AppArmor profile exchange

Find profiles by name | Find profiles by author | Find profiles by name and author | List all profiles | List all users | My profiles | New profile | Anonymous | Login

Listing profiles

Distribution Name Profile Created At Changelog View Count Username
opensuse10.3 /sbin/dhclient #include <tunables/global> /sbin/dhclient { #include <abstractions/base> capability net_bind_service, capability net_raw, network inet dgram, network packet packet, /etc/dhclient.conf r, /etc/resolv.conf w, /etc/resolv.conf.saved.by.dhclient rw, /proc/net/dev r, /sbin/dhclient mr, /sbin/dhclient-script Px, /var/lib/dhcp/dhclient-*.leases rw, /var/lib/dhcp/dhclient.leases rw, /var/run/dhclient-*.pid rw, /var/run/dhclient.pid rw, /var/run/nscd/services r, /var/run/nscd/socket w, } over 2 years ago none 167 cinimod Edit History
opensuse10.3 /usr/bin/bug-buddy #include <tunables/global> /usr/bin/bug-buddy { #include <abstractions/base> /usr/bin/bug-buddy mr, } 3 months ago 44 cattoire Edit History
opensuse11.0 /usr/bin/playonlinux #include <tunables/global> /usr/bin/playonlinux flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago playonlinux 123 chrieder Edit History
opensuse10.3 /opt/kde3/bin/kmail #include <tunables/global> /opt/kde3/bin/kmail flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/kde> #include <abstractions/nameservice> / r, /bin/bash ixr, /cur/tmp/** lrw, /dat/dMisc/KMail/ w, /dat/dMisc/KMail/** lrw, /etc/* r, /etc/X11/* r, /home/*/** rw, /home/*/.gnupg/pubring.kbx.lock lrw, /home/*/.kde/share/** lrw, /home/*/.qt/* krw, /opt/kde3/** r, /opt/kde3/bin/kaddressbook Ux, /opt/kde3/bin/kioexec px, /opt/kde3/bin/kleopatra Px, /opt/kde3/bin/kmail mr, /opt/kde3/bin/kmailcvt Px, /opt/kde3/bin/kwatchgnupg Px, /opt/kde3/lib/** mr, /proc/** r, /usr/bin/aspell Ux, /usr/bin/gpg2 Px, /usr/bin/gpgsm mpxr, /usr/share/** r, /var/cache/** r, } about 1 year ago internet radio u.a. 130 shivver-fox Edit History
opensuse10.3 /usr/sbin/vmware-serverd #include <tunables/global> /usr/sbin/vmware-serverd flags=(complain) { #include <abstractions/base> /usr/sbin/vmware-serverd mr, } over 2 years ago vmware_server_delta 177 jfernandez Edit History
opensuse10.3 /etc/X11/xinit/xinitrc.d/sabayon-xinitrc.sh #include <tunables/global> /etc/X11/xinit/xinitrc.d/sabayon-xinitrc.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/X11/xinit/xinitrc.d/sabayon-xinitrc.sh mr, /proc/meminfo r, /usr/sbin/sabayon-apply Px, } over 2 years ago few more changes to get gnome session working elsewhere 204 jmichael Edit History
opensuse11.0 /usr/sbin/httpd2-prefork #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> ^DEFAULT_URI flags=(complain) { } ^HANDLING_UNTRUSTED_INPUT flags=(complain) { } } about 1 month ago httpd2-prefork 15 zmord Edit History
opensuse10.3 /usr/lib/gnome-panel/mixer_applet2 #include <tunables/global> /usr/lib/gnome-panel/mixer_applet2 flags=(complain) { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2_private/ w, /home/*/.gstreamer-0.10/registry.i686.xml r, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /proc/meminfo r, /tmp/orbit-*/bonobo-activation-register.lock klrw, /usr/bin/bug-buddy ixr, /usr/lib/gnome-panel/mixer_applet2 mr, /usr/share/gnome-2.0/ui/GNOME_MixerApplet.xml r, } over 2 years ago some bug-buddy rules and other misc updates 197 jmichael Edit History
opensuse10.3 /usr/bin/gnome-open #include <tunables/global> /usr/bin/gnome-open { #include <abstractions/base> /usr/bin/gnome-open mr, } over 2 years ago none 144 cinimod Edit History
opensuse10.3 /opt/kde3/bin/kaffeine #include <tunables/global> /opt/kde3/bin/kaffeine { #include <abstractions/base> #include <abstractions/nameservice> / r, /bin/ r, /boot/ r, /dev/ r, /dev/snd/* rw, /dev/sr0 r, /etc/ r, /etc/X11/kstylerc r, /etc/X11/qt_plugins_3.3rc r, /etc/X11/qtrc r, /etc/exports r, /etc/fonts/** r, /etc/fstab r, /etc/kde3rc r, /etc/mtab r, /etc/opt/kde3/share/config/kioslaverc r, /etc/opt/kde3/share/icons/**/ r, /etc/rpc r, /etc/security/fileshare.conf r, /home/ r, /home/*/** r, /home/*/.dvdcss/* rw, /home/*/.kde/share/apps/kaffeine/** rw, /home/*/.kde/share/config/* lrw, /home/*/.qt/* krw, /home/*/.xine/catalog.cache rw, /home/*/.xine/config rw, /home/*/.xine/config~ w, /lib/ r, /lib64/ r, /media/ r, /media/** r, /mnt/ r, /opt/ r, /opt/kde3/bin/kaffeine mr, /opt/kde3/lib/kde3/plugins/styles/ r, /opt/kde3/lib64/* mr, /opt/kde3/lib64/kde3/* mr, /opt/kde3/lib64/kde3/plugins/styles/ r, /opt/kde3/lib64/kde3/plugins/styles/* mr, /opt/kde3/share/apps/kaffeine/** r, /opt/kde3/share/config/kdeglobals r, /opt/kde3/share/config/profilerc r, /opt/kde3/share/config/ui/ui_standards.rc r, /opt/kde3/share/icons/** r, /opt/kde3/share/locale-bundle/nb/LC_MESSAGES/* r, /opt/kde3/share/locale/nb/LC_MESSAGES/* r, /proc/ r, /sbin/ r, /srv/ r, /sys/ r, /tmp/ r, /tmp/.ICE-unix/* w, /tmp/.X11-unix/* w, /tmp/ksocket-n5/* w, /usr/ r, /usr/lib64/** mr, /usr/share/X11/* r, /usr/share/X11/locale/* r, /usr/share/X11/locale/en_US.UTF-8/* r, /usr/share/alsa/** r, /usr/share/desktop-data/qtrc r, /usr/share/fonts/** r, /usr/share/icons/** r, /usr/share/xine/** r, /var/ r, /var/cache/fontconfig/* r, /var/cache/libx11/compose/* r, /var/tmp/kdecache-n5/ksycoca r, /vol/ r, /vol/** r, /windows/ r, } over 2 years ago 265 kijo387 Edit History
ubuntu-gutsy /usr/bin/bluetooth-applet #include <tunables/global> /usr/bin/bluetooth-applet { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/nameservice> #include <abstractions/user-tmp> /home/*/.Xauthority r, /usr/bin/bluetooth-applet mr, } over 2 years ago gnome 190 hbpteam Edit History
ubuntu-gutsy /usr/bin/xdpyinfo #include <tunables/global> /usr/bin/xdpyinfo { #include <abstractions/X> #include <abstractions/base> /home/*/.Xauthority r, /usr/bin/xdpyinfo mr, } over 2 years ago gnome 176 hbpteam Edit History
opensuse10.3 /usr/bin/metacity #include <tunables/global> /usr/bin/metacity flags=(complain) { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.fontconfig/* r, /home/*/.metacity/sessions/* w, /proc/meminfo r, /usr/bin/bug-buddy ixr, /usr/bin/metacity mr, } over 2 years ago some bug-buddy rules and other misc updates 191 jmichael Edit History
opensuse10.3 /usr/bin/net #include <tunables/global> /usr/bin/net { #include <abstractions/base> network inet dgram, /etc/samba/dhcp.conf r, /etc/samba/smb.conf r, /usr/bin/net mr, } over 2 years ago none 167 cinimod Edit History
opensuse10.3 /sbin/dhclient #include <tunables/global> /sbin/dhclient { #include <abstractions/base> capability net_bind_service, capability net_raw, network inet dgram, network packet packet, /etc/dhclient.conf r, /etc/resolv.conf w, /etc/resolv.conf.saved.by.dhclient rw, /proc/net/dev r, /sbin/dhclient mr, /sbin/dhclient-script Px, /var/lib/dhcp/dhclient-*.leases rw, /var/lib/dhcp/dhclient.leases rw, /var/run/dhclient-*.pid rw, /var/run/dhclient.pid rw, /var/run/nscd/services r, /var/run/nscd/socket w, } over 2 years ago Import of jmichaels profiles 159 dominic Edit History
opensuse11.0 /usr/sbin/sshd # $Id: usr.sbin.sshd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # will need to revalidate this profile once we finish re-architecting # the change_hat patch. # #include <tunables/global> /usr/sbin/sshd flags=(complain) { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability fowner, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_tty_config, /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/environment r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/modules.conf r, /etc/motd r, /etc/ssh/* r, /etc/ssh/moduli r, /sbin/nologin Ux, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, /usr/sbin/sshd mrix, /var/run w, /var/run/sshd{,.init}.pid wl, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/loginuid w, @{PROC}/[0-9]*/mounts r, ^AUTHENTICATED flags=(complain) { #include <abstractions/authentication> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability setgid, capability setuid, capability sys_tty_config, /dev/log w, /dev/ptmx rw, /etc/default/passwd r, /etc/localtime r, /etc/login.defs r, /etc/motd r, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, } ^EXEC flags=(complain) { #include <abstractions/base> /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /sbin/nologin Ux, } ^PRIVSEP flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, capability sys_chroot, } ^PRIVSEP_MONITOR flags=(complain) { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability setgid, capability setuid, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ssh/moduli r, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/mounts r, } } 10 months ago 92 liviudm Edit History
opensuse10.3 /opt/google-earth/googleearth-bin #include <tunables/global> /opt/google-earth/googleearth-bin { #include <abstractions/base> /opt/google-earth/googleearth-bin mr, /opt/google-earth/libQt3Support.so.* mr, /opt/google-earth/libQtCore.so.* mr, /opt/google-earth/libQtGui.so.* mr, /opt/google-earth/libQtNetwork.so.* mr, /opt/google-earth/libQtSql.so.* mr, /opt/google-earth/libQtXml.so.* r, /opt/google-earth/libQtXml.so.4 mr, /opt/google-earth/libbase.so r, /opt/google-earth/libgcc_s.so.* mr, /opt/google-earth/libgoogleearth_lib.so mr, /opt/google-earth/libstdc\+\+.so.* r, /opt/google-earth/libstdc\+\+.so.6 mr, } about 1 year ago 136 mathias Edit History
ubuntu-gutsy /opt/grisoft/avg7/bin/avgscan #include <tunables/global> /opt/grisoft/avg7/bin/avgscan { #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, / r, /opt/grisoft/avg7/bin/avgscan mr, /opt/grisoft/avg7/data/ r, /opt/grisoft/avg7/data/* rw, /opt/grisoft/avg7/etc/* r, /opt/grisoft/avg7/etc/antispam/ r, /opt/grisoft/avg7/etc/antispam/* rw, /opt/grisoft/avg7/lib/lib*so* mr, /opt/grisoft/lib/lib*so* mr, /tmp/* w, /var/lib/amavis/tmp/** rw, /var/run/avgd.pgrp w, } about 1 year ago 111 stive Edit History
opensuse11.0 /usr/bin/ktorrent #include <tunables/global> /usr/bin/ktorrent flags=(complain) { #include <abstractions/base> /usr/bin/ktorrent r, } about 1 year ago 132 vismedaki Edit History
opensuse10.3 /usr/lib/GConf/2/gconfd-2 # $Id: usr.lib.GConf.2.gconfd-2 735 2007-06-11 05:17:30Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/GConf/2/gconfd-2 flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> /cur/tmp/ r, /cur/tmp/** klrw, /etc/gconf/** r, /home/**/ r, /usr/lib/GConf/2/gconfd-2 rmix, /usr/lib/GConf/2/libgconfbackend-xml.so mr, /usr/lib64/GConf/2/libgconfbackend-xml.so mr, /usr/share/locale/** r, @{HOME}/.gconf r, @{HOME}/.gconf/** lrw, @{HOME}/.gconfd/** lrw, } about 1 year ago internet radio u.a. 136 shivver-fox Edit History
opensuse10.3 /usr/bin/ncftp #include <tunables/global> /usr/bin/ncftp { #include <abstractions/base> /usr/bin/ncftp mr, } about 1 year ago ncftp2 123 SamCurt Edit History
opensuse10.3 /usr/bin/gnome-volume-manager #include <tunables/global> /usr/bin/gnome-volume-manager { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.Xauthority r, /home/*/.gnome2_private/ w, /proc/*/mounts r, /usr/bin/bug-buddy ixr, /usr/bin/gnome-volume-manager mr, /var/run/resmgr/classes/desktop/ r, } over 2 years ago none 124 cinimod Edit History
opensuse10.3 /usr/bin/gnome-open #include <tunables/global> /usr/bin/gnome-open { #include <abstractions/base> /usr/bin/gnome-open mr, } over 2 years ago Import of jmichaels profiles 158 dominic Edit History
opensuse10.3 /usr/bin/net #include <tunables/global> /usr/bin/net { #include <abstractions/base> network inet dgram, /etc/samba/dhcp.conf r, /etc/samba/smb.conf r, /usr/bin/net mr, } over 2 years ago Import of jmichaels profiles 183 dominic Edit History
ubuntu-gutsy /usr/bin/devhelp #include <tunables/global> /usr/bin/devhelp { #include <abstractions/base> /usr/bin/devhelp mr, } over 2 years ago gnome 143 hbpteam Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> deny capability sys_ptrace, /bin/basename rix, /bin/bash rix, /bin/grep rix, /etc/magic r, /usr/bin/file rix, /usr/lib/firefox/firefox px, /usr/share/misc/magic.mgc r, } 7 months ago /home/docs/apparmor.log 83 raulliborio Edit History
opensuse10.3 /usr/lib/evolution/2.12/evolution-alarm-notify #include <tunables/global> /usr/lib/evolution/2.12/evolution-alarm-notify { #include <abstractions/base> /usr/lib/evolution/2.12/evolution-alarm-notify mr, } over 2 years ago none 154 cinimod Edit History
ubuntu-gutsy /etc/cron.daily/aptitude #include <tunables/global> /etc/cron.daily/aptitude { #include <abstractions/base> /bin/cp ixr, /bin/dash ixr, /bin/date ixr, /bin/gzip ixr, /bin/mv ixr, /bin/rm ixr, /bin/which ixr, /etc/cron.daily/aptitude mr, /proc/*/mounts r, /proc/filesystems r, /usr/bin/basename ixr, /usr/bin/cmp ixr, /usr/bin/dirname ixr, /usr/bin/savelog ixr, /var/backups/* rw, /var/lib/aptitude/pkgstates r, } 11 months ago 92 stive Edit History
opensuse10.3 /usr/bin/gnome-volume-manager #include <tunables/global> /usr/bin/gnome-volume-manager { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.Xauthority r, /home/*/.gnome2_private/ w, /proc/*/mounts r, /usr/bin/bug-buddy ixr, /usr/bin/gnome-volume-manager mr, /var/run/resmgr/classes/desktop/ r, } over 2 years ago Import of jmichaels profiles 130 dominic Edit History
ubuntu-gutsy /usr/bin/ssh #include <tunables/global> /usr/bin/ssh flags=(complain) { #include <abstractions/base> /usr/bin/ssh mr, } over 2 years ago U 198 roger Edit History
opensuse11.0 /usr/share/amsn/amsn #include <tunables/global> /usr/share/amsn/amsn flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago amsn 114 rey_buzz Edit History
ubuntu-gutsy /etc/cron.daily/mlocate #include <tunables/global> /etc/cron.daily/mlocate { #include <abstractions/base> capability chown, capability dac_override, capability dac_read_search, capability fowner, capability fsetid, capability sys_admin, / r, /**/ r, /bin/dash ixr, /etc/cron.daily/mlocate mr, /etc/group r, /etc/mtab r, /etc/nsswitch.conf r, /etc/updatedb.conf r, /proc/*/mounts r, /usr/bin/ionice ixr, /usr/bin/updatedb.mlocate ixr, /var/lib/mlocate/* rw, } about 1 year ago 108 stive Edit History
opensuse10.3 /usr/bin/xfs #include <tunables/global> /usr/bin/xfs { #include <abstractions/base> capability setgid, capability setuid, network inet, network inet6, /etc/X11/fontpath.d rk, /etc/X11/fontpath.d/ rk, /etc/X11/fontpath.d/** r, /etc/X11/fs/config r, /etc/group r, /etc/ld.so.preload r, /etc/nsswitch.conf r, /etc/passwd r, /etc/services r, /home/*/.fontconfig r, /home/*/.fonts/** r, /tmp/ rw, /tmp/.font-unix rwlk, /tmp/.font-unix/ rwlk, /tmp/.font-unix/** rwlk, /usr/bin/xfs mr, /usr/share/fonts/** r, /usr/share/lilypond/2.11.40/fonts/** r, /var/db/nscd/group r, /var/db/nscd/passwd r, /var/db/nscd/services r, /var/fonts2/** r, /var/run/dbus/system_bus_socket rw, /var/run/nscd/services r, /var/run/nscd/socket rw, /var/run/xfs.pid rwl, } about 1 year ago 93 hello Edit History
opensuse10.3 /usr/local/BGRadiusDialup/radius.sh #include <tunables/global> /usr/local/BGRadiusDialup/radius.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> /bin/bash ixr, /dev/tty rw, /etc/sysconfig/clock r, /proc/*/maps r, /proc/meminfo r, /proc/net/if_inet6 r, /proc/net/ipv6_route r, /proc/stat r, /tmp/** mrw, /usr/bin/nohup ixr, /usr/bin/readlink ixr, /usr/lib64/** mr, /usr/lib64/jvm/java-1.6.0.u4-sun-1.6.0.u4/jre/bin/java ixr, /usr/lib64/jvm/java-1.6.0.u4-sun-1.6.0.u4/jre/bin/java.bin ixr, /usr/local/BGRadiusDialup/dictionary.xml r, /usr/local/BGRadiusDialup/lib/ r, /usr/local/BGRadiusDialup/lib/activation.jar mr, /usr/local/BGRadiusDialup/lib/bsh-1.3.0.jar mr, /usr/local/BGRadiusDialup/lib/commons-collections.jar mr, /usr/local/BGRadiusDialup/lib/commons-dbcp-1.1.jar mr, /usr/local/BGRadiusDialup/lib/commons-pool-1.1.jar mr, /usr/local/BGRadiusDialup/lib/dialup.jar mr, /usr/local/BGRadiusDialup/lib/dnsjava.jar mr, /usr/local/BGRadiusDialup/lib/gnu-crypto.jar mr, /usr/local/BGRadiusDialup/lib/log4j-1.2.8.jar mr, /usr/local/BGRadiusDialup/lib/mail.jar mr, /usr/local/BGRadiusDialup/lib/mysql-5.0.3.jar mr, /usr/local/BGRadiusDialup/lib/snmp4_13.jar mr, /usr/local/BGRadiusDialup/lib/xalan.jar mr, /usr/local/BGRadiusDialup/lib/xercesImpl.jar mr, /usr/local/BGRadiusDialup/log/collector.log w, /usr/local/BGRadiusDialup/log/connection.log w, /usr/local/BGRadiusDialup/log/netflow.log w, /usr/local/BGRadiusDialup/log/processor.log w, /usr/local/BGRadiusDialup/log/radius.log w, /usr/local/BGRadiusDialup/log/radius.out w, /usr/local/BGRadiusDialup/log/script.log w, /usr/local/BGRadiusDialup/log4j_radius.properties r, /usr/local/BGRadiusDialup/radius.properties r, /usr/local/BGRadiusDialup/radius.sh mr, /usr/share/zoneinfo/ r, } about 1 year ago andrew 134 gankov Edit History
opensuse10.3 /usr/bin/totem-video-thumbnailer #include <tunables/global> /usr/bin/totem-video-thumbnailer flags=(complain) { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /home/*/.gstreamer-0.10/registry.i686.xml r, /home/*/Desktop/** r, /usr/bin/totem-video-thumbnailer mr, } over 2 years ago argh, switch things back to complain for a while 176 jmichael Edit History
ubuntu-gutsy /usr/bin/Xorg #include <tunables/global> /usr/bin/Xorg flags=(complain) { #include <abstractions/base> #include <abstractions/nvidia> #include <abstractions/user-tmp> capability dac_override, capability ipc_owner, capability setgid, capability setuid, capability sys_admin, capability sys_rawio, capability sys_tty_config, /bin/dash Px, /dev/input/mice rw, /dev/mem r, /dev/tty0 w, /dev/tty7 rw, /etc/X11/xorg.conf r, /etc/X11/xserver/SecurityPolicy r, /home/*/.gnome2/share/cursor-fonts/fonts.dir r, /home/void/.gnome2/share/fonts/** r, /proc/bus/pci/00/00.0 r, /proc/bus/pci/00/01.0 r, /proc/bus/pci/00/01.1 r, /proc/bus/pci/00/02.0 r, /proc/bus/pci/00/02.1 r, /proc/bus/pci/00/02.2 r, /proc/bus/pci/00/05.0 r, /proc/bus/pci/00/06.0 r, /proc/bus/pci/00/08.0 r, /proc/bus/pci/00/0a.0 r, /proc/bus/pci/00/0b.0 rw, /proc/bus/pci/00/0e.0 r, /proc/bus/pci/00/18.0 r, /proc/bus/pci/00/18.1 r, /proc/bus/pci/00/18.2 r, /proc/bus/pci/00/18.3 r, /proc/bus/pci/01/00.0 rw, /proc/bus/pci/02/08.0 r, /proc/bus/pci/02/08.1 r, /proc/bus/pci/02/0a.0 r, /proc/driver/nvidia/registry r, /proc/meminfo r, /proc/modules r, /sys/bus/pci/devices/ r, /sys/devices/pci0000:00/0000:00:00.0/resource r, /sys/devices/pci0000:00/0000:00:01.0/resource r, /sys/devices/pci0000:00/0000:00:01.1/resource r, /sys/devices/pci0000:00/0000:00:02.0/resource r, /sys/devices/pci0000:00/0000:00:02.1/resource r, /sys/devices/pci0000:00/0000:00:02.2/resource r, /sys/devices/pci0000:00/0000:00:05.0/resource r, /sys/devices/pci0000:00/0000:00:06.0/resource r, /sys/devices/pci0000:00/0000:00:08.0/resource r, /sys/devices/pci0000:00/0000:00:0a.0/resource r, /sys/devices/pci0000:00/0000:00:0b.0/0000:01:00.0/resource r, /sys/devices/pci0000:00/0000:00:0b.0/resource r, /sys/devices/pci0000:00/0000:00:0e.0/0000:02:08.0/resource r, /sys/devices/pci0000:00/0000:00:0e.0/0000:02:08.1/resource r, /sys/devices/pci0000:00/0000:00:0e.0/0000:02:0a.0/resource r, /sys/devices/pci0000:00/0000:00:0e.0/resource r, /sys/devices/pci0000:00/0000:00:18.0/resource r, /sys/devices/pci0000:00/0000:00:18.1/resource r, /sys/devices/pci0000:00/0000:00:18.2/resource r, /sys/devices/pci0000:00/0000:00:18.3/resource r, /usr/bin/Xorg mr, /usr/lib/** mr, /usr/share/X11/xkb/rules/base r, /usr/share/fonts/** r, /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType/fonts.alias r, /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType/fonts.dir r, /var/lib/gdm/:0.Xauth r, /var/lib/xkb/server-0.xkm rw, /var/log/Xorg.0.log rw, /var/log/Xorg.0.log.old w, /var/run/acpid.socket w, } over 2 years ago 149 igoriii Edit History
