PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search

/ PC World Komputer 2010 April / PCWorld0410.iso / hity wydania / Ubuntu 9.10 PL / karmelkowy-koliberek-desktop-9.10-i386-PL.iso / casper / filesystem.squashfs / etc / apparmor.d / abstractions / evince < prev next >

Wrap

Text File | 2009-11-03 | 3.2 KB | 109 lines

# vim:syntax=apparmor # # abstraction used by evince binaries # #include <abstractions/audio> #include <abstractions/bash> #include <abstractions/cups-client> #include <abstractions/dbus> #include <abstractions/freedesktop.org> #include <abstractions/gnome> #include <abstractions/nameservice> #include <abstractions/launchpad-integration> #include <abstractions/user-tmp> #include <abstractions/ubuntu-browsers> #include <abstractions/ubuntu-console-browsers> #include <abstractions/ubuntu-email> #include <abstractions/ubuntu-console-email> # Terminals for using console applications. These abstractions should ideally # have 'ix' to restrct access to what only evince is allowed to do #include <abstractions/ubuntu-gnome-terminal> # By default, we won't support launching a terminal program in Xterm or # KDE's konsole. It opens up too many unnecessary files for most users. # People who need this functionality can uncomment the following: ##include <abstractions/ubuntu-xterm> ##include <abstractions/ubuntu-konsole> @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/mountinfo r, # move out to the gnome abstraction if anyone else needs these /dev/.udev/db/* r, /etc/udev/udev.conf r, /sys/devices/**/block/**/uevent r, # apport /etc/default/apport r, # evince specific /etc/ r, /etc/fstab r, /etc/texmf/* r, /etc/xpdf/* r, /usr/bin/bug-buddy px, /usr/bin/gs-esp ixr, /usr/bin/mktexpk Ux, /usr/bin/yelp Ux, /usr/bin/dvipdfm Ux, # supported archivers /bin/gzip ixr, /usr/bin/unrar* ixr, /usr/bin/unzip ixr, /usr/bin/7zr ixr, /usr/lib/p7zip/7zr ixr, # allow read access to anything in /usr/share, for plugins and input methods /usr/local/share/** r, /usr/share/** r, /usr/lib/ghostscript/** mr, /var/lib/texmf/** r, # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow # read for all supported file formats /**.[bB][mM][pP] r, /**.[dD][jJ][vV][uU] r, /**.[dD][vV][iI] r, /**.[gG][iI][fF] r, /**.[jJ][pP][gG] r, /**.[jJ][pP][eE][gG] r, /**.[oO][dD][pP] r, /**.[pP][dD][fF] r, /**.[pP][nN][mM] r, /**.[pP][nN][gG] r, /**.[pP][sS] r, /**.[eE][pP][sS] r, /**.[tT][iI][fF] r, /**.[tT][iI][fF][fF] r, /**.[xX][pP][mM] r, /**.[gG][zZ] r, /**.[cC][bB][rRzZ7] r, # Use abstractions/private-files instead of abstractions/private-files-strict # and add the sensitive files manually to work around LP: #451422. The goal # is to disallow access to the .mozilla folder in general, but to allow # access to the Cache directory, which the browser may tell evince to open # from directly. #include <abstractions/private-files> audit deny @{HOME}/.gnupg/** mrwkl, audit deny @{HOME}/.ssh/** mrwkl, audit deny @{HOME}/.gnome2_private/** mrwkl, audit deny @{HOME}/.mozilla/*/*/* mrwkl, audit deny @{HOME}/.mozilla/**/bookmarkbackups/** mrwkl, audit deny @{HOME}/.mozilla/**/chrome/** mrwkl, audit deny @{HOME}/.mozilla/**/extensions/** mrwkl, audit deny @{HOME}/.mozilla/**/gm_scripts/** mrwkl, # When LP: #451422 is fixed, change the above to simply be: ##include <abstractions/private-files-strict> #owner @{HOME}/.mozilla/**/*Cache/* r,