ec64edabec91e13819e2c530356b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/private-files-strict>
  #include <abstractions/python>

  # Why are these not in abstractions/python?
  /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
  /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
  /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
  /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
  /usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
  /usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,

  /bin/dash rix,
  /proc/*/mounts r,
  /proc/*/fd/ r,
  /sbin/ldconfig rix,
  /sbin/ldconfig.real rix,
  /bin/uname rix,
  /etc/mime.types r,
  /usr/share/onionshare/ r,
  /usr/share/onionshare/** r,
  /tmp/ rw,
  /tmp/** rw,

  # Allow read on almost anything in @{HOME}. Lenient, but
  # private-files-strict is in effect.
  owner @{HOME}/         r,
  owner @{HOME}/[^.]**   r,