opensuse10.3 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/user-tmp> /bin/basename Px, /bin/bash ixr, /bin/grep ixr, /bin/mktemp ixr, /etc/magic r, /home/*/.gdbinit r, /home/*/.inputrc r, /proc/*/auxv r, /proc/*/mem r, /proc/*/status r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/file ixr, /usr/bin/gdb ixr, /usr/lib/firefox/firefox-bin Pxr, /usr/lib/firefox/firefox.sh mr, /usr/share/misc/magic.mgc r, } over 2 years ago allow -d gdb option for firefox plus other misc updates 180 jmichael Edit History
opensuse10.3 /usr/bin/Xgl #include <tunables/global> /usr/bin/Xgl { #include <abstractions/X> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/fonts> #include <abstractions/freedesktop.org> #include <abstractions/user-tmp> capability dac_override, capability ipc_owner, capability setgid, capability setuid, capability sys_admin, /bin/bash ixr, /dev/dri/card* rw, /etc/sysconfig/displaymanager r, /home/*/.gnome2/share/cursor-fonts/fonts.dir r, /home/*/.gnome2/share/fonts/fonts.dir r, /home/jesse/.gnome2/share/fonts/** r, /proc/meminfo r, /usr/bin/Xgl mr, /usr/bin/Xorg Px, /usr/bin/xkbcomp Px, /usr/lib/dri/*.so mr, /var/lib/gdm/* r, /var/lib/xkb/compiled/*.xkm rw, /var/log/Xgl.*.log rw, /var/log/Xgl.*.log.old w, /var/log/gdm/*.log w, } over 2 years ago Import of jmichaels profiles 178 dominic Edit History
opensuse10.3 /usr/bin/gnome-open #include <tunables/global> /usr/bin/gnome-open flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> /bin/basename ixr, /bin/bash ixr, /bin/grep ixr, /bin/netstat ixr, /bin/ps ixr, /dev/snd/controlC0 rw, /dev/snd/controlC1 rw, /dev/snd/pcmC0D0p rw, /dev/tty rw, /etc/fonts/** r, /etc/gnome-vfs-2.0/modules/ r, /etc/gnome-vfs-2.0/modules/default-modules.conf r, /etc/gnome-vfs-2.0/modules/font-method.conf r, /etc/gnome-vfs-2.0/modules/mapping-modules.conf r, /etc/gnome-vfs-2.0/modules/smb-module.conf r, /etc/gnome-vfs-2.0/modules/ssl-modules.conf r, /etc/gnome-vfs-2.0/modules/theme-method.conf r, /etc/gtk-2.0/gdk-pixbuf.loaders r, /etc/gtk-2.0/gtk.immodules r, /etc/gtk-2.0/gtkrc r, /etc/magic r, /etc/mailcap r, /etc/mime.types r, /etc/opt/kde3/share/applications/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, /etc/pango/pango.modules r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/a739e0075b4b5d92542755c278dde193-x86.cache-2 r, /home/*/.gnome2_private/ w, /home/*/.local/share/applications/ r, /home/*/.local/share/applications/mimeinfo.cache r, /home/*/.local/share/mime/aliases r, /home/*/.local/share/mime/globs r, /home/*/.local/share/mime/magic r, /home/*/.local/share/mime/subclasses r, /home/*/.macromedia/Flash_Player/#SharedObjects/ r, /home/*/.macromedia/Flash_Player/#SharedObjects/VD9JQJ6E/skype.com/ rw, /home/*/.macromedia/Flash_Player/#SharedObjects/VD9JQJ6E/skype.com/#user/ rw, /home/*/.macromedia/Flash_Player/#SharedObjects/VD9JQJ6E/skype.com/#user/session.sxx w, /home/*/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#skype.com/ w, /home/*/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#skype.com/settings.sol rw, /home/*/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#skype.com/settings.sxx rw, /home/*/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol rw, /home/*/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sxx rw, /home/*/.mailcap r, /home/*/.mozilla/firefox/3749x1bh.default/ r, /home/*/.mozilla/firefox/3749x1bh.default/.parentlock kw, /home/*/.mozilla/firefox/3749x1bh.default/Cache.Trash/ rw, /home/*/.mozilla/firefox/3749x1bh.default/Cache.Trash/Trash/ rw, /home/*/.mozilla/firefox/3749x1bh.default/Cache.Trash/Trash/Cache/ rw, /home/*/.mozilla/firefox/3749x1bh.default/Cache.Trash/Trash/Cache/* w, /home/*/.mozilla/firefox/3749x1bh.default/Cache/ rw, /home/*/.mozilla/firefox/3749x1bh.default/Cache/* rw, /home/*/.mozilla/firefox/3749x1bh.default/XPC.mfasl r, /home/*/.mozilla/firefox/3749x1bh.default/XUL.mfasl r, /home/*/.mozilla/firefox/3749x1bh.default/bookmarkbackups/ r, /home/*/.mozilla/firefox/3749x1bh.default/bookmarks-1.html rw, /home/*/.mozilla/firefox/3749x1bh.default/bookmarks.bak w, /home/*/.mozilla/firefox/3749x1bh.default/bookmarks.html rw, /home/*/.mozilla/firefox/3749x1bh.default/cert8.db rw, /home/*/.mozilla/firefox/3749x1bh.default/compatibility.ini r, /home/*/.mozilla/firefox/3749x1bh.default/compreg.dat r, /home/*/.mozilla/firefox/3749x1bh.default/cookies-1.txt rw, /home/*/.mozilla/firefox/3749x1bh.default/cookies.txt rw, /home/*/.mozilla/firefox/3749x1bh.default/downloads.rdf r, /home/*/.mozilla/firefox/3749x1bh.default/extensions.cache r, /home/*/.mozilla/firefox/3749x1bh.default/extensions.ini r, /home/*/.mozilla/firefox/3749x1bh.default/extensions/ r, /home/*/.mozilla/firefox/3749x1bh.default/formhistory.dat rw, /home/*/.mozilla/firefox/3749x1bh.default/history.dat rw, /home/*/.mozilla/firefox/3749x1bh.default/hostperm.1 r, /home/*/.mozilla/firefox/3749x1bh.default/key3.db rw, /home/*/.mozilla/firefox/3749x1bh.default/localstore-1.rdf rw, /home/*/.mozilla/firefox/3749x1bh.default/localstore.rdf rw, /home/*/.mozilla/firefox/3749x1bh.default/lock w, /home/*/.mozilla/firefox/3749x1bh.default/mimeTypes.rdf rw, /home/*/.mozilla/firefox/3749x1bh.default/prefs-1.js rw, /home/*/.mozilla/firefox/3749x1bh.default/prefs.js rw, /home/*/.mozilla/firefox/3749x1bh.default/search.sqlite krw, /home/*/.mozilla/firefox/3749x1bh.default/secmod.db r, /home/*/.mozilla/firefox/3749x1bh.default/sessionstore-1.js rw, /home/*/.mozilla/firefox/3749x1bh.default/sessionstore.js rw, /home/*/.mozilla/firefox/3749x1bh.default/urlclassifier2.sqlite rw, /home/*/.mozilla/firefox/3749x1bh.default/urlclassifier2.sqlite-journal w, /home/*/.mozilla/firefox/3749x1bh.default/webappsstore.sqlite rw, /home/*/.mozilla/firefox/3749x1bh.default/webappsstore.sqlite-journal w, /home/*/.mozilla/firefox/3749x1bh.default/xpti.dat r, /home/*/.mozilla/firefox/pluginreg.dat rw, /home/*/.mozilla/firefox/profiles.ini r, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/mimeinfo.cache r, /proc/ r, /proc/*/cmdline r, /proc/*/maps r, /proc/*/stat r, /proc/*/status r, /proc/meminfo r, /proc/net/ r, /proc/net/dev r, /proc/net/unix r, /proc/stat r, /proc/sys/kernel/ngroups_max r, /proc/sys/kernel/pid_max r, /proc/uptime r, /tmp/ r, /tmp/* rw, /tmp/.ICE-unix/3510 w, /tmp/.ICE-unix/3664 w, /tmp/.ICE-unix/3665 w, /tmp/.ICE-unix/4499 w, /tmp/.X11-unix/X0 w, /tmp/.esd/socket rw, /tmp/gconfd-overwrite/lock/ior r, /tmp/orbit-overwrite/ w, /tmp/orbit-overwrite/* w, /tmp/orbit-somebody/ w, /usr/bin/bug-buddy ixr, /usr/bin/expr ixr, /usr/bin/file ixr, /usr/bin/gnome-open mr, /usr/lib/** mr, /usr/lib/firefox/firefox-bin ixr, /usr/lib/firefox/firefox.sh ixr, /usr/share/X11/locale/compose.dir r, /usr/share/X11/locale/en_US.UTF-8/Compose r, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/alsa/alsa.conf r, /usr/share/alsa/cards/EMU10K1.conf r, /usr/share/alsa/cards/VIA8237.conf r, /usr/share/alsa/cards/aliases.conf r, /usr/share/alsa/pcm/center_lfe.conf r, /usr/share/alsa/pcm/default.conf r, /usr/share/alsa/pcm/dmix.conf r, /usr/share/alsa/pcm/dsnoop.conf r, /usr/share/alsa/pcm/front.conf r, /usr/share/alsa/pcm/iec958.conf r, /usr/share/alsa/pcm/rear.conf r, /usr/share/alsa/pcm/surround40.conf r, /usr/share/alsa/pcm/surround41.conf r, /usr/share/alsa/pcm/surround50.conf r, /usr/share/alsa/pcm/surround51.conf r, /usr/share/applications/ r, /usr/share/applications/mimeinfo.cache r, /usr/share/fonts/** r, /usr/share/gdm/applications/ r, /usr/share/gdm/applications/mimeinfo.cache r, /usr/share/ghostscript/fonts/** r, /usr/share/icons/Industrial/cursors/fleur r, /usr/share/icons/Industrial/cursors/hand2 r, /usr/share/icons/Industrial/cursors/left_ptr r, /usr/share/icons/Industrial/cursors/xterm r, /usr/share/icons/Industrial/index.theme r, /usr/share/icons/Tango/index.theme r, /usr/share/icons/crystalblue/cursors/hand r, /usr/share/icons/crystalblue/cursors/left_ptr r, /usr/share/icons/crystalblue/cursors/left_ptr_watch r, /usr/share/icons/crystalblue/cursors/xterm r, /usr/share/icons/crystalblue/index.theme r, /usr/share/icons/crystalblue_nonanim/cursors/left_ptr_watch r, /usr/share/icons/crystalblue_nonanim/index.theme r, /usr/share/icons/gnome/index.theme r, /usr/share/locale-bundle/de/LC_MESSAGES/glib20.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/gtk20-properties.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/gtk20.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/libbonobo-2.0.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/libgnome-2.0.mo r, /usr/share/mime/aliases r, /usr/share/mime/globs r, /usr/share/mime/magic r, /usr/share/mime/subclasses r, /usr/share/misc/magic.mgc r, /usr/share/themes/Clearlooks/gtk-2.0/gtkrc r, /usr/share/themes/Default/gtk-2.0-key/gtkrc r, /usr/share/themes/bluebubble/gtk-2.0/bc-dark.png r, /usr/share/themes/bluebubble/gtk-2.0/bc-light.png r, /usr/share/themes/bluebubble/gtk-2.0/bc.png r, /usr/share/themes/bluebubble/gtk-2.0/bubble-blue-prelight.png r, /usr/share/themes/bluebubble/gtk-2.0/bubble-blue-pressed.png r, /usr/share/themes/bluebubble/gtk-2.0/bubble-blue.png r, /usr/share/themes/bluebubble/gtk-2.0/gtkrc r, /usr/share/themes/bluebubble/gtk-2.0/lines_background_const.png r, /var/cache/fontconfig/* r, /var/cache/gnome-vfs/defaults.list r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, /var/run/dbus/system_bus_socket w, /var/tmp/ r, } over 2 years ago 314 overwrite Edit History
opensuse10.3 /usr/sbin/httpd2-prefork #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability dac_override, capability net_bind_service, capability setgid, capability setuid, /etc/apache2/conf.d/ r, /etc/apache2/conf.d/mod_fcgid.conf r, /etc/apache2/conf.d/mod_mono.conf r, /etc/apache2/conf.d/mod_perl.conf r, /etc/apache2/conf.d/php5.conf r, /etc/apache2/conf.d/phpmyadmin.conf r, /etc/apache2/default-server.conf r, /etc/apache2/errors.conf r, /etc/apache2/httpd.conf r, /etc/apache2/listen.conf r, /etc/apache2/mod_autoindex-defaults.conf r, /etc/apache2/mod_info.conf r, /etc/apache2/mod_log_config.conf r, /etc/apache2/mod_mime-defaults.conf r, /etc/apache2/mod_status.conf r, /etc/apache2/mod_userdir.conf r, /etc/apache2/mod_usertrack.conf r, /etc/apache2/server-tuning.conf r, /etc/apache2/ssl-global.conf r, /etc/apache2/sysconfig.d/global.conf r, /etc/apache2/sysconfig.d/include.conf r, /etc/apache2/sysconfig.d/loadmodule.conf r, /etc/apache2/uid.conf r, /etc/apache2/vhosts.d/ r, /etc/gai.conf r, /etc/mime.types r, /etc/php5/apache2/php.ini r, /etc/php5/conf.d/ r, /etc/php5/conf.d/bcmath.ini r, /etc/php5/conf.d/bz2.ini r, /etc/php5/conf.d/calendar.ini r, /etc/php5/conf.d/ctype.ini r, /etc/php5/conf.d/curl.ini r, /etc/php5/conf.d/dba.ini r, /etc/php5/conf.d/dom.ini r, /etc/php5/conf.d/exif.ini r, /etc/php5/conf.d/gd.ini r, /etc/php5/conf.d/gmp.ini r, /etc/php5/conf.d/hash.ini r, /etc/php5/conf.d/iconv.ini r, /etc/php5/conf.d/json.ini r, /etc/php5/conf.d/mbstring.ini r, /etc/php5/conf.d/mcrypt.ini r, /etc/php5/conf.d/mysql.ini r, /etc/php5/conf.d/mysqli.ini r, /etc/php5/conf.d/ncurses.ini r, /etc/php5/conf.d/odbc.ini r, /etc/php5/conf.d/openssl.ini r, /etc/php5/conf.d/pcntl.ini r, /etc/php5/conf.d/pdo.ini r, /etc/php5/conf.d/pdo_mysql.ini r, /etc/php5/conf.d/pdo_odbc.ini r, /etc/php5/conf.d/pdo_sqlite.ini r, /etc/php5/conf.d/posix.ini r, /etc/php5/conf.d/pspell.ini r, /etc/php5/conf.d/readline.ini r, /etc/php5/conf.d/shmop.ini r, /etc/php5/conf.d/snmp.ini r, /etc/php5/conf.d/soap.ini r, /etc/php5/conf.d/sockets.ini r, /etc/php5/conf.d/sqlite.ini r, /etc/php5/conf.d/suhosin.ini r, /etc/php5/conf.d/tidy.ini r, /etc/php5/conf.d/tokenizer.ini r, /etc/php5/conf.d/wddx.ini r, /etc/php5/conf.d/xmlreader.ini r, /etc/php5/conf.d/xmlrpc.ini r, /etc/php5/conf.d/xmlwriter.ini r, /etc/php5/conf.d/xsl.ini r, /etc/php5/conf.d/zip.ini r, /etc/php5/conf.d/zlib.ini r, /proc/*/attr/current w, /tmp/.wapi/ w, /tmp/mod_mono_dashboard_XXGLOBAL_1 rw, /usr/bin/mod-mono-server px, /usr/lib64/** mr, /usr/sbin/httpd2-prefork mr, /usr/share/snmp/mibs/.index r, /usr/share/snmp/mibs/DISMAN-EVENT-MIB.txt r, /usr/share/snmp/mibs/DISMAN-SCHEDULE-MIB.txt r, /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt r, /usr/share/snmp/mibs/HOST-RESOURCES-TYPES.txt r, /usr/share/snmp/mibs/IANA-RTPROTO-MIB.txt r, /usr/share/snmp/mibs/IANAifType-MIB.txt r, /usr/share/snmp/mibs/IF-MIB.txt r, /usr/share/snmp/mibs/INET-ADDRESS-MIB.txt r, /usr/share/snmp/mibs/IP-FORWARD-MIB.txt r, /usr/share/snmp/mibs/IP-MIB.txt r, /usr/share/snmp/mibs/IPV6-ICMP-MIB.txt r, /usr/share/snmp/mibs/IPV6-MIB.txt r, /usr/share/snmp/mibs/IPV6-TC.txt r, /usr/share/snmp/mibs/IPV6-TCP-MIB.txt r, /usr/share/snmp/mibs/IPV6-UDP-MIB.txt r, /usr/share/snmp/mibs/LM-SENSORS-MIB.txt r, /usr/share/snmp/mibs/NET-SNMP-AGENT-MIB.txt r, /usr/share/snmp/mibs/NET-SNMP-EXTEND-MIB.txt r, /usr/share/snmp/mibs/NET-SNMP-MIB.txt r, /usr/share/snmp/mibs/NET-SNMP-VACM-MIB.txt r, /usr/share/snmp/mibs/NOTIFICATION-LOG-MIB.txt r, /usr/share/snmp/mibs/RFC1155-SMI.txt r, /usr/share/snmp/mibs/RFC1213-MIB.txt r, /usr/share/snmp/mibs/SNMP-COMMUNITY-MIB.txt r, /usr/share/snmp/mibs/SNMP-FRAMEWORK-MIB.txt r, /usr/share/snmp/mibs/SNMP-MPD-MIB.txt r, /usr/share/snmp/mibs/SNMP-NOTIFICATION-MIB.txt r, /usr/share/snmp/mibs/SNMP-TARGET-MIB.txt r, /usr/share/snmp/mibs/SNMP-USER-BASED-SM-MIB.txt r, /usr/share/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt r, /usr/share/snmp/mibs/SNMPv2-MIB.txt r, /usr/share/snmp/mibs/SNMPv2-SMI.txt r, /usr/share/snmp/mibs/SNMPv2-TC.txt r, /usr/share/snmp/mibs/SNMPv2-TM.txt r, /usr/share/snmp/mibs/TCP-MIB.txt r, /usr/share/snmp/mibs/UCD-DEMO-MIB.txt r, /usr/share/snmp/mibs/UCD-DISKIO-MIB.txt r, /usr/share/snmp/mibs/UCD-DLMOD-MIB.txt r, /usr/share/snmp/mibs/UCD-IPFWACC-MIB.txt r, /usr/share/snmp/mibs/UCD-SNMP-MIB.txt r, /usr/share/snmp/mibs/UDP-MIB.txt r, /usr/share/terminfo/v/vt100 r, /var/lib/php5/session_mm_apache2handler0.sem kw, /var/log/apache2/access_log a, /var/log/apache2/error_log a, /var/run/httpd2.pid w, /var/run/nscd/services r, } /usr/sbin/httpd2-prefork///egroupware/login.php flags=(complain) { #include <abstractions/nameservice> /dev/urandom r, /proc/*/attr/current w, /srv/www/htdocs/egroupware/header.inc.php r, /srv/www/htdocs/egroupware/login.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/adodb/adodb-iterator.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/adodb/adodb-time.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/adodb/adodb.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/adodb/drivers/adodb-mysql.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.Template.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.accounts.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.accounts_sql.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.acl.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.applications.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.auth.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.auth_sql.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.browser.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.common.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.config.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.contenthistory.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.crypto.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.dragdrop.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.egw.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.egw_datetime.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.egw_db.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.egw_framework.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.error.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.errorlog.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.hooks.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.html.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.javascript.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.preferences.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.sessions.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.sessions_php4.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.tplsavant2.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/class.translation.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/common_functions.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/functions.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/savant2/Savant2.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/soap_functions.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/xajax.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/xajaxResponse.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/inc/xml_functions.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/js/jsapi/jsapi.js r, /srv/www/htdocs/egroupware/phpgwapi/setup/setup.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/setup/tables_current.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/templates/default/head.tpl r, /srv/www/htdocs/egroupware/phpgwapi/templates/default/images/ r, /srv/www/htdocs/egroupware/phpgwapi/templates/default/login.tpl r, /srv/www/htdocs/egroupware/phpgwapi/templates/idots/class.idots_framework.inc.php r, /srv/www/htdocs/egroupware/phpgwapi/templates/idots/images/ r, /var/lib/mysql/mysql.sock w, /var/log/apache2/access_log w, } "/usr/sbin/httpd2-prefork///egroupware/phpgwapi/templates/default/images/DPC LOGO TIFF.tif" flags=(complain) { #include <abstractions/nameservice> /proc/*/attr/current w, "/srv/www/htdocs/egroupware/phpgwapi/templates/default/images/DPC LOGO TIFF.tif" r, /var/log/apache2/access_log w, } /usr/sbin/httpd2-prefork///webERP/index.php flags=(complain) { #include <abstractions/nameservice> /dev/urandom r, /proc/*/attr/current w, /srv/www/htdocs/webERP/config.php r, /srv/www/htdocs/webERP/includes/ConnectDB.inc r, /srv/www/htdocs/webERP/includes/ConnectDB_mysqli.inc r, /srv/www/htdocs/webERP/includes/DateFunctions.inc r, /srv/www/htdocs/webERP/includes/GetConfig.php r, /srv/www/htdocs/webERP/includes/LanguageSetup.php r, /srv/www/htdocs/webERP/includes/MiscFunctions.php r, /srv/www/htdocs/webERP/includes/footer.inc r, /srv/www/htdocs/webERP/includes/header.inc r, /srv/www/htdocs/webERP/includes/php-gettext/gettext.php r, /srv/www/htdocs/webERP/includes/php-gettext/streams.php r, /srv/www/htdocs/webERP/includes/session.inc r, /srv/www/htdocs/webERP/index.php r, /srv/www/htdocs/webERP/locale/en_US/LC_MESSAGES/messages.mo r, /usr/share/mysql/charsets/Index.xml r, /var/lib/mysql/mysql.sock w, /var/lib/php5/sess_4srj8ot0k3dg4i4cfh382evemsc9jshf krw, /var/log/apache2/access_log w, } /usr/sbin/httpd2-prefork//DEFAULT_URI flags=(complain) { /var/log/apache2/error_log w, } /usr/sbin/httpd2-prefork//HANDLING_UNTRUSTED_INPUT flags=(complain) { #include <abstractions/nameservice> /proc/*/attr/current w, } about 1 year ago egroupware 233 kent Edit History
