[Pkg-privacy-commits] [onioncircuits] 03/21: Add apparmor profile to upstream code

Sascha Steinbiss satta at debian.org
Wed Oct 4 15:53:55 UTC 2017


This is an automated email from the git hooks/post-receive script.

satta pushed a commit to branch master
in repository onioncircuits.

commit 6f71b4806308a86557fb4c1317ffd9fa0fc12bad
Author: Ulrike Uhlig <u at 451f.org>
Date:   Sun Mar 19 20:07:41 2017 +0100

    Add apparmor profile to upstream code
---
 apparmor/usr.bin.onioncircuits | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/apparmor/usr.bin.onioncircuits b/apparmor/usr.bin.onioncircuits
new file mode 100644
index 0000000..61c0cb6
--- /dev/null
+++ b/apparmor/usr.bin.onioncircuits
@@ -0,0 +1,27 @@
+#include <tunables/global>
+
+/usr/bin/onioncircuits {
+  #include <abstractions/base>
+  #include <abstractions/gnome>
+  #include <abstractions/ibus>
+  #include <abstractions/nameservice>
+  #include <abstractions/python>
+
+  # Why are these not in abstractions/python?
+  /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
+  /usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
+  /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
+  /usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
+  /usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
+  /usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,
+
+  /usr/bin/ r,
+  /usr/bin/onioncircuits r,
+  /usr/share/xml/iso-codes/** r,
+
+  deny /etc/machine-id r,
+
+  # Accessibility support
+  owner /{,var/}run/user/*/at-spi2-*/ rw,
+  owner /{,var/}run/user/*/at-spi2-*/** rw,
+}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onioncircuits.git



More information about the Pkg-privacy-commits mailing list