%PDF- %PDF-
Direktori : /proc/thread-self/root/etc/apparmor.d/abstractions/ |
Current File : //proc/thread-self/root/etc/apparmor.d/abstractions/gio-open |
# vim:syntax=apparmor abi <abi/3.0>, # This abstraction is designed to be used in a child profile to limit what # confined application can invoke via gio helper. # # NOTE: most likely you want to use xdg-open abstraction instead for better # portability across desktop environments, unless you are sure that confined # application only uses /usr/bin/gio directly. # # Usage example: # # ``` # profile foo /usr/bin/foo { # ... # /usr/bin/gio rPx -> foo//gio-open, # ... # } # end of main profile # # # out-of-line child profile # profile foo//gio-open { # include <abstractions/gio-open> # # # needed for ubuntu-* abstractions # include <abstractions/ubuntu-helpers> # # # Only allow to handle http[s]: and mailto: links # include <abstractions/ubuntu-browsers> # include <abstractions/ubuntu-email> # # # < add additional allowed applications here > # } include <abstractions/base> include <abstractions/dbus-session-strict> # Main executables /usr/bin/gio rix, /usr/bin/gio-launch-desktop ix, # for OpenSUSE /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop ix, # System files /etc/gnome/defaults.list r, /usr/share/mime/* r, /usr/share/{,*/}applications/{,**} r, /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, /var/lib/snapd/desktop/applications/{,**} r, # User files owner @{HOME}/.config/mimeapps.list r, owner @{HOME}/.local/share/applications/{,*.desktop} r, owner @{PROC}/@{pid}/fd/ r, # Include additions to the abstraction include if exists <abstractions/gio-open.d>