ubuntu-gutsy /usr/bin/gnome-panel #include <tunables/global> /usr/bin/gnome-panel { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/gnome> #include <abstractions/nameservice> capability dac_override, capability setgid, capability setuid, /bin/ r, /bin/bash ixr, /bin/dash ixr, /bin/egrep ixr, /bin/grep ixr, /bin/sed ixr, /bin/su Px, /bin/uname ixr, /dev/ptmx rw, /etc/init.d/ r, /etc/sound/events/gtk-events-2.soundlist r, /etc/sudoers r, /etc/xdg/menus/ r, /etc/xdg/menus/applications.menu r, /etc/xdg/menus/preferences.menu r, /etc/xdg/menus/settings.menu r, /home/*/ r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.bash_history ar, /home/*/.bashrc r, /home/*/.config/user-dirs.dirs r, /home/*/.gnome2_private/ w, /home/*/.gtk-bookmarks r, /home/*/.icons/ r, /home/*/.recently-used.xbel r, /home/*/.thumbnails/normal/*.png r, /lib/terminfo/x/xterm r, /proc/*/mounts r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /sbin/ r, /tmp/** klrw, /usr/bin/ r, /usr/bin/alacarte ixr, /usr/bin/avidemux ixr, /usr/bin/baobab ixr, /usr/bin/basename ixr, /usr/bin/beep-media-player-2 ixr, /usr/bin/cinepaint ixr, /usr/bin/devede ixr, /usr/bin/dircolors ixmr, /usr/bin/dirname ixr, /usr/bin/ekiga ixr, /usr/bin/env ix, /usr/bin/eog ixr, /usr/bin/evince ixr, /usr/bin/evolution Px, /usr/bin/f-spot ixr, /usr/bin/file-roller ixr, /usr/bin/gdmphotosetup ixr, /usr/bin/gimp-2.4 ixr, /usr/bin/git ixr, /usr/bin/git-merge r, /usr/bin/gksu ixr, /usr/bin/gnome-panel mr, /usr/bin/gnome-system-monitor ixr, /usr/bin/gnome-terminal ixr, /usr/bin/inkscape ixr, /usr/bin/kradio Px, /usr/bin/lesspipe ixr, /usr/bin/lynx.stable ixr, /usr/bin/monodevelop ixr, /usr/bin/mplayer ixr, /usr/bin/nautilus ixr, /usr/bin/nautilus-cd-burner ixr, /usr/bin/nautilus-connect-server ixr, /usr/bin/nessus ixr, /usr/bin/nmapfe ixr, /usr/bin/oofromtemplate ixr, /usr/bin/opera ixr, /usr/bin/python2.5 ix, /usr/bin/streamtuner ixr, /usr/bin/sudo ixr, /usr/bin/tsclient ixr, /usr/bin/ttb ixr, /usr/bin/wireshark ixr, /usr/bin/xaralx ixr, /usr/games/ r, /usr/lib/bonobo-activation/bonobo-activation-server Px, /usr/lib/command-not-found ixr, /usr/lib/firefox/firefox Px, /usr/lib/libvte9/gnome-pty-helper ixr, /usr/local/bin/ r, /usr/local/sbin/ r, /usr/local/share/applications/ r, /usr/local/share/desktop-directories/ r, /usr/local/share/icons/ r, /usr/sbin/ r, /usr/sbin/gdmsetup ixr, /usr/sbin/logprof Ux, /usr/share/albumshaper/images/**.xpm r, /usr/share/applications/ r, /usr/share/applications/*.desktop r, /usr/share/applications/kde/ r, /usr/share/applications/kde/*.desktop r, /usr/share/applications/screensavers/ r, /usr/share/applications/screensavers/*.desktop r, /usr/share/aqualung/*.png r, /usr/share/control-center-2.0/capplets/ r, /usr/share/control-center-2.0/capplets/*.desktop r, /usr/share/desktop-directories/ r, /usr/share/desktop-directories/*.directory r, /usr/share/firefox/icons/*.png r, /usr/share/gdm/applications/ r, /usr/share/gdm/applications/*.desktop r, /usr/share/gdm/gdmXnestWrapper ixr, /usr/share/gnome-2.0/ui/*.xml r, /usr/share/gnome/apps/ r, /usr/share/gnome/apps/Internet/ r, /usr/share/gnome/apps/Multimedia/ r, /usr/share/klavaro/pixmaps/*.xpm r, /usr/share/locale-langpack/en_US/**.mo r, /usr/share/system-config-printer/*.png r, /usr/share/vte/termcap/xterm r, /usr/share/xine/desktop/*.desktop r, /var/log/wtmp kw, /var/run/sudo/void/0 w, /var/run/sudo/void/1 w, /var/run/utmp krw, } over 2 years ago gnome 188 hbpteam Edit History
opensuse10.3 /usr/bin/amule #include <tunables/global> /usr/bin/amule flags=(complain) { #include <abstractions/base> /usr/bin/amule mr, } over 2 years ago amule 131 spiky781 Edit History
opensuse10.3 /usr/lib/helix-dbus-server/helix-dbus-server.bin #include <tunables/global> /usr/lib/helix-dbus-server/helix-dbus-server.bin { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/nameservice> /proc/cpuinfo r, /usr/lib/RealPlayer10/**.so mr, /usr/lib/helix-dbus-server/helix-dbus-server.bin mr, } over 2 years ago none 118 cinimod Edit History
opensuse10.3 /usr/bin/manpath #include <tunables/global> /usr/bin/manpath { #include <abstractions/base> /etc/manpath.config r, /usr/bin/manpath mr, } over 2 years ago Import of jmichaels profiles 136 dominic Edit History
ubuntu-gutsy /usr/bin/skype #include <tunables/global> /usr/bin/skype flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /dev/snd/controlC0 rw, /dev/snd/controlC1 rw, /dev/snd/pcmC0D0c rw, /dev/snd/pcmC0D0p rw, /dev/snd/pcmC0D1c rw, /dev/snd/pcmC0D2p rw, /dev/snd/timer r, /etc/fonts/** r, /home/*/.Skype/ rw, /home/*/.Skype/** krw, /home/*/.config/Trolltech.conf kr, /proc/interrupts r, /tmp/.X11-unix/X0 w, /usr/bin/skype mr, /usr/share/X11/XKeysymDB r, /usr/share/fonts/** r, /usr/share/icons/DMZ-White/cursor.theme r, /usr/share/icons/DMZ-White/cursors/arrow r, /usr/share/icons/DMZ-White/cursors/double_arrow r, /usr/share/icons/DMZ-White/cursors/xterm r, /usr/share/icons/DMZ-White/index.theme r, /usr/share/icons/Human/index.theme r, /usr/share/icons/Tangerine/index.theme r, /usr/share/icons/gnome/index.theme r, /usr/share/skype/** r, /var/cache/fontconfig/059138ec877db160474b4d5de1248d14-x86.cache-2 r, /var/cache/fontconfig/089dead882dea3570ffc31a9898cfb69-x86.cache-2 r, /var/cache/fontconfig/0f32d3adc6a232110812e17374eaa446-x86.cache-2 r, /var/cache/fontconfig/0f34bcd4b6ee430af32735b75db7f02b-x86.cache-2 r, /var/cache/fontconfig/102e5142c2e9e50c5e8ece26694a2dad-x86.cache-2 r, /var/cache/fontconfig/118d8d5311348bbdf5fe3b106d7c13d4-x86.cache-2 r, /var/cache/fontconfig/142ecfc435bad6f1fbc2648c1119d5eb-x86.cache-2 r, /var/cache/fontconfig/20bd79ad97094406f7d1b9654bfbd926-x86.cache-2 r, /var/cache/fontconfig/21a99156bb11811cef641abeda519a45-x86.cache-2 r, /var/cache/fontconfig/2561679576a9c7fd2ce41d281d4e00d1-x86.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2 r, /var/cache/fontconfig/4123634e9c08547d899d0aaff05ebe69-x86.cache-2 r, /var/cache/fontconfig/4794a0821666d79190d59a36cb4f44b5-x86.cache-2 r, /var/cache/fontconfig/4c599c202bc5c08e2d34565a40eac3b2-x86.cache-2 r, /var/cache/fontconfig/4c73fe0c47614734b17d736dbde7580a-x86.cache-2 r, /var/cache/fontconfig/61c830dfac3fd78a12654da5e9ba3f56-x86.cache-2 r, /var/cache/fontconfig/6330322105e0c4105d7c7a6ea2974107-x86.cache-2 r, /var/cache/fontconfig/6333f38776742d18e214673cd2c24e34-x86.cache-2 r, /var/cache/fontconfig/6386b86020ecc1ef9690bb720a13964f-x86.cache-2 r, /var/cache/fontconfig/646addb8444faa74ee138aa00ab0b6a0-x86.cache-2 r, /var/cache/fontconfig/6d41288fd70b0be22e8c3a91e032eec0-x86.cache-2 r, /var/cache/fontconfig/707971e003b4ae6c8121c3a920e507f5-x86.cache-2 r, /var/cache/fontconfig/75a2cd575a62c63e802c11411fb87c37-x86.cache-2 r, /var/cache/fontconfig/7b4a97c10f6c0166998ddfa1cf7392fb-x86.cache-2 r, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 r, /var/cache/fontconfig/8ab5f685cd6d8ba67c37c908faf08172-x86.cache-2 r, /var/cache/fontconfig/921a30a17f0be15c70ac14043cb7a739-x86.cache-2 r, /var/cache/fontconfig/92a571655fb1c0ec1c4d6f496220600a-x86.cache-2 r, /var/cache/fontconfig/9404ff413c67fc2a1526fd14eb4163a8-x86.cache-2 r, /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-x86.cache-2 r, /var/cache/fontconfig/9c0624108b9a2ae8552f664125be8356-x86.cache-2 r, /var/cache/fontconfig/a1131b7be650f9abae4907495aa5815d-x86.cache-2 r, /var/cache/fontconfig/a2ab74764b07279e7c36ddb1d302cf26-x86.cache-2 r, /var/cache/fontconfig/a755afe4a08bf5b97852ceb7400b47bc-x86.cache-2 r, /var/cache/fontconfig/a960c40fc9306f090224a04585f8a963-x86.cache-2 r, /var/cache/fontconfig/b21a91cee725896328b8cee8091cf747-x86.cache-2 r, /var/cache/fontconfig/b3fedf7c409f006ca1a6fceffceb77cf-x86.cache-2 r, /var/cache/fontconfig/b5a4f3f568a71026ccdc6a3a51afa9b4-x86.cache-2 r, /var/cache/fontconfig/b8613a33de00eecd32d5a94c3c617829-x86.cache-2 r, /var/cache/fontconfig/c69f04ab05004e31a6d5e715764f16d8-x86.cache-2 r, /var/cache/fontconfig/c855463f699352c367813e37f3f70ea7-x86.cache-2 r, /var/cache/fontconfig/cabbd14511b9e8a55e92af97fb3a0461-x86.cache-2 r, /var/cache/fontconfig/d52a8644073d54c13679302ca1180695-x86.cache-2 r, /var/cache/fontconfig/d82eb4fd963d448e2fcb7d7b793b5df3-x86.cache-2 r, /var/cache/fontconfig/da1bd5ca8443ffe22927a23ce431d198-x86.cache-2 r, /var/cache/fontconfig/ddc79d3ea06a7c6ffa86ede85f3bb5df-x86.cache-2 r, /var/cache/fontconfig/de156ccd2eddbdc19d37a45b8b2aac9c-x86.cache-2 r, /var/cache/fontconfig/de9486f0b47a4d768a594cb4198cb1c6-x86.cache-2 r, /var/cache/fontconfig/e0f9e95429e756d56293ed4d63866094-x86.cache-2 r, /var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-x86.cache-2 r, /var/cache/fontconfig/e383d7ea5fbe662a33d9b44caf393297-x86.cache-2 r, /var/cache/fontconfig/e3de0de479f42330eadf588a55fb5bf4-x86.cache-2 r, /var/cache/fontconfig/e7071f4a29fa870f4323321c154eba04-x86.cache-2 r, /var/cache/fontconfig/e9e44584608a73233979f764b5f9dd81-x86.cache-2 r, /var/cache/fontconfig/eeebfc908bd29a90773fd860017aada4-x86.cache-2 r, /var/cache/fontconfig/f5a93ac943883aa0fd9a7bfe0f6ec3c1-x86.cache-2 r, /var/cache/fontconfig/f71c1c7b3f795e5e20ad4a8800a9d397-x86.cache-2 r, /var/cache/fontconfig/fcff1cd55d48a2c86a175e9943c3506d-x86.cache-2 r, /var/cache/fontconfig/fd9416c4b92f07c6f59a3a8cf496e9dc-x86.cache-2 r, /var/cache/fontconfig/fd9505950c048a77dc4b710eb6a628ed-x86.cache-2 r, /var/cache/fontconfig/fe547fea3a41b43a38975d292a2b19c7-x86.cache-2 r, /var/lib/defoma/fontconfig.d/fonts.conf r, } over 2 years ago 0.1 195 tommes Edit History
opensuse11.0 /usr/local/apache2/bin/httpd #include <tunables/global> /usr/local/apache2/bin/httpd flags=(complain) { #include <abstractions/base> /etc/gai.conf r, /usr/local/apache2/conf/httpd.conf r, ^DEFAULT_URI flags=(complain) { } ^HANDLING_UNTRUSTED_INPUT flags=(complain) { } } about 1 month ago 19 Stasio Edit History
opensuse10.3 /usr/bin/ekiga #include <tunables/global> /usr/bin/ekiga flags=(complain) { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /dev/ r, /dev/** r, /etc/gnome-vfs-2.0/modules/ r, /etc/mtab r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.beagle/socket w, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2/gnomemeeting rw, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /home/*/.recently-used.xbel rw, /home/*/.recently-used.xbel.* rw, /proc/meminfo r, /proc/net/if_inet6 r, /tmp/orbit-*/bonobo-activation-register.lock klrw, /usr/bin/ekiga mr, /usr/lib/pwlib/devices/sound/*.so mr, /usr/lib/pwlib/devices/videoinput/*.so mr, /usr/share/mime/**.xml r, /var/cache/libx11/compose/* r, } over 2 years ago argh, switch things back to complain for a while 148 jmichael Edit History
opensuse10.3 /usr/bin/Xgl #include <tunables/global> /usr/bin/Xgl { #include <abstractions/X> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/fonts> #include <abstractions/freedesktop.org> #include <abstractions/user-tmp> capability dac_override, capability ipc_owner, capability setgid, capability setuid, capability sys_admin, /bin/bash ixr, /dev/dri/card* rw, /etc/sysconfig/displaymanager r, /home/*/.gnome2/share/cursor-fonts/fonts.dir r, /home/*/.gnome2/share/fonts/fonts.dir r, /home/jesse/.gnome2/share/fonts/** r, /proc/meminfo r, /usr/bin/Xgl mr, /usr/bin/Xorg Px, /usr/bin/xkbcomp Px, /usr/lib/dri/*.so mr, /var/lib/gdm/* r, /var/lib/xdm/authdir/authfiles/* r, /var/lib/xkb/compiled/*.xkm rw, /var/log/Xgl.*.log rw, /var/log/Xgl.*.log.old w, /var/log/gdm/*.log w, } over 2 years ago none 138 cinimod Edit History
opensuse10.3 /usr/lib/beagle/beagled-index-helper #include <tunables/global> /usr/lib/beagle/beagled-index-helper flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/user-tmp> /bin/bash ixr, /etc/mono/2.0/machine.config r, /etc/mono/config r, /home/*/ rw, /home/*/.beagle/** krw, /home/*/.local/share/mime/mime.cache mr, /home/*/.wapi/shared_data-* mrw, /home/*/.wapi/shared_fileshare-* mrw, /home/*/Desktop/* r, /proc/*/maps r, /proc/*/status r, /proc/meminfo r, /proc/stat r, /proc/sys/kernel/ngroups_max r, /usr/bin/mono ixr, /usr/bin/totem-video-indexer Px, /usr/lib/beagle/*.dll mr, /usr/lib/beagle/Filters/*.dll mr, /usr/lib/beagle/IndexHelper.exe mr, /usr/lib/beagle/beagled-index-helper mr, /usr/lib/mono/2.0/mscorlib.dll mr, /usr/lib/mono/gac/**.dll mr, /usr/share/mime/mime.cache mr, /var/tmp/ rw, } over 2 years ago argh, switch things back to complain for a while 185 jmichael Edit History
opensuse10.3 /usr/bin/skype #include <tunables/global> /usr/bin/skype flags=(complain) { #include <abstractions/base> /usr/bin/skype mr, } over 2 years ago 284 draglor Edit History
opensuse11.0 /opt/WAS_APPARMOR/java/jre/bin/java #include <tunables/global> /opt/WAS_APPARMOR/java/jre/bin/java flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability sys_nice, deny owner /tmp/guid.lock w, owner /etc/sysconfig/* r, owner /opt/WAS_APPARMOR/ w, owner /opt/WAS_APPARMOR/** mrwk, /opt/WAS_APPARMOR/java/jre/bin/java rix, owner /proc/*/net/if_inet6 r, owner /proc/meminfo r, owner /proc/stat r, owner /tmp/ r, owner /tmp/* rw, owner /tmp/** r, owner /tmp/*/ w, owner /usr/share/zoneinfo/ r, owner /var/run/nscd/* rw, } 9 months ago was 79 appuser1 Edit History
opensuse10.3 /var/lib/distccd/flashgot.m384mqii.default/flashgot-1.fgt #include <tunables/global> /var/lib/distccd/flashgot.m384mqii.default/flashgot-1.fgt { #include <abstractions/base> /var/lib/distccd/flashgot.m384mqii.default/flashgot-1.fgt mr, } about 1 year ago 95 hello Edit History
opensuse10.3 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability dac_override, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/.digest r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/gai.conf r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, /etc/php5/apache2/php.ini r, /etc/php5/conf.d/ r, /etc/php5/conf.d/ctype.ini r, /etc/php5/conf.d/dom.ini r, /etc/php5/conf.d/hash.ini r, /etc/php5/conf.d/iconv.ini r, /etc/php5/conf.d/json.ini r, /etc/php5/conf.d/pdo.ini r, /etc/php5/conf.d/pdo_sqlite.ini r, /etc/php5/conf.d/sqlite.ini r, /etc/php5/conf.d/tokenizer.ini r, /etc/php5/conf.d/xmlreader.ini r, /etc/php5/conf.d/xmlwriter.ini r, /home/*/ r, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/mysql/libmysql*.so* mr, /usr/lib/php/extensions/*.so mr, /usr/lib/php4/*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib/python[12].[0-9]/site-packages r, /usr/lib/qt3/lib/lib*.so* mr, /usr/lib64/** mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mixr, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index wr, /usr/share/ssl/openssl.cnf r, /var/dav/lock/lockdb.dir krw, /var/dav/lock/lockdb.pag rw, /var/lib/php/sess_* rwl, /var/lib/php5/session_mm_apache2handler0.sem kw, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } /usr/sbin/httpd2-prefork//DEFAULT_URI flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mixr, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } /usr/sbin/httpd2-prefork//HANDLING_UNTRUSTED_INPUT flags=(complain) { #include <abstractions/nameservice> /**.htaccess r, /var/log/apache2/* w, } about 1 year ago 139 ytakeda Edit History
ubuntu-gutsy /usr/bin/gnome-splashscreen-manager #include <tunables/global> /usr/bin/gnome-splashscreen-manager { #include <abstractions/base> /usr/bin/env ix, /usr/bin/gnome-splashscreen-manager mr, } over 2 years ago gnome 168 hbpteam Edit History
opensuse10.3 /usr/lib/helix-dbus-server/helix-dbus-server.bin #include <tunables/global> /usr/lib/helix-dbus-server/helix-dbus-server.bin { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/nameservice> /proc/cpuinfo r, /usr/lib/RealPlayer10/**.so mr, /usr/lib/helix-dbus-server/helix-dbus-server.bin mr, } over 2 years ago Import of jmichaels profiles 136 dominic Edit History
opensuse10.3 /usr/bin/manpath #include <tunables/global> /usr/bin/manpath { #include <abstractions/base> /etc/manpath.config r, /usr/bin/manpath mr, } over 2 years ago none 131 cinimod Edit History
opensuse11.0 /usr/sbin/asterisk #include <tunables/global> /usr/sbin/asterisk flags=(complain) { #include <abstractions/base> /etc/asterisk/logger.conf r, } about 1 year ago 97 yvm2008 Edit History
opensuse11.0 /usr/lib/avast4workstation/bin/wrapper-script.sh #include <tunables/global> /usr/lib/avast4workstation/bin/wrapper-script.sh { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 99 ankur_aiw9 Edit History
