%PDF- %PDF-
Direktori : /etc/apparmor.d/abstractions/ |
Current File : //etc/apparmor.d/abstractions/private-files |
# vim:syntax=apparmor # privacy-violations contains rules for common files that you want to # explicitly deny access abi <abi/3.0>, # privacy violations (don't audit files under $HOME otherwise get a # lot of false positives when reading contents of directories) deny @{HOME}/.*history mrwkl, deny @{HOME}/.fetchmail* mrwkl, deny @{HOME}/.mutt** mrwkl, deny @{HOME}/.viminfo* mrwkl, deny @{HOME}/.*~ mrwkl, deny @{HOME}/.*.swp mrwkl, deny @{HOME}/.*~1~ mrwkl, deny @{HOME}/.*.bak mrwkl, # special attention to (potentially) executable files audit deny @{HOME}/bin/{,**} wl, audit deny @{HOME}/.config/ w, audit deny @{HOME}/.config/autostart/{,**} wl, audit deny @{HOME}/.config/upstart/{,**} wl, audit deny @{HOME}/.init/{,**} wl, audit deny @{HOME}/.kde{,4}/ w, audit deny @{HOME}/.kde{,4}/Autostart/{,**} wl, audit deny @{HOME}/.kde{,4}/env/{,**} wl, audit deny @{HOME}/.local/{,share/} w, audit deny @{HOME}/.local/share/thumbnailers/{,**} wl, audit deny @{HOME}/.pki/ w, audit deny @{HOME}/.pki/nssdb/{,*.so{,.[0-9]*}} wl, # don't allow reading/updating of run control files deny @{HOME}/.*rc mrk, audit deny @{HOME}/.*rc wl, # bash deny @{HOME}/.bash* mrk, audit deny @{HOME}/.bash* wl, deny @{HOME}/.inputrc mrk, audit deny @{HOME}/.inputrc wl, # sh/dash/csh/tcsh/pdksh/zsh deny @{HOME}/.{,z}profile* mrk, audit deny @{HOME}/.{,z}profile* wl, deny @{HOME}/.{,z}log{in,out} mrk, audit deny @{HOME}/.{,z}log{in,out} wl, deny @{HOME}/.zshenv mrk, audit deny @{HOME}/.zshenv wl, # Include additions to the abstraction include if exists <abstractions/private-files.d>