ubuntu-gutsy /usr/bin/gnome-session #include <tunables/global> /usr/bin/gnome-session { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/nameservice> #include <abstractions/python> /bin/dash ixr, /etc/X11/xorg.conf r, /etc/apt/apt.conf.d/ r, /etc/apt/apt.conf.d/* r, /etc/apt/sources.list r, /etc/apt/sources.list.d/ r, /etc/apt/sources.list.d/medibuntu.list r, /etc/debian_version r, /etc/default/linux-restricted-modules-common krw, /etc/lsb-release r, /etc/sound/events/gnome-2.soundlist r, /etc/sound/events/gtk-events-2.soundlist r, /etc/update-notifier/hooks_seen r, /etc/xdg/autostart/ r, /etc/xdg/autostart/*.desktop r, /home/*/ r, /home/*/*.NC7E0T rw, /home/*/.ICEauthority rw, /home/*/.ICEauthority-c w, /home/*/.ICEauthority-l lw, /home/*/.Xauthority r, /home/*/.cache/tracker/ r, /home/*/.cache/tracker/*.db krw, /home/*/.cache/tracker/*.db-journal w, /home/*/.config/*.dirs r, /home/*/.config/*.locale r, /home/*/.config/tracker/*.cfg r, /home/*/.evolution/mail/local/ r, /home/*/.evolution/mail/local/*.ev-summary r, /home/*/.evolution/mail/local/Inbox r, /home/*/.gnome2_private/ w, /home/*/.gstreamer-0.10/*.xml r, /home/*/.gtk-bookmarks rw, /home/*/.icons/ r, /home/*/.local/share/tracker/*.log w, /home/*/.local/share/tracker/data/ r, /home/*/.local/share/tracker/data/*.db krw, /home/*/.local/share/tracker/data/*.db-journal w, /home/*/.local/share/tracker/void_tracker_lock krw, /home/*/Desktop/ r, /home/*/Documents/ r, /home/*/Music/ r, /home/*/Pictures/ r, /home/*/Public/ r, /home/*/Templates/ r, /home/*/Videos/ r, /home/*/dvdrip-data/ r, /home/*/themes/ r, /home/*/themes/*/ r, /lib/linux-restricted-modules/2.6.22-14-generic/ r, /proc/*/mounts r, /proc/acpi/ac_adapter/ r, /proc/asound/cards r, /proc/meminfo r, /proc/modules r, /proc/stat r, /proc/sys/fs/inotify/max_user_watches r, /sys/devices/ r, /sys/devices/*/ r, /sys/devices/acpi_system:00/ACPI0007:00/ r, /sys/devices/acpi_system:00/ACPI0007:00/power/ r, /sys/devices/acpi_system:00/button_power:00/ r, /sys/devices/acpi_system:00/button_power:00/power/ r, /sys/devices/acpi_system:00/device:00/ r, /sys/devices/acpi_system:00/device:00/**/ r, /sys/devices/acpi_system:00/power/ r, /sys/devices/acpi_system:00/thermal:00/ r, /sys/devices/acpi_system:00/thermal:00/*/ r, /sys/devices/isa/power/ r, /sys/devices/pci0000:00/** r, /sys/devices/platform/bluetooth/ r, /sys/devices/platform/bluetooth/modalias r, /sys/devices/platform/bluetooth/power/ r, /sys/devices/platform/eisa.0/ r, /sys/devices/platform/eisa.0/modalias r, /sys/devices/platform/eisa.0/power/ r, /sys/devices/platform/floppy.0/ r, /sys/devices/platform/floppy.0/modalias r, /sys/devices/platform/floppy.0/power/ r, /sys/devices/platform/i8042/ r, /sys/devices/platform/i8042/modalias r, /sys/devices/platform/i8042/power/ r, /sys/devices/platform/i8042/serio0/ r, /sys/devices/platform/i8042/serio0/id/ r, /sys/devices/platform/i8042/serio0/modalias r, /sys/devices/platform/i8042/serio0/power/ r, /sys/devices/platform/i8042/serio1/ r, /sys/devices/platform/i8042/serio1/id/ r, /sys/devices/platform/i8042/serio1/modalias r, /sys/devices/platform/i8042/serio1/power/ r, /sys/devices/platform/pcspkr/ r, /sys/devices/platform/pcspkr/modalias r, /sys/devices/platform/pcspkr/power/ r, /sys/devices/platform/power/ r, /sys/devices/platform/serial8250/ r, /sys/devices/platform/serial8250/modalias r, /sys/devices/platform/serial8250/power/ r, /sys/devices/pnp0/**/ r, /sys/devices/pnp1/power/ r, /sys/devices/system/**/ r, /tmp/** klrw, /usr/bin/aplay Px, /usr/bin/apt-cache ixr, /usr/bin/basename ixr, /usr/bin/bluetooth-applet Px, /usr/bin/bug-buddy Px, /usr/bin/dbus-daemon Px, /usr/bin/env ixr, /usr/bin/gconftool-2 ixr, /usr/bin/gnome-at-visual ixr, /usr/bin/gnome-panel Px, /usr/bin/gnome-power-manager ixr, /usr/bin/gnome-session mr, /usr/bin/gnome-volume-manager Px, /usr/bin/gnome-wm Px, /usr/bin/lsb_release ixr, /usr/bin/nautilus Px, /usr/bin/nm-applet ixr, /usr/bin/python2.5 ixr, /usr/bin/restricted-manager ixr, /usr/bin/system-config-printer-applet ixr, /usr/bin/trackerd ixr, /usr/bin/update-notifier ixr, /usr/bin/vino-session Px, /usr/bin/xdg-user-dirs-gtk-update ixr, /usr/lib/evolution/2.12/evolution-alarm-notify ixr, /usr/lib/libgconf2-4/gconf-sanity-check-2 Px, /usr/lib/libgconf2-4/gconfd-2 Px, /usr/lib/update-notifier/apt-check ixr, /usr/local/share/applications/ r, /usr/local/share/icons/ r, /usr/share/applications/ r, /usr/share/applications/*/ r, /usr/share/apport/apport-gtk ixr, /usr/share/gdm/applications/ r, /usr/share/gnome/*.session r, /usr/share/gnome/autostart/ r, /usr/share/gnome/autostart/* r, /usr/share/linux-restricted-modules/2.6.22-14-generic/modules.alias.override/ r, /usr/share/nm-applet/applet.glade r, /usr/share/restricted-manager/groups/ r, /usr/share/restricted-manager/groups/vmware r, /usr/share/restricted-manager/manager.glade r, /usr/share/restricted-manager/modalias_override/ r, /usr/share/system-config-printer/applet.py ixr, /usr/share/tracker/*.sql r, /usr/share/tracker/languages/stopwords.en r, /usr/share/update-notifier/glade/*.glade r, /var/cache/apt/archives/ r, /var/cache/apt/archives/partial/ r, /var/cache/apt/pkgcache.bin r, /var/cache/restricted-manager/*.restricted krw, /var/cache/restricted-manager/seen krw, /var/cache/restricted-manager/used krw, /var/crash/ r, /var/lib/apt/extended_states r, /var/lib/apt/lists/ r, /var/lib/dpkg/ r, /var/lib/update-notifier/ r, /var/lib/update-notifier/user.d/ r, /var/run/ r, /var/run/avahi-daemon/ r, /var/run/cups/cups.sock w, } over 2 years ago gnome 219 hbpteam Edit History
opensuse10.3 /etc/X11/xdm/Xsession #include <tunables/global> /etc/X11/xdm/Xsession { #include <abstractions/X> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> capability sys_ptrace, /bin/bash ixr, /bin/grep ixr, /bin/hostname Px, /bin/ls ixmr, /bin/uname Px, /etc/X11/Xresources r, /etc/X11/xdm/Xsession mr, /etc/X11/xdm/sys.xsession Px, /etc/X11/xinit/xinitrc.common r, /etc/opt/ r, /etc/shells r, /etc/sysconfig/console r, /etc/sysconfig/language r, /etc/sysconfig/mail r, /etc/sysconfig/news r, /etc/sysconfig/proxy r, /etc/sysconfig/suseconfig r, /etc/sysconfig/windowmanager r, /home/*/.Xdefaults r, /home/*/.bashrc r, /home/*/.profile r, /opt/ r, /proc/ r, /proc/*/cmdline r, /proc/*/mounts r, /proc/*/stat r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /sbin/killall5 ixr, /usr/bin/dircolors ixmr, /usr/bin/manpath Px, /usr/bin/tty ixr, /usr/bin/xrdb Px, /usr/lib/jvm/java-1.5.0-sun-1.5.0_update12/jre/bin/java ixr, /var/log/Xorg.*.log r, } over 2 years ago Import of jmichaels profiles 175 dominic Edit History
ubuntu-gutsy /usr/games/iagno #include <tunables/global> /usr/games/iagno { #include <abstractions/base> /usr/games/iagno mr, } over 2 years ago gnome 185 hbpteam Edit History
opensuse10.3 /usr/lib/gnome-keyring-1/gnome-keyring-ask #include <tunables/global> /usr/lib/gnome-keyring-1/gnome-keyring-ask flags=(complain) { #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /home/*/.Xauthority r, /home/*/.fontconfig/* r, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /proc/meminfo r, /usr/lib/gnome-keyring-1/gnome-keyring-ask mr, } over 2 years ago argh, switch things back to complain for a while 143 jmichael Edit History
opensuse10.3 /usr/bin/claws-mail #include <tunables/global> /usr/bin/claws-mail flags=(complain) { #include <abstractions/base> /home/vljliljlv/.claws-mail/tagsrc w, /home/vljliljlv/rajakarta/queue/ r, /usr/bin/claws-mail mr, } 8 months ago claws-mail log 78 praanap Edit History
opensuse11.0 /bin/arch #include <tunables/global> /bin/arch flags=(complain) { #include <abstractions/base> } about 1 year ago ravee1 110 ravee Edit History
opensuse10.3 /sbin/ip #include <tunables/global> /sbin/ip flags=(complain) { #include <abstractions/base> capability sys_module, /etc/iproute2/rt_scopes r, /proc/net/ r, /proc/net/unix r, /sbin/ip mr, } over 2 years ago argh, switch things back to complain for a while 184 jmichael Edit History
ubuntu-gutsy /usr/bin/gstm #include <tunables/global> /usr/bin/gstm { #include <abstractions/base> /usr/bin/gstm mr, } over 2 years ago gnome 177 hbpteam Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/basename px, /bin/bash ix, /usr/bin/file px, } 10 months ago 95 philodoxia Edit History
opensuse10.3 /usr/bin/evolution #include <tunables/global> /usr/bin/evolution flags=(complain) { #include <abstractions/base> /usr/bin/evolution mr, } over 2 years ago Appevolution 117 vmbaumgaertel Edit History
opensuse10.3 /usr/sbin/snmpd #include <tunables/global> /usr/sbin/snmpd { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, /dev/md* r, /dev/sd* r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/mtab r, /etc/rpm/ r, /etc/rpm/macros.gconf2 r, /etc/rpm/macros.mkinitrd r, /etc/sensors.conf r, /etc/snmp/snmpd.conf r, /proc/ r, /proc/*/cmdline r, /proc/*/mounts r, /proc/*/stat r, /proc/*/status r, /proc/cmdline r, /proc/loadavg r, /proc/net/arp r, /proc/net/dev r, /proc/net/if_inet6 r, /proc/net/ipv6_route r, /proc/net/route r, /proc/net/snmp r, /proc/net/snmp6 r, /proc/net/tcp r, /proc/net/tcp6 r, /proc/net/udp r, /proc/net/udp6 r, /proc/sys/net/ipv4/ipfrag_time r, /proc/sys/net/ipv4/neigh/eth0/retrans_time_ms r, /proc/sys/net/ipv4/neigh/eth1/retrans_time_ms r, /proc/sys/net/ipv4/neigh/lo/retrans_time_ms r, /proc/sys/net/ipv6/conf/all/forwarding r, /proc/sys/net/ipv6/conf/default/hop_limit r, /proc/sys/net/ipv6/conf/eth0/forwarding r, /proc/sys/net/ipv6/conf/eth1/forwarding r, /proc/sys/net/ipv6/conf/lo/forwarding r, /proc/sys/net/ipv6/neigh/eth0/base_reachable_time_ms r, /proc/sys/net/ipv6/neigh/eth0/retrans_time_ms r, /proc/sys/net/ipv6/neigh/eth1/base_reachable_time_ms r, /proc/sys/net/ipv6/neigh/eth1/retrans_time_ms r, /proc/sys/net/ipv6/neigh/lo/base_reachable_time_ms r, /proc/sys/net/ipv6/neigh/lo/retrans_time_ms r, /proc/uptime r, /proc/vmstat r, /sys/class/hwmon/ r, /sys/class/i2c-adapter/ r, /sys/devices/pci0000:00/0000:00:1f.3/i2c-adapter/i2c-0/name r, /sys/devices/platform/coretemp.[0-9]/name r, /sys/devices/platform/coretemp.[0-9]/temp1_input r, /sys/devices/platform/coretemp.[0-9]/temp1_label r, /usr/sbin/snmpd mr, /usr/share/snmp/mibs/ r, /usr/share/snmp/mibs/* r, /var/lib/net-snmp/snmpd.0.conf w, /var/lib/net-snmp/snmpd.conf rw, /var/lib/rpm/ w, /var/lib/rpm/Packages kr, /var/log/net-snmpd.log rw, /var/run/snmpd.pid w, /var/run/utmp krw, } about 1 year ago 328 arclyde Edit History
opensuse10.3 /etc/X11/xdm/Xsession #include <tunables/global> /etc/X11/xdm/Xsession { #include <abstractions/X> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> capability sys_ptrace, /bin/bash ixr, /bin/grep ixr, /bin/hostname Px, /bin/ls ixmr, /bin/uname Px, /etc/X11/Xresources r, /etc/X11/xdm/Xsession mr, /etc/X11/xdm/sys.xsession Px, /etc/X11/xim r, /etc/X11/xinit/xinitrc.common r, /etc/opt/ r, /etc/shells r, /etc/sysconfig/console r, /etc/sysconfig/language r, /etc/sysconfig/mail r, /etc/sysconfig/news r, /etc/sysconfig/proxy r, /etc/sysconfig/suseconfig r, /etc/sysconfig/windowmanager r, /home/*/.Xdefaults r, /home/*/.bashrc r, /home/*/.profile r, /home/*/.xsession-errors w, /opt/ r, /proc/ r, /proc/*/cmdline r, /proc/*/mounts r, /proc/*/stat r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /sbin/killall5 ixr, /usr/bin/dircolors ixmr, /usr/bin/manpath Px, /usr/bin/printenv ixr, /usr/bin/tty ixr, /usr/bin/xrdb Px, /usr/lib/jvm/java-1.5.0-sun-1.5.0_update12/jre/bin/java ixr, /usr/lib/jvm/java-1.6.0.u3.sr2-sun-1.6.0.u3/bin/java ixr, /usr/lib/jvm/java-1.6.0.u3.sr2-sun-1.6.0.u3/bin/javac ixr, /usr/lib/jvm/java-1.6.0.u3.sr2-sun-1.6.0.u3/jre/bin/java ixr, /var/log/Xorg.*.log r, } over 2 years ago none 145 cinimod Edit History
opensuse10.3 /usr/lib/cyrus/bin/cyr_expire #include <tunables/global> /usr/lib/cyrus/bin/cyr_expire { #include <abstractions/base> /etc/imapd.* r, /mnt/mail/config/** rw, /usr/lib/cyrus/bin/cyr_expire mr, /var/lib/imap/** rw, } about 1 year ago 151 arclyde Edit History
opensuse10.3 /usr/sbin/apxs2 #include <tunables/global> /usr/sbin/apxs2 { #include <abstractions/base> #include <abstractions/perl> /usr/bin/perl ix, /usr/sbin/apxs2 mr, } about 1 year ago 1 119 kungfu Edit History
ubuntu-gutsy /usr/bin/hamachi #include <tunables/global> /usr/bin/hamachi flags=(complain) { #include <abstractions/base> /tmp/upxBCN1WMIANOG pxrw, /usr/bin/hamachi mr, } over 2 years ago hamachi 135 snide Edit History
opensuse11.0 /usr/bin/pidgin #include <tunables/global> /usr/bin/pidgin { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> owner /home/*/.purple/* rw, owner /home/*/.purple/** mr, owner /home/walik/.gstreamer-0.10/* r, owner /proc/*/fd/ r, owner /proc/*/mounts r, /usr/lib/pidgin/* mr, /usr/lib/purple-2/* mr, /usr/share/locale-bundle/** r, /usr/share/themes/ r, owner /var/run/gdm/auth-for-walik-E5MIBe/database r, ^null-10 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-12 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-14 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-16 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-18 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-1a { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-1c { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-1e { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-20 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-22 { #include <abstractions/base> } ^null-24 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-26 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-28 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-2a { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/* r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-2c { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-2e { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-30 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-32 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-34 { #include <abstractions/base> } ^null-36 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/** mr, /usr/share/locale/** r, } ^null-38 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-3a { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-3c { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-3e { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-40 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-42 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-44 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-46 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-48 { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-4a { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } ^null-4c { /dev/urandom r, /etc/ld.so.cache r, /lib/lib*so* mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, } } 28 days ago 12 walik Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } 9 months ago 79 sudakovi Edit History
opensuse10.3 /usr/bin/strigidaemon #include <tunables/global> /usr/bin/strigidaemon { #include <abstractions/base> #include <abstractions/user-tmp> /etc/opt/kde3/share/ r, /home/*/ r, /home/*/.local/share/ r, /home/*/.strigi/*.conf rw, /home/*/.strigi/clucene/* r, /home/*/.strigi/lock kw, /home/*/.strigi/socket w, /opt/kde3/share/ r, /usr/bin/strigidaemon mr, /usr/lib/strigi/*.so mr, /usr/share/strigi/** r, } over 2 years ago kde4 testing 116 dominic Edit History
opensuse10.3 /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper #include <tunables/global> /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/sysconfig/proxy r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper mr, } over 2 years ago Import of jmichaels profiles 163 dominic Edit History
opensuse11.0 /usr/bin/gtk-gnutella #include <tunables/global> /usr/bin/gtk-gnutella flags=(complain) { #include <abstractions/base> } 1 day ago Default 2 gtk-gnutella Edit History
ubuntu-gutsy /usr/bin/gnome-at-properties #include <tunables/global> /usr/bin/gnome-at-properties { #include <abstractions/base> /usr/bin/gnome-at-properties mr, } over 2 years ago gnome 151 hbpteam Edit History
opensuse10.3 /usr/bin/gpgsm #include <tunables/global> /usr/bin/gpgsm flags=(complain) { #include <abstractions/base> /home/*/.gnupg/* lrw, /usr/bin/gpgsm mr, } about 1 year ago internet radio, u.a. 107 shivver-fox Edit History
opensuse10.3 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/mysql/libmysql*.so* mr, /usr/lib/php/extensions/*.so mr, /usr/lib/php4/*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib/python[12].[0-9]/site-packages r, /usr/lib/qt3/lib/lib*.so* mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/mysql/libmysql*.so* mr, /usr/lib64/php/extensions/*.so mr, /usr/lib64/php4/*.so mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/python[12].[0-9]/site-packages r, /usr/lib64/qt3/lib/lib*.so* mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mixr, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index wr, /usr/share/ssl/openssl.cnf r, /var/lib/php/sess_* rwl, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } /usr/sbin/httpd2-prefork//DEFAULT_URI flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mixr, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } /usr/sbin/httpd2-prefork//HANDLING_UNTRUSTED_INPUT flags=(complain) { #include <abstractions/nameservice> /**.htaccess r, /var/log/apache2/* w, } about 1 year ago 122 hbree Edit History
opensuse10.3 /usr/lib/cups/daemon/cups-deviced #include <tunables/global> /usr/lib/cups/daemon/cups-deviced flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/perl> #include <abstractions/python> capability setgid, capability setuid, /bin/bash ixr, /dev/bus/usb/ r, /dev/bus/usb/** rw, /dev/lp0 rw, /dev/ttyS0 w, /dev/tty{*} w, /proc/meminfo r, /root/.hplip/hplip.conf r, /usr/bin/env ixr, /usr/bin/perl ix, /usr/bin/python2.5 ixr, /usr/bin/smbspool ixr, /usr/lib/cups/backend/beh ixr, /usr/lib/cups/backend/canon ixr, /usr/lib/cups/backend/epson ixr, /usr/lib/cups/backend/hal ixr, /usr/lib/cups/backend/hp ixr, /usr/lib/cups/backend/hpfax ixr, /usr/lib/cups/backend/ipp ixr, /usr/lib/cups/backend/lpd ixr, /usr/lib/cups/backend/parallel ixr, /usr/lib/cups/backend/pipe ixr, /usr/lib/cups/backend/scsi ixr, /usr/lib/cups/backend/serial ixr, /usr/lib/cups/backend/snmp ixr, /usr/lib/cups/backend/socket ixr, /usr/lib/cups/backend/usb ixr, /usr/lib/cups/daemon/cups-deviced mr, /usr/share/hplip/**.py r, /usr/share/hplip/**.pyc r, } over 2 years ago 145 dhughes Edit History
opensuse10.3 /bin/uname #include <tunables/global> /bin/uname { #include <abstractions/base> /bin/uname mr, /proc/cpuinfo r, } over 2 years ago Import of jmichaels profiles 165 dominic Edit History
opensuse10.3 /bin/ps #include <tunables/global> /bin/ps flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability dac_override, capability sys_admin, capability sys_ptrace, /bin/ps mr, /proc/ r, /proc/*/attr/current r, /proc/*/cmdline r, /proc/*/stat r, /proc/*/status r, /proc/meminfo r, /proc/stat r, /proc/sys/kernel/pid_max r, /proc/tty/drivers r, /proc/uptime r, } over 2 years ago argh, switch things back to complain for a while 152 jmichael Edit History
opensuse10.3 /usr/lib/cups/backend/usb #include <tunables/global> /usr/lib/cups/backend/usb flags=(complain) { #include <abstractions/base> /usr/lib/cups/backend/usb mr, } over 2 years ago cups testing 215 dominic Edit History
opensuse10.3 /bin/basename #include <tunables/global> /bin/basename flags=(complain) { #include <abstractions/base> /bin/basename mr, } over 2 years ago 177 overwrite Edit History
opensuse10.3 /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper #include <tunables/global> /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/sysconfig/proxy r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper mr, } over 2 years ago none 134 cinimod Edit History
opensuse10.3 /usr/bin/bug-buddy #include <tunables/global> /usr/bin/bug-buddy { #include <abstractions/base> /usr/bin/bug-buddy mr, } about 1 year ago 126 FYPJ Edit History
opensuse10.3 /usr/bin/xscreensaver #include <tunables/global> /usr/bin/xscreensaver flags=(complain) { #include <abstractions/base> /usr/bin/xscreensaver mr, } over 2 years ago argh, switch things back to complain for a while 156 jmichael Edit History
opensuse10.3 /usr/lib/cups/daemon/cups-deviced #include <tunables/global> /usr/lib/cups/daemon/cups-deviced flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> capability setgid, capability setuid, /bin/bash ixr, /proc/meminfo r, /usr/bin/smbspool Px, /usr/lib/cups/backend/ r, /usr/lib/cups/backend/beh Px, /usr/lib/cups/backend/hal Px, /usr/lib/cups/backend/ipp Px, /usr/lib/cups/backend/lpd Px, /usr/lib/cups/backend/novell Px, /usr/lib/cups/backend/parallel Px, /usr/lib/cups/backend/pipe Px, /usr/lib/cups/backend/scsi Px, /usr/lib/cups/backend/serial Px, /usr/lib/cups/backend/snmp Px, /usr/lib/cups/backend/socket Px, /usr/lib/cups/backend/usb Px, /usr/lib/cups/daemon/cups-deviced mr, } over 2 years ago cups testing 163 dominic Edit History
opensuse10.3 /usr/lib/firefox/firefox-bin #include <tunables/global> /usr/lib/firefox/firefox-bin flags=(complain) { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /bin/bash ixr, /bin/grep ixr, /bin/netstat Px, /bin/ps Px, /etc/gai.conf r, /etc/gnome-vfs-2.0/modules/ r, /etc/mailcap r, /etc/mime.types r, /etc/mtab r, /etc/opt/kde3/share/applications/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.adobe/Flash_Player/** r, /home/*/.beagle/socket w, /home/*/.bookmarks.html rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.* rw, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/applications/ r, /home/*/.local/share/applications/*.desktop r, /home/*/.local/share/applications/defaults.list r, /home/*/.local/share/applications/mimeinfo.cache r, /home/*/.local/share/icons/ r, /home/*/.macromedia/Flash_Player/** r, /home/*/.mailcap r, /home/*/.mozilla/firefox/** rw, /home/*/.mozilla/firefox/*/.parentlock krw, /home/*/.mozilla/firefox/*/urlclassifier2.sqlite krw, /home/*/.mozilla/plugins/ r, /home/*/.mozilla/plugins/libflashplayer.so mr, /home/*/.recently-used.xbel r, /home/*/Desktop/ r, /home/*/Desktop/** rw, /home/*/Documents/** rw, /opt/kde3/bin/gwenview Px, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/mimeinfo.cache r, /proc/*/maps r, /proc/cpuinfo r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/acroread Px, /usr/bin/eog Px, /usr/bin/evince Px, /usr/bin/file-roller Px, /usr/bin/gimp-remote-2.2 Px, /usr/bin/gvim-normal ixr, /usr/bin/mplayer Px, /usr/lib/Acrobat7/Browser/intellinux/*.so mr, /usr/lib/firefox/firefox-bin ixr, /usr/lib/firefox/firefox.sh Px, /usr/share/applications/ r, /usr/share/applications/*.desktop r, /usr/share/applications/mimeinfo.cache r, /usr/share/dist/icons/suse-help.svg r, /usr/share/gdm/applications/ r, /usr/share/mime/**.xml r, /var/cache/gnome-vfs/defaults.list r, /var/cache/libx11/compose/* r, } over 2 years ago allow -d gdb option for firefox plus other misc updates 138 jmichael Edit History
opensuse10.3 /opt/kde3/bin/kopete #include <tunables/global> /opt/kde3/bin/kopete { #include <abstractions/base> /opt/kde3/bin/kopete mr, /opt/kde3/lib/lib*so* mr, /usr/lib/qt3/lib/lib*so* mr, } over 2 years ago 1 164 robsn81 Edit History
ubuntu-gutsy /usr/sbin/named #include <tunables/global> /usr/sbin/named { #include <abstractions/base> #include <abstractions/nameservice> capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_resource, /proc/net/if_inet6 r, /usr/sbin/named mr, /var/named/run-root/dev/random r, /var/named/run-root/dev/urandom r, /var/named/run-root/etc/bind/** r, /var/named/run-root/etc/localtime r, /var/named/run-root/etc/named.conf r, /var/named/run-root/var/139.25.85.in-addr.arpa r, /var/named/run-root/var/cache/bind/ rw, /var/named/run-root/var/cache/bind/** rw, /var/named/run-root/var/dev/** r, /var/named/run-root/var/harfe-karlsruhe.de r, /var/named/run-root/var/lib/bind/ rw, /var/named/run-root/var/lib/bind/** rw, /var/named/run-root/var/lib/dnscvsutil/compiled/** rw, /var/named/run-root/var/localhost.rev r, /var/named/run-root/var/log/named/** rw, /var/named/run-root/var/named.root r, /var/named/run-root/var/run/bind/named.options r, /var/named/run-root/var/run/bind/run/named.pid w, /var/named/run-root/var/run/named/named.pid w, /var/named/run-root/var/studebo.com r, /var/named/run-root/var/studebo.de r, /var/named/run-root/var/studebo.net r, } 11 months ago named 83 jmfrank63 Edit History
opensuse10.3 /bin/dbus-daemon #include <tunables/global> /bin/dbus-daemon { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/nameservice> capability dac_override, capability setgid, capability setuid, /bin/dbus-daemon mr, /etc/dbus-1/session.conf r, /etc/dbus-1/system.conf r, /etc/dbus-1/system.d/ r, /etc/dbus-1/system.d/*.conf r, /usr/bin/helix-dbus-server Px, /usr/lib/control-center-2.0/gnome-settings-daemon Px, /usr/lib/gnome-vfs-2.0/gnome-vfs-daemon Px, /usr/lib/notification-daemon-1.0/notification-daemon Px, /usr/share/dbus-1/services/ r, /usr/share/dbus-1/services/*.service r, /var/run/dbus/pid w, } over 2 years ago none 139 cinimod Edit History
opensuse10.3 /usr/bin/gconftool-2 #include <tunables/global> /usr/bin/gconftool-2 { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> capability kill, capability sys_ptrace, /etc/gconf/gconf.xml.defaults/ r, /etc/gconf/gconf.xml.defaults/.testing.writeability w, /etc/gconf/gconf.xml.schemas/ r, /etc/gconf/gconf.xml.schemas/** rw, /etc/gconf/schema-install-source r, /etc/gconf/schemas/**.schemas r, /etc/gconf/schemas/*.entries r, /proc/ r, /proc/*/cmdline r, /proc/*/stat r, /usr/bin/gconftool-2 mr, /usr/bin/killall ixr, /usr/lib/GConf/2/gconfd-2 Px, } over 2 years ago none 115 cinimod Edit History
opensuse10.3 /bin/uname #include <tunables/global> /bin/uname { #include <abstractions/base> /bin/uname mr, /proc/cpuinfo r, } over 2 years ago none 119 cinimod Edit History
opensuse10.3 /usr/lib/GConf/2/gconf-sanity-check-2 #include <tunables/global> /usr/lib/GConf/2/gconf-sanity-check-2 { #include <abstractions/X> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> /home/*/.Xauthority r, /tmp/gconf-test-locking-file-* klrw, /usr/lib/GConf/2/gconf-sanity-check-2 mr, } over 2 years ago Import of jmichaels profiles 146 dominic Edit History
opensuse11.0 /usr/sbin/sshd # $Id: usr.sbin.sshd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # will need to revalidate this profile once we finish re-architecting # the change_hat patch. # #include <tunables/global> /usr/sbin/sshd { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability fowner, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_tty_config, /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/environment r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/modules.conf r, /etc/motd r, /etc/ssh/* r, /etc/ssh/moduli r, /sbin/nologin Ux, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, /usr/sbin/sshd mrix, /var/run w, /var/run/sshd{,.init}.pid wl, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/loginuid w, @{PROC}/[0-9]*/mounts r, ^AUTHENTICATED { #include <abstractions/authentication> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability setgid, capability setuid, capability sys_tty_config, /dev/log w, /dev/ptmx rw, /etc/default/passwd r, /etc/localtime r, /etc/login.defs r, /etc/motd r, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, } ^EXEC { #include <abstractions/base> /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /sbin/nologin Ux, } ^PRIVSEP { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, capability sys_chroot, } ^PRIVSEP_MONITOR { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability setgid, capability setuid, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ssh/moduli r, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/mounts r, } } 3 months ago 38 Aleksandr Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 90 rbedger Edit History
opensuse10.3 /usr/bin/php5 #include <tunables/global> /usr/bin/php5 { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/php5> capability dac_override, /etc/php5/cli/* r, /root/.pearrc r, /tmp/* rw, /tmp/pear/*/ w, /usr/bin/php5 ixr, /usr/share/kolab/scripts/resmgr/* r, /usr/share/php5/** krw, /var/lib/php5/session_mm_* klrw, } over 2 years ago 139 haris Edit History
opensuse10.3 /usr/sbin/lisa #include <tunables/global> /usr/sbin/lisa { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/winbind> capability net_raw, capability setuid, network inet raw, /bin/bash ixr, /etc/lisarc r, /proc/meminfo r, /usr/bin/nmblookup ixr, /usr/sbin/lisa mr, /var/lib/samba/unexpected.tdb r, } over 2 years ago 192 JaMm Edit History
opensuse11.0 /usr/sbin/named #include <tunables/global> /usr/sbin/named flags=(complain) { #include <abstractions/base> capability setgid, } about 1 month ago 15 oliver siebert Edit History
opensuse11.0 /usr/bin/kopete #include <tunables/global> /usr/bin/kopete { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/kde> #include <abstractions/nameservice> deny owner /home/aleksandr/.isomaster r, deny owner /home/aleksandr/.windows-serial r, deny /home/aleksandr/1 r, deny owner /home/aleksandr/avtorizator/.directory r, deny /home/aleksandr/index.html.1 r, owner /DATA_SONY/** rw, /etc/exports r, /etc/fstab r, /etc/kde4/share/config/oxygenrc r, /etc/kde4rc r, /etc/mtab r, /etc/rpc r, /etc/security/fileshare.conf r, /home/ r, owner /home/*/ r, owner /home/*/.DCOPserver_linux-3gqq__0 r, owner /home/*/.FuriusIsoMount/ r, owner /home/*/.ICEauthority r, owner /home/*/.Wammu r, owner /home/*/.Xauthority r, owner /home/*/.bash_history r, owner /home/*/.bashrc r, owner /home/*/.config/.directory rw, owner /home/*/.config/Trolltech.conf rwk, owner /home/*/.config/enchant/ r, owner /home/*/.config/enchant/ru.dic rk, owner /home/*/.config/enchant/ru.exc rk, owner /home/*/.devede r, owner /home/*/.directory rw, owner /home/*/.dmrc r, owner /home/*/.emacs r, owner /home/*/.esd_auth r, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.gtk-bookmarks r, owner /home/*/.inputrc r, owner /home/*/.kde/share/config/kdeglobals rk, owner /home/*/.kde4/share/ w, owner /home/*/.kde4/share/apps/** rw, owner /home/*/.kde4/share/config/ w, owner /home/*/.kde4/share/config/* rw, owner /home/*/.kde4/share/config/kdeglobals rwk, owner /home/*/.kde4/share/config/kresources/contact/* rw, owner /home/*/.kde4/share/emoticons/ r, owner /home/*/.kde4/share/emoticons/** r, owner /home/*/.lircrc r, owner /home/*/.local/.directory rw, owner /home/*/.local/share/mime/generic-icons r, owner /home/*/.local/share/mime/magic r, owner /home/*/.local/share/user-places.xbel r, owner /home/*/.mtab.fuseiso r, owner /home/*/.nvidia-settings-rc r, owner /home/*/.opera/.directory r, owner /home/*/.part r, owner /home/*/.profile r, owner /home/*/.pulse-cookie r, owner /home/*/.recently-used r, owner /home/*/.thumbnails/normal/* ra, owner /home/*/.wine/.directory r, owner /home/*/.xim.template r, owner /home/*/.xinitrc.template r, owner /home/*/.xsession-errors r, owner /home/*/.y2log r, owner /home/*/.y2usersettings r, owner /home/*/Desktop/.directory rw, owner /home/*/bin/.directory rw, /media/ r, /opt/gnome/share/icons/hicolor/ r, /opt/gnome/share/icons/hicolor/**/ r, /opt/gnome/share/mime/generic-icons r, /opt/gnome/share/mime/magic r, /opt/kde3/bin/kdialog rix, owner /proc/*/net/ r, /proc/*/net/if_inet6 r, /proc/*/net/ipv6_route r, /proc/*/net/route r, /proc/*/net/unix r, /usr/bin/kdialog rix, /usr/bin/kopete r, /usr/lib/** mr, /usr/lib/kde4/libexec/drkonqi rix, /usr/share/emoticons/ r, /usr/share/enchant/enchant.ordering r, /usr/share/kde4/apps/** r, /usr/share/kde4/config/* r, /usr/share/kde4/config/ui/ui_standards.rc r, /usr/share/locale-bundle/en_US/LC_MESSAGES/kde4-openSUSE.mo r, /usr/share/locale-bundle/ru/** r, /usr/share/locale-langpack/ru/LC_MESSAGES/kde4-openSUSE.mo r, /usr/share/qca/certs/rootcerts.pem r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, } 3 months ago 25 Aleksandr Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } 9 months ago fire 63 rocio Edit History
ubuntu-gutsy /usr/lib/postfix/spawn # $Id: usr.lib.postfix.spawn 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/spawn { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /usr/lib/postfix/spawn rmix, } about 1 year ago 97 stive Edit History
opensuse11.0 /usr/share/amsn/amsn #include <tunables/global> /usr/share/amsn/amsn { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 112 josemanuel Edit History
opensuse10.3 /usr/bin/cal #include <tunables/global> /usr/bin/cal { #include <abstractions/base> /usr/bin/cal mr, } about 1 year ago /var/log/apparmor/reports/cal/log 129 doknisa Edit History
opensuse10.3 /bin/dbus-daemon #include <tunables/global> /bin/dbus-daemon { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/nameservice> #include <abstractions/user-tmp> capability dac_override, capability setgid, capability setuid, /bin/dbus-daemon mr, /etc/dbus-1/session.conf r, /etc/dbus-1/system.conf r, /etc/dbus-1/system.d/ r, /etc/dbus-1/system.d/*.conf r, /etc/opt/kde3/share/ r, /home/*/ r, /home/*/.local/share/ r, /home/*/.strigi/*.conf rw, /home/*/.strigi/clucene/* r, /home/*/.strigi/lock kw, /home/*/.strigi/socket w, /opt/kde3/share/ r, /usr/bin/helix-dbus-server Px, /usr/bin/knotify4 Px, /usr/bin/strigidaemon Pxmr, /usr/lib/control-center-2.0/gnome-settings-daemon Px, /usr/lib/gnome-vfs-2.0/gnome-vfs-daemon Px, /usr/lib/notification-daemon-1.0/notification-daemon Px, /usr/lib/strigi/*.so mr, /usr/share/dbus-1/services/ r, /usr/share/dbus-1/services/*.service r, /usr/share/strigi/** r, /var/run/dbus/pid w, } over 2 years ago 145 dominic Edit History
opensuse10.3 /usr/bin/gconftool-2 #include <tunables/global> /usr/bin/gconftool-2 { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> capability kill, capability sys_ptrace, /etc/gconf/gconf.xml.defaults/ r, /etc/gconf/gconf.xml.defaults/.testing.writeability w, /etc/gconf/gconf.xml.schemas/ r, /etc/gconf/gconf.xml.schemas/** rw, /etc/gconf/schema-install-source r, /etc/gconf/schemas/**.schemas r, /etc/gconf/schemas/*.entries r, /proc/ r, /proc/*/cmdline r, /proc/*/stat r, /usr/bin/gconftool-2 mr, /usr/bin/killall ixr, /usr/lib/GConf/2/gconfd-2 Px, } over 2 years ago Import of jmichaels profiles 121 dominic Edit History
opensuse10.3 /usr/lib/GConf/2/gconf-sanity-check-2 #include <tunables/global> /usr/lib/GConf/2/gconf-sanity-check-2 { #include <abstractions/X> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> /home/*/.Xauthority r, /tmp/gconf-test-locking-file-* klrw, /usr/lib/GConf/2/gconf-sanity-check-2 mr, } over 2 years ago none 121 cinimod Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> deny capability sys_ptrace, /bin/basename rix, /bin/bash rix, /bin/grep rix, /etc/magic r, /usr/bin/file rix, /usr/lib/firefox/firefox px, /usr/share/misc/magic.mgc r, } 9 months ago 65 juan Edit History
opensuse11.0 /bin/cpio #include <tunables/global> /bin/cpio { #include <abstractions/base> } about 1 year ago 2 103 davidbo Edit History
opensuse11.0 /usr/bin/amule #include <tunables/global> /usr/bin/amule flags=(complain) { #include <abstractions/base> #include <abstractions/bash> network inet dgram, network inet stream, /bin/bash rix, /bin/uname rix, /dev/tty rw, /etc/fonts/** r, /etc/gnome-vfs-2.0/modules/ r, /etc/gnome-vfs-2.0/modules/default-modules.conf r, /etc/gnome-vfs-2.0/modules/font-method.conf r, /etc/gnome-vfs-2.0/modules/obex-module.conf r, /etc/gnome-vfs-2.0/modules/smb-module.conf r, /etc/gnome-vfs-2.0/modules/ssl-modules.conf r, /etc/gnome-vfs-2.0/modules/theme-method.conf r, /etc/gtk-2.0/gdk-pixbuf.loaders r, /etc/gtk-2.0/gtk.immodules r, /etc/gtk-2.0/gtkrc r, /etc/host.conf r, /etc/hosts r, /etc/nsswitch.conf r, /etc/opt/kde3/share/icons/ r, /etc/pango/pango.modules r, /etc/passwd r, /etc/resolv.conf r, owner /home/*/.Xauthority r, owner /home/*/.aMule/ rw, owner /home/*/.aMule/Incoming/ rw, owner /home/*/.aMule/Temp/ rw, owner /home/*/.aMule/amule.conf r, owner /home/*/.aMule/clients.met r, owner /home/*/.aMule/clients.met.BAK rw, owner /home/*/.aMule/cryptkey.dat r, owner /home/*/.aMule/emfriends.met r, owner /home/*/.aMule/ipfilter.dat r, owner /home/*/.aMule/ipfilter_static.dat r, owner /home/*/.aMule/key_index.dat r, owner /home/*/.aMule/known.met r, owner /home/*/.aMule/known2_64.met rw, owner /home/*/.aMule/last_version_check rw, owner /home/*/.aMule/lastversion rw, owner /home/*/.aMule/lastversion7nckGj rw, owner /home/*/.aMule/load_index.dat r, owner /home/*/.aMule/logfile rw, owner /home/*/.aMule/logfile.bak rw, owner /home/*/.aMule/muleLock wk, owner /home/*/.aMule/nodes.dat r, owner /home/*/.aMule/preferences.dat r, owner /home/*/.aMule/preferencesKad.dat r, owner /home/*/.aMule/server.met r, owner /home/*/.aMule/shareddir.dat r, owner /home/*/.aMule/src_index.dat r, owner /home/*/.fontconfig/2c06a42904f01c0353eb6890b1b94581-x86.cache-2 r, owner /home/*/.icons/ r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /tmp/.X11-unix/X0 w, /usr/bin/amule r, /usr/bin/bug-buddy rix, /usr/lib/** mr, /usr/share/GeoIP/GeoIP.dat r, /usr/share/X11/locale/compose.dir r, /usr/share/X11/locale/en_US.UTF-8/Compose r, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/fonts/** r, /usr/share/icons/ r, /usr/share/icons/Crux/icon-theme.cache r, /usr/share/icons/Crux/index.theme r, /usr/share/icons/DMZ/cursors/left_ptr r, /usr/share/icons/DMZ/cursors/sb_h_double_arrow r, /usr/share/icons/DMZ/cursors/sb_v_double_arrow r, /usr/share/icons/DMZ/cursors/xterm r, /usr/share/icons/gnome/icon-theme.cache r, /usr/share/icons/gnome/index.theme r, /usr/share/icons/hicolor/icon-theme.cache r, /usr/share/icons/hicolor/index.theme r, /usr/share/pixmaps/ r, /usr/share/themes/Crux/gtk-2.0/gtkrc r, /usr/share/themes/Default/gtk-2.0-key/gtkrc r, /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86.cache-2 r, /var/cache/fontconfig/2d31a572ce6667f6a0da9c8dc611898b-x86.cache-2 r, /var/cache/fontconfig/30786aca7a961ef9f9799e540455831d-x86.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2 r, /var/cache/fontconfig/5ca8086aeacc9c68e81a71e7ef846b3b-x86.cache-2 r, /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86.cache-2 r, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 r, /var/cache/fontconfig/82263fb4001171a9d4b2e27da14be10b-x86.cache-2 r, /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-x86.cache-2 r, /var/cache/fontconfig/a1c95d6dfc9a7b34f44445cf81166004-x86.cache-2 r, /var/cache/fontconfig/b6bbb9f898b73777cfe763014a8c08d3-x86.cache-2 r, /var/cache/fontconfig/c938cb1e82ff5ba1829a2dab18b1c8a9-x86.cache-2 r, /var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-x86.cache-2 r, /var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-x86.cache-2 r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, /var/run/nscd/socket w, } about 1 year ago 113 Maicoc Edit History
opensuse10.3 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability dac_override, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, /etc/php5/apache2/php.ini r, /etc/php5/conf.d/ r, /etc/php5/conf.d/bcmath.ini r, /etc/php5/conf.d/bz2.ini r, /etc/php5/conf.d/calendar.ini r, /etc/php5/conf.d/ctype.ini r, /etc/php5/conf.d/curl.ini r, /etc/php5/conf.d/dba.ini r, /etc/php5/conf.d/dbase.ini r, /etc/php5/conf.d/dom.ini r, /etc/php5/conf.d/exif.ini r, /etc/php5/conf.d/ftp.ini r, /etc/php5/conf.d/gd.ini r, /etc/php5/conf.d/gettext.ini r, /etc/php5/conf.d/gmp.ini r, /etc/php5/conf.d/hash.ini r, /etc/php5/conf.d/iconv.ini r, /etc/php5/conf.d/imap.ini r, /etc/php5/conf.d/json.ini r, /etc/php5/conf.d/mbstring.ini r, /etc/php5/conf.d/mcrypt.ini r, /etc/php5/conf.d/mhash.ini r, /etc/php5/conf.d/mysql.ini r, /etc/php5/conf.d/mysqli.ini r, /etc/php5/conf.d/openssl.ini r, /etc/php5/conf.d/pdo.ini r, /etc/php5/conf.d/pdo_mysql.ini r, /etc/php5/conf.d/pdo_sqlite.ini r, /etc/php5/conf.d/sqlite.ini r, /etc/php5/conf.d/suhosin.ini r, /etc/php5/conf.d/tidy.ini r, /etc/php5/conf.d/tokenizer.ini r, /etc/php5/conf.d/xmlreader.ini r, /etc/php5/conf.d/xmlwriter.ini r, /etc/php5/conf.d/xsl.ini r, /etc/php5/conf.d/zip.ini r, /etc/php5/conf.d/zlib.ini r, /proc/*/attr/current w, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, /usr/lib/** mr, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/mysql/libmysql*.so* mr, /usr/lib64/php/extensions/*.so mr, /usr/lib64/php4/*.so mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/python[12].[0-9]/site-packages r, /usr/lib64/qt3/lib/lib*.so* mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mixr, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index wr, /usr/share/ssl/openssl.cnf r, /var/lib/php/sess_* rwl, /var/lib/php5/session_mm_apache2handler0.sem kw, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/run/nscd/services r, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } /usr/sbin/httpd2-prefork/// flags=(complain) { #include <abstractions/nameservice> /proc/*/attr/current w, } /usr/sbin/httpd2-prefork///favicon.ico flags=(complain) { #include <abstractions/nameservice> /proc/*/attr/current w, /srv/www/htdocs/favicon.ico r, /var/log/apache2/access_log w, } /usr/sbin/httpd2-prefork///wordpress/ flags=(complain) { #include <abstractions/nameservice> /dev/urandom r, /proc/*/attr/current w, /srv/www/htdocs/wordpress/index.php r, /srv/www/htdocs/wordpress/wp-blog-header.php r, /srv/www/htdocs/wordpress/wp-includes/classes.php r, /srv/www/htdocs/wordpress/wp-includes/functions.php r, /srv/www/htdocs/wordpress/wp-includes/plugin.php r, /var/log/apache2/access_log w, } /usr/sbin/httpd2-prefork///wordpress/wp-admin/css/install.css flags=(complain) { #include <abstractions/nameservice> /srv/www/htdocs/wordpress/wp-admin/css/install.css r, /var/log/apache2/access_log w, } /usr/sbin/httpd2-prefork///wordpress/wp-admin/setup-config.php flags=(complain) { #include <abstractions/nameservice> /dev/urandom r, /proc/*/attr/current w, /srv/www/htdocs/wordpress/wp-admin/setup-config.php r, /srv/www/htdocs/wordpress/wp-config-sample.php r, /srv/www/htdocs/wordpress/wp-includes/classes.php r, /srv/www/htdocs/wordpress/wp-includes/compat.php r, /srv/www/htdocs/wordpress/wp-includes/functions.php r, /var/log/apache2/access_log w, } /usr/sbin/httpd2-prefork//DEFAULT_URI flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mixr, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } /usr/sbin/httpd2-prefork//HANDLING_UNTRUSTED_INPUT flags=(complain) { #include <abstractions/nameservice> /**.htaccess r, /proc/*/attr/current w, /var/log/apache2/* w, } about 1 year ago httpd2 138 eviled Edit History
opensuse10.3 /usr/bin/opensuse-updater-gnome-applet #include <tunables/global> /usr/bin/opensuse-updater-gnome-applet flags=(complain) { #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /home/*/.Xauthority r, /home/*/.fontconfig/* r, /home/*/.opensuse-updater-gnome rw, /proc/meminfo r, /usr/bin/bug-buddy ixr, /usr/bin/opensuse-updater-gnome-applet mr, /usr/sbin/zypp-checkpatches-wrapper Px, /usr/share/opensuse-updater-gnome/glade/*.glade r, /usr/share/opensuse-updater-gnome/images/** r, } over 2 years ago minor changes for 10.3 rc2 initial gnome launch 182 jmichael Edit History
opensuse10.3 /usr/bin/nm-applet #include <tunables/global> /usr/bin/nm-applet { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /usr/bin/bug-buddy ixr, /usr/bin/nm-applet mr, /usr/share/nm-applet/*.glade r, } over 2 years ago Import of jmichaels profiles 174 dominic Edit History
opensuse11.0 /usr/bin/dirname #include <tunables/global> /usr/bin/dirname { #include <abstractions/base> /usr/bin/dirname mr, } 11 months ago nose 90 DOLORES Edit History
ubuntu-gutsy /usr/sbin/clamd #include <tunables/global> /usr/sbin/clamd { #include <abstractions/base> #include <abstractions/user-tmp> /etc/clamav/clamd.conf r, /tmp/** klrw, /usr/sbin/clamd mr, /var/lib/clamav/ r, /var/lib/clamav/* r, /var/lib/clamav/.dbLock krw, /var/lib/clamav/daily.inc/ r, /var/lib/clamav/daily.inc/* krw, /var/log/clamav/clamav.log kw, /var/run/clamav/clamd.ctl w, /var/run/clamav/clamd.pid w, } 8 days ago 4 stive Edit History
ubuntu-gutsy /sbin/syslogd # $Id: sbin.syslogd 559 2007-04-10 23:05:33Z agruen $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/syslogd { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability dac_override, capability dac_read_search, capability setgid, capability setuid, capability sys_tty_config, /dev/log wl, /dev/tty* w, /dev/xconsole rw, /etc/group m, /etc/passwd m, /etc/syslog.conf r, /sbin/syslogd rmix, /var/lib/*/dev/log wl, /var/log/** rw, /var/run/syslogd.pid rwlk, /var/run/utmp krw, /var/spool/compaq/nic/messages_fifo rw, } about 1 year ago 84 stive Edit History
ubuntu-gutsy /usr/lib/postfix/tlsmgr # $Id: usr.lib.postfix.tlsmgr 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/tlsmgr { #include <abstractions/base> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /etc/postfix/prng_exch rw, /usr/lib/postfix/tlsmgr rmix, /var/lib/postfix/* krw, /var/run/__db.smtpd_tls_session_cache.db rw, /var/run/smtpd_tls_session_cache.db rw, /{var/spool/postfix/,}private/tlsmgr r, } about 1 year ago 86 stive Edit History
opensuse11.0 /usr/lib/opera/9.62/opera #include <tunables/global> /usr/lib/opera/9.62/opera flags=(complain) { #include <abstractions/base> } about 1 year ago 102 agelos Edit History
opensuse10.3 /bin/basename #include <tunables/global> /bin/basename { #include <abstractions/base> /bin/basename mr, } about 1 year ago firefox2 143 vojta Edit History
ubuntu-gutsy /usr/bin/monodevelop #include <tunables/global> /usr/bin/monodevelop { #include <abstractions/base> /bin/dash ix, /usr/bin/monodevelop mr, } over 2 years ago gnome 130 hbpteam Edit History
opensuse10.3 /usr/lib/cups/backend/scsi #include <tunables/global> /usr/lib/cups/backend/scsi flags=(complain) { #include <abstractions/base> /usr/lib/cups/backend/scsi mr, } over 2 years ago cups testing 159 dominic Edit History
opensuse10.3 /usr/sbin/postsuper #include <tunables/global> /usr/sbin/postsuper flags=(complain) { #include <abstractions/base> /usr/sbin/postsuper mr, } over 2 years ago changes 6 148 security Edit History
opensuse10.3 /sbin/modprobe #include <tunables/global> /sbin/modprobe { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> capability net_raw, capability sys_module, /bin/bash ixr, /bin/true ixr, /etc/modprobe.conf r, /etc/modprobe.conf.local r, /etc/modprobe.d/ r, /etc/modprobe.d/* r, /lib/modules/**.ko krw, /lib/modules/*/modules.alias r, /lib/modules/*/modules.dep r, /proc/meminfo r, /proc/modules r, /sbin/modprobe ixr, } over 2 years ago Import of jmichaels profiles 163 dominic Edit History
opensuse10.3 /usr/bin/nm-applet #include <tunables/global> /usr/bin/nm-applet { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /usr/bin/bug-buddy ixr, /usr/bin/nm-applet mr, /usr/share/nm-applet/*.glade r, } over 2 years ago none 120 cinimod Edit History
opensuse10.3 /bin/sleep #include <tunables/global> /bin/sleep { #include <abstractions/base> /bin/sleep mr, } over 2 years ago Import of jmichaels profiles 127 dominic Edit History
opensuse10.3 /usr/bin/tor #include <tunables/global> /usr/bin/tor { #include <abstractions/base> #include <abstractions/nameservice> /etc/tor/torrc r, /usr/bin/tor mr, /var/lib/tor/* rw, /var/lib/tor/*/ r, /var/lib/tor/cached-status/** rw, /var/log/tor/* a, /var/run/tor/tor.pid w, } 11 months ago 78 shimingzhou Edit History
ubuntu-gutsy /usr/lib/postfix/local # $Id: usr.lib.postfix.local 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/local { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/user-mail> #include <program-chunks/postfix-common> /bin/bash mixr, /bin/date mixr, /dev/tty rw, /etc/mailname r, /etc/postfix/lists.db r, /etc/postfix/virtual.db r, /etc/ssl/openssl.cnf r, /etc/{postfix/,}aliases.db krw, /home/*/.Maildir/** lw, /home/*/.maildir/** lw, /root/.maildir/** lw, /usr/bin/mlmmj-recieve Px, /usr/bin/procmail Px, /usr/lib/mailman/mail/mailman Px, /usr/lib/postfix/local rmix, /var/lib/amavis/.maildir/** lw, /var/lib/mailman/data/aliases.db r, /var/mailman/mail/wrapper Px, /var/spool/postfix/active/* krw, /var/www/.maildir/** lw, /{var/spool/postfix/,}active/[0-9A-F]/ rw, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rw, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rw, /{var/spool/postfix/,}pid/unix.local krw, /{var/spool/postfix/,}private/{bounce,defer,flush,lmtp,rewrite} rw, /{var/spool/postfix/,}public/{cleanup,flush} rw, } about 1 year ago 84 stive Edit History
opensuse11.0 /opt/kde3/bin/ark #include <tunables/global> /opt/kde3/bin/ark flags=(complain) { #include <abstractions/base> /opt/kde3/lib/lib*so* mr, } about 1 year ago 1 92 maku Edit History
opensuse11.0 /usr/lib/postfix/scache # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/scache { #include <abstractions/base> #include <abstractions/nameservice> #include <program-chunks/postfix-common> network stream, owner /proc/sys/kernel/ngroups_max r, /usr/lib/postfix/scache mrix, /var/run/nscd/group r, } about 1 year ago 93 cboltz-server Edit History
opensuse10.3 /sbin/route #include <tunables/global> /sbin/route { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, /proc/net/route r, /sbin/route mr, } over 2 years ago none 121 cinimod Edit History
ubuntu-gutsy /usr/lib/bonobo-activation/bonobo-activation-server #include <tunables/global> /usr/lib/bonobo-activation/bonobo-activation-server { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/bonobo-activation/*.xml r, /etc/sound/events/*.soundlist r, /home/*/.Trash/ r, /home/*/.Xauthority r, /home/*/.gnome/gnome-vfs/.trash_entry_cache rw, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /proc/*/mounts r, /proc/meminfo r, /tmp/orbit-void/bonobo-activation-register.lock klrw, /usr/lib/bonobo-activation/bonobo-activation-server mr, /usr/lib/deskbar-applet/deskbar-applet Px, /usr/lib/evolution/2.12/evolution-exchange-storage Px, /usr/lib/evolution/evolution-data-server-1.12 Px, /usr/lib/fast-user-switch-applet/fast-user-switch-applet Px, /usr/lib/gnome-applets/mixer_applet2 ixr, /usr/lib/gnome-applets/trashapplet ixr, /usr/local/share/icons/ r, /usr/share/gnome-2.0/ui/*.xml r, } over 2 years ago gnome 187 hbpteam Edit History
ubuntu-gutsy /usr/sbin/jabberd2-s2s #include <tunables/global> /usr/sbin/jabberd2-s2s flags=(complain) { #include <abstractions/base> /usr/sbin/jabberd2-s2s mr, } about 1 month ago 16 Amanda Edit History
opensuse11.0 /usr/sbin/cupsd #include <tunables/global> /usr/sbin/cupsd flags=(complain) { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/dbus> #include <abstractions/nameservice> #include <abstractions/nis> capability chown, capability dac_override, capability fowner, capability fsetid, capability kill, capability net_bind_service, capability setgid, capability setuid, owner /dev/tty a, owner /etc/cups/ r, /etc/cups/* rw, owner /etc/cups/** rw, owner /etc/hosts.allow r, owner /etc/hosts.deny r, owner /etc/krb5.conf w, /etc/krb5.conf r, owner /etc/printcap w, owner /proc/*/mounts r, /proc/meminfo r, /usr/lib64/cups/backend/socket rix, /usr/lib64/cups/backend/usb rix, /usr/lib64/cups/cgi-bin/admin.cgi rix, /usr/lib64/cups/cgi-bin/printers.cgi rix, owner /usr/lib64/cups/daemon/cups-deviced m, /usr/lib64/cups/daemon/cups-deviced rpx, /usr/lib64/cups/daemon/cups-driverd mrpx, /usr/local/Brother/Printer/mfc9840cdw/cupswrapper/brlpdwrapper_mfc9840cdw rix, owner /usr/sbin/cupsd r, /usr/share/cups/** r, owner /usr/share/doc/packages/cups/** r, /usr/share/ppd/ r, /usr/share/ppd/** r, owner /var/log/cups/** rw, owner /var/run/cups/** ra, /var/run/cups/** w, owner /var/spool/cups/** w, /var/spool/cups/** r, } 12 months ago CUPS-Grundkonfiguration 92 estellnb Edit History
opensuse11.0 /usr/bin/tcptraceroute #include <tunables/global> /usr/bin/tcptraceroute { #include <abstractions/base> #include <abstractions/nameservice> capability net_raw, capability setuid, network inet raw, network packet raw, owner /usr/bin/tcptraceroute r, } 11 months ago 82 phocean Edit History
opensuse10.3 /usr/bin/evince #include <tunables/global> /usr/bin/evince { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> capability dac_override, capability setgid, capability setuid, / r, /Archiv/ r, /Archiv/** rw, /etc/gai.conf r, /etc/ghostscript/8.15/Fontmap r, /etc/ghostscript/8.15/Fontmap.X11-auto r, /etc/ghostscript/8.15/cidfmap r, /etc/ghostscript/8.15/xlatmap r, /etc/gnome-vfs-2.0/modules/ r, /etc/mtab r, /etc/sound/events/gtk-events-2.soundlist r, /etc/xpdfrc r, /etc/xpdfrc-cjk r, /etc/xpdfrc-cjk-auto r, /etc/xpdfrc-cjk.sjis r, /home/*/ r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.bash_history r, /home/*/.bashrc r, /home/*/.beagle/socket w, /home/*/.cedegarc r, /home/*/.config/gtk-2.0/gtkfilechooser.ini rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.0S3G2T rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.66SB2T rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.9HHL1T rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.Q0VH2T rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.UPEH2T rw, /home/*/.dmrc r, /home/*/.dvipsrc r, /home/*/.emacs r, /home/*/.esd_auth r, /home/*/.exrc r, /home/*/.fontconfig/* r, /home/*/.gnome2/accels/evince rw, /home/*/.gnome2/evince/ev-metadata.xml rw, /home/*/.gnome2/evince/print-settings rw, /home/*/.gnome2/evince/print-settings.* rw, /home/*/.gnome2_private/ w, /home/*/.gpilotd.pid r, /home/*/.gtkrc-1.2-gnome2 r, /home/*/.icons/ r, /home/*/.inputrc r, /home/*/.kermrc r, /home/*/.local/share/icons/ r, /home/*/.local/share/mime/aliases r, /home/*/.local/share/mime/globs r, /home/*/.local/share/mime/magic r, /home/*/.local/share/mime/mime.cache r, /home/*/.local/share/mime/subclasses r, /home/*/.mailcap r, /home/*/.muttrc r, /home/*/.opensuse-updater-gnome r, /home/*/.profile r, /home/*/.realplayerrc r, /home/*/.recently-used r, /home/*/.recently-used.xbel rw, /home/*/.recently-used.xbel.* rw, /home/*/.urlview r, /home/*/.viminfo r, /home/*/.windows-label r, /home/*/.xcoralrc r, /home/*/.xim.template r, /home/*/.xinitrc.template r, /home/*/.xsession-errors r, /home/*/.xtalkrc r, /home/*/Desktop/ rw, /home/*/Desktop/**.pdf rw, /proc/*/mounts r, /proc/meminfo r, /root/.esd_auth r, /root/.gnome2/accels/evince rw, /root/.gnome2/evince/ w, /root/.gnome2_private/ w, /root/.local/share/mime/aliases r, /root/.local/share/mime/globs r, /root/.local/share/mime/magic r, /root/.local/share/mime/mime.cache r, /root/.local/share/mime/subclasses r, /root/.recently-used.xbel.FXVN3T rw, /root/.recently-used.xbel.WCCU3T rw, /root/.recently-used.xbel.X1XL3T rw, /root/.recently-used.xbel.XLCN3T rw, /root/.xauthQESsMm r, /usr/bin/bug-buddy ixr, /usr/bin/evince mr, /usr/bin/gs ixr, /usr/lib/** mr, /usr/share/evince/evince-toolbar.xml r, /usr/share/evince/evince-ui.xml r, /usr/share/evince/icons/ r, /usr/share/evince/icons/hicolor/** r, /usr/share/ghostscript/8.15/Resource/CMap/ r, /usr/share/ghostscript/8.15/lib/*.ps r, /usr/share/ghostscript/8.15/lib/Fontmap.GS r, /usr/share/ghostscript/8.15/lib/Fontmap.rus r, /usr/share/ghostscript/8.15/lib/cjkv/*.ps r, /usr/share/ghostscript/8.15/lib/escp_24.src r, /usr/share/locale-bundle/de/LC_MESSAGES/atk10.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/evince.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/glib20.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/gnome-vfs-2.0.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/gtk20-properties.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/gtk20.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/libbonobo-2.0.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/libgnomeui-2.0.mo r, /usr/share/mime/application/octet-stream.xml r, /usr/share/mime/application/pdf.xml r, /usr/share/mime/application/vnd.oasis.opendocument.spreadsheet.xml r, /usr/share/mime/application/vnd.oasis.opendocument.text.xml r, /usr/share/mime/application/x-compressed-tar.xml r, /usr/share/mime/application/x-deb.xml r, /usr/share/mime/application/x-mozilla-bookmarks.xml r, /usr/share/mime/application/x-shellscript.xml r, /usr/share/mime/application/x-xbel.xml r, /usr/share/mime/application/xml.xml r, /usr/share/mime/application/zip.xml r, /usr/share/mime/inode/directory.xml r, /usr/share/mime/text/plain.xml r, /usr/share/mime/text/x-csrc.xml r, /usr/share/mime/text/x-log.xml r, /usr/share/xpdf/** r, /var/cache/libx11/compose/* r, /var/run/cups/cups.sock w, /var/run/nscd/services r, } over 2 years ago 189 overwrite Edit History
opensuse10.3 /usr/bin/skype #include <tunables/global> /usr/bin/skype { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/freedesktop.org> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gai.conf r, /home/*/.Skype/ rw, /home/*/.Skype/** krw, /home/*/.config/Trolltech.conf kr, /home/*/.fontconfig/** r, /home/*/.kde/share/config/kioslaverc r, /proc/interrupts r, /usr/bin/skype mr, /usr/share/skype/** kr, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, } over 2 years ago 139 orat Edit History
opensuse10.3 /sbin/modprobe #include <tunables/global> /sbin/modprobe { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> capability net_raw, capability sys_module, /bin/bash ixr, /bin/true ixr, /etc/modprobe.conf r, /etc/modprobe.conf.local r, /etc/modprobe.d/ r, /etc/modprobe.d/* r, /lib/modules/**.ko krw, /lib/modules/*/modules.alias r, /lib/modules/*/modules.dep r, /proc/meminfo r, /proc/modules r, /sbin/modprobe ixr, } over 2 years ago none 129 cinimod Edit History
opensuse10.3 /sbin/syslog-ng # $Id$ # ------------------------------------------------------------------ # # Copyright (C) 2006 Novell/SUSE # Copyright (C) 2006 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/syslog-ng { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability chown, capability dac_override, capability fowner, capability fsetid, /dev/log w, /dev/tty10 rw, /dev/xconsole rw, /etc/syslog-ng/* r, /sbin/syslog-ng mr, /var/lib/*/dev/log w, /var/log/** w, /var/run/syslog-ng.pid w, } over 2 years ago Initial Revision 159 novell Edit History
opensuse10.3 /etc/sysconfig/network/scripts/50-ntp #include <tunables/global> /etc/sysconfig/network/scripts/50-ntp flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/init.d/ntp Px, /etc/sysconfig/network/scripts/50-ntp mr, /proc/meminfo r, /sbin/chkconfig Px, } over 2 years ago argh, switch things back to complain for a while 142 jmichael Edit History
ubuntu-gutsy /usr/bin/gtkterm #include <tunables/global> /usr/bin/gtkterm { #include <abstractions/base> /usr/bin/gtkterm mr, } over 2 years ago gnome 152 hbpteam Edit History
opensuse10.3 /bin/sleep #include <tunables/global> /bin/sleep { #include <abstractions/base> /bin/sleep mr, } over 2 years ago none 111 cinimod Edit History
opensuse10.3 /etc/apparmor/profiles/extras/usr.bin.opera #include <tunables/global> /etc/apparmor/profiles/extras/usr.bin.opera flags=(complain) { #include <abstractions/base> /etc/apparmor/profiles/extras/usr.bin.opera mr, } over 2 years ago opera 162 gs222gs Edit History
opensuse10.3 /usr/lib/cups/backend/hal #include <tunables/global> /usr/lib/cups/backend/hal flags=(complain) { #include <abstractions/base> /usr/lib/cups/backend/hal mr, } over 2 years ago cups testing 169 dominic Edit History
opensuse10.3 /sbin/route #include <tunables/global> /sbin/route { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, /proc/net/route r, /sbin/route mr, } over 2 years ago Import of jmichaels profiles 164 dominic Edit History
opensuse11.0 /usr/sbin/ypserv #include <tunables/global> /usr/sbin/ypserv flags=(complain) { #include <abstractions/base> #include <abstractions/nis> capability net_bind_service, owner /etc/ypserv.conf r, owner /var/run/ypserv.pid wk, owner /var/yp/securenets r, } about 1 month ago nis 15 oliver siebert Edit History
opensuse11.0 /usr/bin/ed2k #include <tunables/global> /usr/bin/ed2k flags=(complain) { #include <abstractions/base> } about 1 year ago ed2k 110 rmvlad Edit History
opensuse11.0 /usr/bin/amule #include <tunables/global> /usr/bin/amule flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/gnome> #include <abstractions/kde> network dgram, network stream, deny r, /bin/bash rix, /bin/uname rix, /dev/shm/ r, owner /dev/shm/* rw, /dev/tty rw, /etc/gnome-vfs-2.0/modules/ r, /etc/host.conf r, /etc/hosts r, /etc/nsswitch.conf r, /etc/passwd r, /etc/pulse/client.conf r, /etc/resolv.conf r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.aMule/* rw, owner /home/*/.aMule/Incoming/ rw, owner /home/*/.aMule/Temp/ rw, owner /home/*/.aMule/Temp/*.backup rw, owner /home/*/.aMule/Temp/*.bak rw, owner /home/*/.aMule/Temp/*.met rw, owner /home/*/.aMule/Temp/*.part rw, owner /home/*/.aMule/muleLock wk, owner /home/*/.config/totem/state.ini r, owner /home/*/.fontconfig/* r, owner /home/*/.gstreamer-0.10/registry.x86_64.bin r, owner /home/*/.icons/ r, owner /home/*/.local/share/icons/ r, owner /home/*/.pulse-cookie rwk, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/amule r, /usr/bin/bug-buddy rix, /usr/bin/gdb rix, /usr/bin/totem rix, /usr/lib/** mr, /usr/share/GeoIP/GeoIP.dat r, /usr/share/amule/skins/ r, /usr/share/amule/webserver/ r, /usr/share/locale-bundle/de/LC_MESSAGES/*.mo r, /usr/share/totem/fullscreen.ui r, /usr/share/totem/playlist.ui r, /usr/share/totem/totem.ui r, /var/cache/libx11/compose/* r, /var/run/nscd/socket w, } about 1 year ago 1 147 eet Edit History
opensuse11.0 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability dac_override, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, owner /etc/php5/apache2/php.ini r, owner /etc/php5/conf.d/ r, owner /etc/php5/conf.d/bz2.ini r, owner /etc/php5/conf.d/ctype.ini r, owner /etc/php5/conf.d/curl.ini r, owner /etc/php5/conf.d/dom.ini r, owner /etc/php5/conf.d/gd.ini r, owner /etc/php5/conf.d/hash.ini r, owner /etc/php5/conf.d/iconv.ini r, owner /etc/php5/conf.d/json.ini r, owner /etc/php5/conf.d/mbstring.ini r, owner /etc/php5/conf.d/mcrypt.ini r, owner /etc/php5/conf.d/mysql.ini r, owner /etc/php5/conf.d/mysqli.ini r, owner /etc/php5/conf.d/openssl.ini r, owner /etc/php5/conf.d/pdo.ini r, owner /etc/php5/conf.d/pdo_mysql.ini r, owner /etc/php5/conf.d/pdo_pgsql.ini r, owner /etc/php5/conf.d/pdo_sqlite.ini r, owner /etc/php5/conf.d/pgsql.ini r, owner /etc/php5/conf.d/sqlite.ini r, owner /etc/php5/conf.d/tokenizer.ini r, owner /etc/php5/conf.d/xmlreader.ini r, owner /etc/php5/conf.d/xmlwriter.ini r, owner /etc/php5/conf.d/zlib.ini r, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, owner /usr/lib/** m, owner /usr/lib/** r, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/mysql/libmysql*.so* mr, /usr/lib/php/extensions/*.so mr, /usr/lib/php4/*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib/qt3/lib/lib*.so* mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/mysql/libmysql*.so* mr, /usr/lib64/php/extensions/*.so mr, /usr/lib64/php4/*.so mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/python[12].[0-9]/site-packages r, /usr/lib64/qt3/lib/lib*.so* mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index rw, /usr/share/ssl/openssl.cnf r, /var/lib/php/sess_* rwl, owner /var/lib/php5/session_mm_apache2handler0.sem wk, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, ^DEFAULT_URI { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } ^HANDLING_UNTRUSTED_INPUT { #include <abstractions/nameservice> /**.htaccess r, /var/log/apache2/* w, } } about 1 year ago lista1-apache2 101 kellej Edit History
opensuse10.3 /usr/bin/gnome-cups-icon #include <tunables/global> /usr/bin/gnome-cups-icon { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.cups/lpoptions r, /home/*/.gnome2_private/ w, /tmp/orbit-*/bonobo-activation-register.lock klrw, /usr/bin/bug-buddy ixr, /usr/bin/gnome-cups-icon mr, /var/run/cups/cups.sock w, /var/run/nscd/services r, } over 2 years ago Import of jmichaels profiles 146 dominic Edit History
ubuntu-gutsy /usr/bin/kchmviewer #include <tunables/global> /usr/bin/kchmviewer { #include <abstractions/base> /usr/bin/kchmviewer mr, } over 2 years ago gnome 152 hbpteam Edit History
opensuse11.0 /bin/date #include <tunables/global> /bin/date { #include <abstractions/base> owner /bin/date mr, } about 1 year ago install 100 install Edit History
opensuse11.0 /usr/sbin/grub #include <tunables/global> /usr/sbin/grub flags=(complain) { #include <abstractions/base> } about 1 year ago 89 senolirmak Edit History
opensuse11.0 /usr/bin/ktorrent #include <tunables/global> /usr/bin/ktorrent flags=(complain) { #include <abstractions/base> } about 1 year ago 23Oktober2008 kontrollieren 103 marevent Edit History
opensuse10.3 usr/bin/file #include <tunables/global> profile usr/bin/file { #include <abstractions/base> /etc/magic r, /usr/bin/file mr, /usr/share/misc/magic.mgc r, } about 1 year ago test profile - please don't use 98 jjohansen Edit History
opensuse11.0 /usr/bin/test #include <tunables/global> /usr/bin/test flags=(complain) { #include <abstractions/base> } 9 months ago 80 espenbo Edit History
opensuse10.3 /sbin/syslog-ng # $Id$ # ------------------------------------------------------------------ # # Copyright (C) 2006 Novell/SUSE # Copyright (C) 2006 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/syslog-ng { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability chown, capability dac_override, capability fowner, capability fsetid, /dev/log w, /dev/tty10 rw, /dev/xconsole rw, /etc/syslog-ng/* r, /sbin/syslog-ng mr, /var/lib/*/dev/log w, /var/log/** w, /var/run/syslog-ng.pid w, } over 2 years ago none 121 cinimod Edit History
opensuse10.3 /usr/bin/top #include <tunables/global> /usr/bin/top flags=(complain) { #include <abstractions/base> /proc/ r, /proc/*/stat r, /proc/*/statm r, /proc/loadavg r, /proc/sys/kernel/pid_max r, /proc/uptime r, /usr/bin/top mr, /usr/share/terminfo/x/xterm r, /var/run/nscd/passwd r, /var/run/nscd/socket w, /var/run/utmp kr, } over 2 years ago top-log 158 Sakthivel Rajan N Edit History
opensuse10.3 /usr/bin/evince #include <tunables/global> /usr/bin/evince { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/mtab r, /etc/sound/events/gtk-events-2.soundlist r, /etc/xpdfrc r, /etc/xpdfrc-cjk r, /etc/xpdfrc-cjk-auto r, /etc/xpdfrc-cjk.sjis r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2/accels/evince rw, /home/*/.gnome2/evince/ev-metadata.xml rw, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /home/*/.recently-used.xbel rw, /home/*/.recently-used.xbel.* rw, /home/*/Desktop/**.pdf r, /proc/meminfo r, /usr/bin/evince mr, /usr/share/evince/evince-toolbar.xml r, /usr/share/evince/evince-ui.xml r, /usr/share/evince/icons/ r, /usr/share/evince/icons/hicolor/** r, /usr/share/xpdf/** r, /var/cache/libx11/compose/* r, } over 2 years ago Import of jmichaels profiles 157 dominic Edit History
opensuse10.3 /usr/bin/gnome-power-manager #include <tunables/global> /usr/bin/gnome-power-manager { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2/gnome-power-manager/ w, /home/*/.gnome2/gnome-power-manager/* rw, /home/*/.gnome2_private/ w, /home/*/.gstreamer-0.10/registry.i686.xml rw, /home/*/.gstreamer-0.10/registry.i686.xml.tmp* rw, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /proc/stat r, /usr/bin/bug-buddy ixr, /usr/bin/gnome-power-manager mr, /usr/lib/nautilus-cd-burner/mapping-daemon Px, /usr/share/gnome-power-manager/*.glade r, /usr/share/gnome-power-manager/icons/ r, /usr/share/gnome-power-manager/icons/** r, } over 2 years ago none 126 cinimod Edit History
opensuse10.3 /usr/bin/gnome-cups-icon #include <tunables/global> /usr/bin/gnome-cups-icon { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.cups/lpoptions r, /home/*/.gnome2_private/ w, /tmp/orbit-*/bonobo-activation-register.lock klrw, /usr/bin/bug-buddy ixr, /usr/bin/gnome-cups-icon mr, /var/run/cups/cups.sock w, /var/run/nscd/services r, } over 2 years ago none 124 cinimod Edit History
opensuse10.3 /usr/lib/nautilus-cd-burner/mapping-daemon #include <tunables/global> /usr/lib/nautilus-cd-burner/mapping-daemon flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /tmp/mapping-* w, /tmp/virtual-*/ w, /usr/lib/nautilus-cd-burner/mapping-daemon mr, } over 2 years ago argh, switch things back to complain for a while 158 jmichael Edit History
opensuse10.3 /usr/sbin/saslauthd #include <tunables/global> /usr/sbin/saslauthd { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, /etc/saslauthd.conf r, /usr/sbin/saslauthd mr, /var/run/sasl2/* krw, } over 2 years ago 134 jco Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } 10 months ago 24032009 68 rollo Edit History
opensuse11.0 /usr/bin/dirname #include <tunables/global> /usr/bin/dirname { #include <abstractions/base> /usr/bin/dirname mr, } 11 months ago pruebaperf 94 prueba Edit History
ubuntu-gutsy /usr/lib/postfix/discard # $Id: usr.lib.postfix.discard 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/discard { #include <abstractions/base> /usr/lib/postfix/discard rmix, } about 1 year ago 95 stive Edit History
opensuse11.0 /usr/lib/thunderbird/thunderbird #include <tunables/global> /usr/lib/thunderbird/thunderbird { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 1 106 maku Edit History
opensuse10.3 /usr/lib/AntiVir/antivir-gui #include <tunables/global> /usr/lib/AntiVir/antivir-gui { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/lib/AntiVir/antivir-gui mr, } over 2 years ago ChangeLog 125 tdanisi Edit History
ubuntu-gutsy /usr/sbin/jabberd2-sm #include <tunables/global> /usr/sbin/jabberd2-sm flags=(complain) { #include <abstractions/base> /usr/sbin/jabberd2-sm mr, } over 2 years ago 135 igoriii Edit History
opensuse10.3 /usr/sbin/iwconfig #include <tunables/global> /usr/sbin/iwconfig flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, /proc/net/dev r, /usr/sbin/iwconfig mr, } over 2 years ago argh, switch things back to complain for a while 145 jmichael Edit History
opensuse11.0 /bin/basename #include <tunables/global> /bin/basename { deny /dev/urandom r, deny /etc/ld.so.cache r, /bin/basename mr, /lib/ld-*.so mrcx, /lib/libc-2.8.so mr, /usr/lib/gconv/gconv-modules.cache r, /usr/lib/locale/** r, /usr/share/locale/locale.alias r, profile /lib/ld-2.8.so { } } 10 months ago 79 philodoxia Edit History
opensuse10.3 /sbin/ifconfig #include <tunables/global> /sbin/ifconfig flags=(complain) { #include <abstractions/base> /sbin/ifconfig mr, } about 1 year ago 121 AnThraxII Edit History
opensuse10.3 /usr/sbin/zypp-checkpatches-wrapper #include <tunables/global> /usr/sbin/zypp-checkpatches-wrapper flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, /usr/bin/zypper Px, /usr/sbin/zypp-checkpatches-wrapper mr, } over 2 years ago few extra changes 133 jmichael Edit History
ubuntu-gutsy /usr/bin/cddb-slave2-properties #include <tunables/global> /usr/bin/cddb-slave2-properties { #include <abstractions/base> /usr/bin/cddb-slave2-properties mr, } over 2 years ago gnome 133 hbpteam Edit History
opensuse10.3 /usr/bin/evince #include <tunables/global> /usr/bin/evince { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/mtab r, /etc/sound/events/gtk-events-2.soundlist r, /etc/xpdfrc r, /etc/xpdfrc-cjk r, /etc/xpdfrc-cjk-auto r, /etc/xpdfrc-cjk.sjis r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2/accels/evince rw, /home/*/.gnome2/evince/ev-metadata.xml rw, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /home/*/.recently-used.xbel rw, /home/*/.recently-used.xbel.* rw, /home/*/Desktop/**.pdf r, /proc/meminfo r, /usr/bin/evince mr, /usr/share/evince/evince-toolbar.xml r, /usr/share/evince/evince-ui.xml r, /usr/share/evince/icons/ r, /usr/share/evince/icons/hicolor/** r, /usr/share/xpdf/** r, /var/cache/libx11/compose/* r, } over 2 years ago none 119 cinimod Edit History
opensuse10.3 /usr/bin/gnome-power-manager #include <tunables/global> /usr/bin/gnome-power-manager { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2/gnome-power-manager/ w, /home/*/.gnome2/gnome-power-manager/* rw, /home/*/.gnome2_private/ w, /home/*/.gstreamer-0.10/registry.i686.xml rw, /home/*/.gstreamer-0.10/registry.i686.xml.tmp* rw, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /proc/stat r, /usr/bin/bug-buddy ixr, /usr/bin/gnome-power-manager mr, /usr/lib/nautilus-cd-burner/mapping-daemon Px, /usr/share/gnome-power-manager/*.glade r, /usr/share/gnome-power-manager/icons/ r, /usr/share/gnome-power-manager/icons/** r, } over 2 years ago Import of jmichaels profiles 162 dominic Edit History
opensuse11.0 /etc/init.d/apache2 #include <tunables/global> /etc/init.d/apache2 flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, ^DEFAULT_URI { } ^HANDLING_UNTRUSTED_INPUT { } } 11 months ago apache_clog 78 Charles Fuller Edit History
opensuse10.3 /usr/lib/firefox/firefox-bin #include <tunables/global> /usr/lib/firefox/firefox-bin { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /bin/bash ix, /bin/grep ixr, /bin/netstat Px, /bin/ps Px, /etc/gai.conf r, /etc/gconf/2/path r, /etc/gconf/gconf.xml.defaults/ r, /etc/gconf/gconf.xml.mandatory/ r, /etc/gconf/gconf.xml.schemas/ r, /etc/gconf/gconf.xml.schemas/desktop/ r, /etc/gconf/gconf.xml.schemas/desktop/gnome/ r, /etc/gconf/gconf.xml.schemas/desktop/gnome/interface/%gconf.xml r, /etc/gconf/gconf.xml.schemas/desktop/gnome/sound/%gconf.xml r, /etc/gconf/gconf.xml.schemas/schemas/ r, /etc/gconf/gconf.xml.schemas/schemas/desktop/ r, /etc/gconf/gconf.xml.schemas/schemas/desktop/gnome/ r, /etc/gconf/gconf.xml.schemas/schemas/desktop/gnome/interface/%gconf.xml r, /etc/gconf/gconf.xml.schemas/schemas/desktop/gnome/sound/%gconf.xml r, /etc/gnome-vfs-2.0/modules/ r, /etc/mailcap r, /etc/mime.types r, /etc/mtab r, /etc/opt/kde3/share/applications/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/*.conf r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.adobe/Flash_Player/** r, /home/*/.beagle/ToIndex/* rw, /home/*/.beagle/socket w, /home/*/.bookmarks.html rw, /home/*/.config/*.gtk-icons rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.* rw, /home/*/.config/qtcurve.gtk-colors rw, /home/*/.config/qtcurvestylerc r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gconf/ r, /home/*/.gconf/*.writeability w, /home/*/.gconfd/saved_state rw, /home/*/.gconfd/saved_state.orig w, /home/*/.gconfd/saved_state.tmp rw, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.kde/share/config/gtkrc-2.0 r, /home/*/.kde/share/config/kdeglobals r, /home/*/.local/share/applications/ r, /home/*/.local/share/applications/*.desktop r, /home/*/.local/share/applications/defaults.list r, /home/*/.local/share/applications/mimeinfo.cache r, /home/*/.local/share/icons/ r, /home/*/.macromedia/Flash_Player/** r, /home/*/.mailcap r, /home/*/.mozilla/firefox/** krw, /home/*/.mozilla/plugins/ r, /home/*/.mozilla/plugins/libflashplayer.so mr, /home/*/.qt/qtrc r, /home/*/.recently-used.xbel r, /home/*/Desktop/ r, /home/*/Desktop/** rw, /home/*/Documents/** rw, /opt/kde3/bin/gwenview Px, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/kde/*.desktop r, /opt/kde3/share/applications/mimeinfo.cache r, /proc/*/cmdline r, /proc/*/maps r, /proc/cpuinfo r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /tmp/** klrw, /usr/bin/acroread Px, /usr/bin/eog Px, /usr/bin/evince Px, /usr/bin/file-roller Px, /usr/bin/gimp-remote-2.2 Px, /usr/bin/gvim-normal ixr, /usr/bin/mplayer Px, /usr/bin/oowriter ixr, /usr/lib/** mr, /usr/lib/GConf/2/gconfd-2 ixr, /usr/lib/firefox/firefox-bin ixr, /usr/lib/firefox/firefox.sh Px, /usr/share/applications/ r, /usr/share/applications/*.desktop r, /usr/share/applications/mimeinfo.cache r, /usr/share/dist/icons/suse-help.svg r, /usr/share/gdm/applications/ r, /usr/share/locale-bundle/cs/LC_MESSAGES/GConf2.mo r, /usr/share/locale-bundle/cs/LC_MESSAGES/glib20.mo r, /usr/share/locale-bundle/cs/LC_MESSAGES/libbonobo-2.0.mo r, /usr/share/locale-bundle/cs/LC_MESSAGES/libgnome-2.0.mo r, /usr/share/mime/**.xml r, /var/cache/gnome-vfs/defaults.list r, /var/cache/libx11/compose/* r, } about 1 year ago firefox 105 vojta Edit History
opensuse11.0 /usr/lib64/amanda/amidxtaped #include <tunables/global> /usr/lib64/amanda/amidxtaped { #include <abstractions/base> } 8 months ago 61 shimingzhou Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> audit network stream, /bin/basename rcx, /bin/bash rix, /bin/grep rix, /etc/gnome-vfs-2.0/modules/ r, /etc/gre.d/ r, /etc/gre.d/* r, /etc/mailcap r, /etc/mime.types r, /etc/opt/kde3/**/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.adobe/Flash_Player/*/ r, owner /home/*/.config/Trolltech.conf r, owner /home/*/.config/qtcurve.gtk-colors rw, owner /home/*/.config/qtcurve.gtk-icons rw, owner /home/*/.config/qtcurvestylerc r, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.kde/share/config/gtkrc-2.0 r, owner /home/*/.kde/share/config/kdeglobals r, owner /home/*/.kde4/share/config/gtkrc-2.0 r, owner /home/*/.local/share/applications/ r, owner /home/*/.local/share/mime/mime.cache r, owner /home/*/.macromedia/Flash_Player/** r, owner /home/*/.mozilla/extensions/*/ r, owner /home/*/.mozilla/firefox/** rwk, owner /home/*/.qt/qtrc r, owner /home/*/Documents/.etc/mozilla/extensions/*/ r, owner /home/*/Documents/.etc/mozilla/extensions/\{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}/ r, owner /home/*/Documents/.etc/mozilla/firefox/* r, owner /home/*/Documents/.etc/mozilla/firefox/*/ r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/* rwk, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/*/ rw, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/Cache.Trash/*/ w, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/Cache.Trash/Trash/*/ w, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/Cache/* rw, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/adblockplus/* r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/chrome/* r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/extensions/** r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/gm_scripts/* r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/searchplugins/* rw, owner /home/*/downloads/ w, owner /home/draglor/Documents/Temp/ w, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/kde/ark.desktop r, /opt/kde3/share/applications/mimeinfo.cache r, owner /proc/*/cmdline r, owner /proc/*/maps r, /proc/cpuinfo r, /proc/meminfo r, /usr/bin/file rcx, /usr/lib/firefox/firefox mrpx, /usr/lib/firefox/firefox.sh rix, /usr/share/applications/ r, /usr/share/applications/mimeinfo.cache r, /usr/share/locale-bundle/de/LC_MESSAGES/* r, /usr/share/locale-bundle/ru/LC_MESSAGES/* r, /usr/share/mime/application/x-bzip.xml r, /usr/share/mozilla/extensions/*/ r, /var/cache/gio-2.0/defaults.list r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, profile /bin/basename { #include <abstractions/base> /bin/basename mr, } profile /usr/bin/file { #include <abstractions/base> /etc/magic r, /usr/bin/file mr, /usr/share/misc/magic.mgc r, } } about 1 year ago Firefox aktualisiertes Profil 99 amat17t Edit History
opensuse10.3 /bin/ping # $Id: bin.ping 935 2007-08-20 01:28:20Z DominicReynolds_ $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /bin/ping { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability net_raw, capability setuid, network inet raw, /bin/ping mixr, /etc/modules.conf r, /var/run/avahi-daemon/socket w, } over 2 years ago none 126 cinimod Edit History
opensuse10.3 /usr/bin/knotify4 #include <tunables/global> /usr/bin/knotify4 { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/kde> #include <abstractions/nameservice> /etc/kde4/* r, /home/*/.Xauthority r, /home/*/.config/Trolltech.conf kr, /home/*/.fontconfig/* r, /home/*/.fonts.conf r, /home/*/.kde4/cache-*/** lrw, /home/*/.kde4/share/apps/kde/ w, /home/*/.kde4/share/apps/kwin/ w, /home/*/.kde4/share/config/ w, /home/*/.kde4/share/config/* r, /home/*/.kde4/share/config/*new rw, /home/*/.kde4/share/config/*rc rw, /home/*/.kde4/share/config/*rc.lock lrw, /home/*/.kde4/share/config/*rc.lock.* rw, /home/*/.xine/catalog.cache rw, /proc/cpuinfo r, /proc/meminfo r, /usr/bin/knotify4 mr, /usr/lib/kde4/*.so mr, /usr/lib/kde4/libexec/drkonqi Px, /usr/lib/kde4/plugins/**.so mr, /usr/lib/xine/plugins/**.so mr, /usr/share/kde4/apps/** r, /usr/share/xine/libxine1/fonts/ r, } over 2 years ago kde4 rc2 tests 141 dominic Edit History
opensuse10.3 /usr/local/bin/tor #include <tunables/global> /usr/local/bin/tor { #include <abstractions/base> /usr/local/bin/tor mr, } over 2 years ago changes-3 131 security Edit History
ubuntu-gutsy /usr/bin/dspam #include <tunables/global> /usr/bin/dspam { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability dac_override, capability net_bind_service, /etc/dspam/* r, /etc/dspam/dspam.d/ r, /usr/bin/dspam mr, /var/lib/amavis/tmp/** r, /var/run/dspam/dspam.pid w, } about 1 year ago 87 stive Edit History
opensuse10.3 /bin/netstat # $Id: bin.netstat 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # evolution, amongst other things, calls this program. I didn't want to # give evolution access to significant chunks of /proc # #include <tunables/global> /bin/netstat { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability dac_override, capability dac_read_search, /bin/netstat rmix, /etc/networks r, @{PROC} r, @{PROC}/[0-9]*/cmdline r, @{PROC}/[0-9]*/fd r, @{PROC}/net r, @{PROC}/net/* r, } over 2 years ago 20071015 128 davepl Edit History
opensuse10.3 /usr/bin/smbspool #include <tunables/global> /usr/bin/smbspool flags=(complain) { #include <abstractions/base> /usr/bin/smbspool mr, } over 2 years ago cups testing 228 dominic Edit History
ubuntu-gutsy /usr/bin/Xorg #include <tunables/global> /usr/bin/Xorg { #include <abstractions/base> #include <abstractions/nvidia> #include <abstractions/user-tmp> capability dac_override, capability ipc_owner, capability setgid, capability setuid, capability sys_admin, capability sys_rawio, capability sys_tty_config, /bin/dash Px, /dev/input/mice rw, /dev/mem r, /dev/tty0 w, /dev/tty7 rw, /etc/X11/xorg.conf r, /etc/X11/xserver/SecurityPolicy r, /home/*/.gnome2/share/cursor-fonts/fonts.dir r, /home/void/.gnome2/share/fonts/** r, /proc/bus/pci/00/00.0 r, /proc/bus/pci/00/01.0 r, /proc/bus/pci/00/01.1 r, /proc/bus/pci/00/02.0 r, /proc/bus/pci/00/02.1 r, /proc/bus/pci/00/02.2 r, /proc/bus/pci/00/05.0 r, /proc/bus/pci/00/06.0 r, /proc/bus/pci/00/08.0 r, /proc/bus/pci/00/0a.0 r, /proc/bus/pci/00/0b.0 rw, /proc/bus/pci/00/0e.0 r, /proc/bus/pci/00/18.0 r, /proc/bus/pci/00/18.1 r, /proc/bus/pci/00/18.2 r, /proc/bus/pci/00/18.3 r, /proc/bus/pci/01/00.0 rw, /proc/bus/pci/02/08.0 r, /proc/bus/pci/02/08.1 r, /proc/bus/pci/02/0a.0 r, /proc/driver/nvidia/registry r, /proc/meminfo r, /proc/modules r, /sys/bus/pci/devices/ r, /sys/devices/pci0000:00/0000:00:00.0/resource r, /sys/devices/pci0000:00/0000:00:01.0/resource r, /sys/devices/pci0000:00/0000:00:01.1/resource r, /sys/devices/pci0000:00/0000:00:02.0/resource r, /sys/devices/pci0000:00/0000:00:02.1/resource r, /sys/devices/pci0000:00/0000:00:02.2/resource r, /sys/devices/pci0000:00/0000:00:05.0/resource r, /sys/devices/pci0000:00/0000:00:06.0/resource r, /sys/devices/pci0000:00/0000:00:08.0/resource r, /sys/devices/pci0000:00/0000:00:0a.0/resource r, /sys/devices/pci0000:00/0000:00:0b.0/0000:01:00.0/resource r, /sys/devices/pci0000:00/0000:00:0b.0/resource r, /sys/devices/pci0000:00/0000:00:0e.0/0000:02:08.0/resource r, /sys/devices/pci0000:00/0000:00:0e.0/0000:02:08.1/resource r, /sys/devices/pci0000:00/0000:00:0e.0/0000:02:0a.0/resource r, /sys/devices/pci0000:00/0000:00:0e.0/resource r, /sys/devices/pci0000:00/0000:00:18.0/resource r, /sys/devices/pci0000:00/0000:00:18.1/resource r, /sys/devices/pci0000:00/0000:00:18.2/resource r, /sys/devices/pci0000:00/0000:00:18.3/resource r, /usr/bin/Xorg mr, /usr/lib/** mr, /usr/share/X11/xkb/rules/base r, /usr/share/fonts/** r, /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType/fonts.alias r, /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType/fonts.dir r, /var/lib/gdm/:0.Xauth r, /var/lib/xkb/server-0.xkm rw, /var/log/Xorg.0.log rw, /var/log/Xorg.0.log.old w, /var/run/acpid.socket w, } over 2 years ago gnome 136 hbpteam Edit History
opensuse11.0 /usr/bin/file #include <tunables/global> /usr/bin/file { #include <abstractions/base> } 5 months ago 35 osmo Edit History
opensuse11.0 /usr/sbin/sshd # $Id: usr.sbin.sshd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # will need to revalidate this profile once we finish re-architecting # the change_hat patch. # #include <tunables/global> /usr/sbin/sshd { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability fowner, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_tty_config, /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/environment r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/modules.conf r, /etc/motd r, /etc/ssh/* r, /etc/ssh/moduli r, /sbin/nologin Ux, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, /usr/sbin/sshd mrix, owner /var/db/nscd/* r, owner /var/log/wtmp k, /var/log/wtmp w, /var/run w, /var/run/sshd{,.init}.pid wl, owner /var/run/utmp k, /var/run/utmp rw, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/loginuid w, @{PROC}/[0-9]*/mounts r, ^AUTHENTICATED { #include <abstractions/authentication> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability setgid, capability setuid, capability sys_tty_config, /dev/log w, /dev/ptmx rw, /etc/default/passwd r, /etc/localtime r, /etc/login.defs r, /etc/motd r, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, } ^EXEC { #include <abstractions/base> /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /sbin/nologin Ux, } ^PRIVSEP { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, capability sys_chroot, } ^PRIVSEP_MONITOR { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability setgid, capability setuid, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ssh/moduli r, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/mounts r, } } 6 months ago 39 shimingzhou Edit History
opensuse11.0 /usr/sbin/sshd # $Id: usr.sbin.sshd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # will need to revalidate this profile once we finish re-architecting # the change_hat patch. # #include <tunables/global> /usr/sbin/sshd flags=(complain) { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability audit_control, capability chown, capability fowner, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_ptrace, capability sys_tty_config, /bin/ash Ux, /bin/bash rUx, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/environment r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/modules.conf r, /etc/motd r, /etc/ssh/* r, /etc/ssh/moduli r, /sbin/nologin Ux, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, /usr/sbin/sshd mrix, /var/run w, /var/run/sshd{,.init}.pid wl, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/loginuid w, @{PROC}/[0-9]*/mounts r, @{PROC}/filesystems r, ^AUTHENTICATED flags=(complain) { #include <abstractions/authentication> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability setgid, capability setuid, capability sys_tty_config, /dev/log w, /dev/ptmx rw, /etc/default/passwd r, /etc/localtime r, /etc/login.defs r, /etc/motd r, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, } ^EXEC flags=(complain) { #include <abstractions/base> /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /sbin/nologin Ux, } ^PRIVSEP flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, capability sys_chroot, } ^PRIVSEP_MONITOR flags=(complain) { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability setgid, capability setuid, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ssh/moduli r, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/mounts r, } } 9 months ago test 72 KarlisBidins Edit History
opensuse11.0 /usr/sbin/smbd # $Id: usr.sbin.smbd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/smbd { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> capability dac_override, capability dac_read_search, capability net_bind_service, capability setgid, capability setuid, capability sys_resource, /etc/cups/client.conf r, /etc/samba/dhcp.conf r, audit owner /etc/samba/secrets.tdb rwk, /etc/samba/smb.conf r, owner /etc/samba/smbpasswd rwk, owner /srv/dev/ r, owner /srv/shared/ r, /tmp rw, /usr/lib/samba/lowcase.dat r, /usr/lib/samba/upcase.dat r, /usr/lib/samba/valid.dat r, /usr/sbin/smbd r, /var/lib/samba/** rwk, owner /var/log/samba/cores/smbd/ w, /var/log/samba/log.smbd w, owner /var/run/cups/cups.sock w, owner /var/run/samba/smbd.pid wk, /var/tmp rw, /var/tmp/** rwl, @{HOMEDIRS} rwl, @{HOME}/** rwl, @{PROC}/[0-9]*/mounts r, } about 1 year ago fix 90 octo Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> network stream, /bin/basename rcx, /bin/bash rix, /bin/grep rix, /etc/gnome-vfs-2.0/modules/ r, /etc/gre.d/ r, /etc/gre.d/* r, /etc/mailcap r, /etc/mime.types r, /etc/opt/kde3/**/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.config/Trolltech.conf r, owner /home/*/.config/qtcurve.gtk-colors rw, owner /home/*/.config/qtcurve.gtk-icons rw, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.kde/share/config/kdeglobals r, owner /home/*/.kde4/share/config/gtkrc-2.0 r, owner /home/*/.local/share/applications/ r, owner /home/*/.local/share/mime/mime.cache r, owner /home/*/Documents/.etc/mozilla/extensions/*/ r, owner /home/*/Documents/.etc/mozilla/extensions/\{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}/ r, owner /home/*/Documents/.etc/mozilla/firefox/* r, owner /home/*/Documents/.etc/mozilla/firefox/*/ r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/* rwk, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/*/ rw, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/Cache.Trash/*/ w, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/Cache.Trash/Trash/*/ w, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/Cache/* rw, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/adblockplus/* r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/chrome/* r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/extensions/** r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/gm_scripts/* r, owner /home/*/Documents/.etc/mozilla/firefox/uz6cq9af.default/searchplugins/* rw, owner /home/draglor/Documents/Temp/ w, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/mimeinfo.cache r, owner /proc/*/cmdline r, /proc/meminfo r, /usr/bin/file rcx, /usr/lib/firefox/firefox mrpx, /usr/lib/firefox/firefox.sh rix, /usr/share/applications/ r, /usr/share/applications/mimeinfo.cache r, /usr/share/locale-bundle/de/LC_MESSAGES/* r, /usr/share/mozilla/extensions/*/ r, /var/cache/gio-2.0/defaults.list r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, profile /bin/basename { #include <abstractions/base> /bin/basename mr, } profile /usr/bin/file { #include <abstractions/base> /etc/magic r, /usr/bin/file mr, /usr/share/misc/magic.mgc r, } } about 1 year ago 96 Michi8383 Edit History
opensuse10.3 /usr/sbin/amavisd #include <tunables/global> /usr/sbin/amavisd { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/perl> capability dac_override, capability dac_read_search, /etc/amavisd.conf r, /etc/amavisd/templates.d/** r, /usr/bin/perl ix, /usr/sbin/amavisd mr, /var/spool/amavis/amavisd.pid r, } about 1 year ago 124 arclyde Edit History
opensuse10.3 /etc/sysconfig/network/scripts/dhcpcd-hook-samba #include <tunables/global> /etc/sysconfig/network/scripts/dhcpcd-hook-samba { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /bin/gawk ixr, /etc/sysconfig/network/* r, /etc/sysconfig/network/scripts/dhcpcd-hook-samba mr, /etc/sysconfig/network/scripts/dhcpcd-hook-samba-functions r, /proc/meminfo r, /var/lib/dhcp/dhclient-*.leases r, } over 2 years ago more kde4 testing 112 dominic Edit History
opensuse10.3 /usr/lib/cyrus/bin/idled #include <tunables/global> /usr/lib/cyrus/bin/idled { #include <abstractions/base> /etc/imapd.* r, /mnt/mail/config/** rw, /usr/lib/cyrus/bin/idled mr, /var/lib/imap/* rw, /var/lib/imap/** w, /var/lib/imap/db/* rw, } about 1 year ago 120 arclyde Edit History
opensuse10.3 /usr/lib/cups/backend/ipp #include <tunables/global> /usr/lib/cups/backend/ipp flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> network inet dgram, /usr/lib/cups/backend/ipp mr, /var/run/avahi-daemon/socket w, /var/spool/cups/* r, } over 2 years ago Testing printing use cases 174 dominic Edit History
opensuse11.0 /usr/bin/skanlite #include <tunables/global> /usr/bin/skanlite flags=(complain) { #include <abstractions/base> } 4 months ago 45 gem4 Edit History
opensuse11.0 /usr/bin/wine #include <tunables/global> /usr/bin/wine flags=(complain) { #include <abstractions/base> } 11 months ago add wine 101 kooleaf Edit History
opensuse11.0 /usr/lib/opera/9.62/opera #include <tunables/global> /usr/lib/opera/9.62/opera flags=(complain) { #include <abstractions/base> #include <abstractions/bash> network dgram, network inet dgram, network inet stream, network inet6 stream, network stream, deny owner /home/maku/.opera/cache4/opr00479 w, deny owner /home/maku/.opera/cache4/opr0048J a, deny owner /home/maku/.opera/cache4/opr0048K a, deny owner /home/maku/.opera/cache4/opr0048L a, deny owner /home/maku/.opera/cache4/opr0048M a, deny owner /home/maku/.opera/cache4/opr0048N a, deny owner /home/maku/.opera/cache4/opr0048O a, deny owner /home/maku/.opera/cache4/opr0048P a, deny owner /home/maku/.opera/cache4/opr0048Q a, deny owner /home/maku/.opera/cache4/opr0048R a, deny owner /home/maku/.opera/cache4/opr0048S a, deny owner /home/maku/.opera/cache4/opr0048T a, deny owner /home/maku/.opera/cache4/opr0048U a, deny owner /home/maku/.opera/cache4/opr0048V a, deny owner /home/maku/.opera/cache4/opr0048W a, deny owner /home/maku/.opera/cache4/opr0048X a, deny owner /home/maku/.opera/cache4/opr0048Y a, deny owner /home/maku/.opera/cache4/opr0048Z a, deny owner /home/maku/.opera/cache4/opr00490 a, deny owner /home/maku/.opera/cache4/opr00491 a, deny owner /home/maku/.opera/cache4/opr00492 a, deny owner /home/maku/.opera/cache4/opr00493 a, deny owner /home/maku/.opera/cache4/opr00494 a, deny owner /home/maku/.opera/cache4/opr00495 a, deny owner /home/maku/.opera/cache4/opr00496 a, deny owner /home/maku/.opera/cache4/opr00497 a, deny owner /home/maku/.opera/cache4/opr00498 a, deny owner /home/maku/.opera/cache4/opr00499 a, deny owner /home/maku/.opera/cache4/opr0049A a, deny owner /home/maku/.opera/cache4/opr0049B a, deny owner /home/maku/.opera/cache4/opr0049C a, deny owner /home/maku/.opera/cache4/opr0049D a, deny owner /home/maku/.opera/cache4/opr0049E a, deny owner /home/maku/.opera/cache4/opr0049F a, deny owner /home/maku/.opera/cache4/opr0049G a, deny owner /home/maku/.opera/cache4/opr0049H a, deny owner /home/maku/.opera/cache4/opr0049I a, deny owner /home/maku/.opera/cache4/opr0049J a, deny owner /home/maku/.opera/cache4/opr0049K a, deny owner /home/maku/.opera/cache4/opr0049L a, deny owner /home/maku/.opera/cache4/opr0049M a, deny owner /home/maku/.opera/cache4/opr0049N a, deny owner /home/maku/.opera/cache4/opr0049O a, deny owner /home/maku/.opera/cache4/opr0049P a, deny owner /home/maku/.opera/cache4/opr0049Q a, deny owner /home/maku/.opera/cache4/revocation/oprc9nt5z a, deny owner /home/maku/.opera/images/www.f-prot.com.idx r, deny owner /home/maku/.opera/images/www.google.com.idx r, deny owner /home/maku/.opera/opr9s77ak a, deny owner /home/maku/.opera/oprand.dat w, deny owner /home/maku/.opera/opssl6.dat w, deny owner /home/maku/.opera/typed_history.xml w, deny owner /home/maku/.opera/vps/0004/wb.vx-j a, deny /usr/share/opera/styles/error.css r, /bin/gunzip rix, /etc/X11/kstylerc r, /etc/X11/qt_plugins_3.3rc r, /etc/X11/qtrc r, /etc/fonts/** r, /etc/group r, /etc/host.conf r, /etc/hosts r, /etc/mailcap rk, /etc/nsswitch.conf r, /etc/opera6rc rk, /etc/opera6rc.fixed rk, /etc/opt/kde3/share/applications/mimeinfo.cache rk, /etc/opt/kde3/share/icons/ r, /etc/passwd r, /etc/resolv.conf r, owner /home/*/ rw, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.fontconfig/a8d626dfaa99cb0ebf0eba05ac19f7aa-x86.cache-2 r, owner /home/*/.kde/share/config/kcmnspluginrc rwk, owner /home/*/.opera/ rw, owner /home/*/.opera/browser.js rk, owner /home/*/.opera/cache4/ r, owner /home/*/.opera/cache4/dcache4.url rwk, owner /home/*/.opera/cache4/opr0043W rk, owner /home/*/.opera/cache4/opr0046R rk, owner /home/*/.opera/cache4/opr0046S rk, owner /home/*/.opera/cache4/opr0046T rk, owner /home/*/.opera/cache4/opr0046U rk, owner /home/*/.opera/cache4/opr0046W rk, owner /home/*/.opera/cache4/opr0046Z rk, owner /home/*/.opera/cache4/opr00470 rk, owner /home/*/.opera/cache4/opr00471 rk, owner /home/*/.opera/cache4/opr00474 rk, owner /home/*/.opera/cache4/opr00475 rk, owner /home/*/.opera/cache4/opr00476 rk, owner /home/*/.opera/cache4/opr00478 rk, owner /home/*/.opera/cache4/opr00479 rk, owner /home/*/.opera/cache4/opr0047A rk, owner /home/*/.opera/cache4/opr0047C rk, owner /home/*/.opera/cache4/opr0047D rk, owner /home/*/.opera/cache4/opr0047E rk, owner /home/*/.opera/cache4/opr0047J rk, owner /home/*/.opera/cache4/opr0047K rk, owner /home/*/.opera/cache4/opr0047L rk, owner /home/*/.opera/cache4/opr0047M rk, owner /home/*/.opera/cache4/opr0047N rk, owner /home/*/.opera/cache4/opr0047O rk, owner /home/*/.opera/cache4/opr0047P rk, owner /home/*/.opera/cache4/opr0047Q rk, owner /home/*/.opera/cache4/opr0047S rk, owner /home/*/.opera/cache4/opr0047W rk, owner /home/*/.opera/cache4/opr00483 w, owner /home/*/.opera/cache4/opr00485 w, owner /home/*/.opera/cache4/opr00487 rk, owner /home/*/.opera/cache4/opr0048A wk, owner /home/*/.opera/cache4/opr0048B wk, owner /home/*/.opera/cache4/opr0048D wk, owner /home/*/.opera/cache4/opr0048E rwk, owner /home/*/.opera/cache4/opr0048F wk, owner /home/*/.opera/cache4/opr0048G rwk, owner /home/*/.opera/cache4/opr0048H rwk, owner /home/*/.opera/cache4/opr0048I wk, owner /home/*/.opera/cache4/oprHjb7yH rwk, owner /home/*/.opera/cache4/oprKK3maZ rwk, owner /home/*/.opera/cache4/oprbqzPkh rwk, owner /home/*/.opera/cache4/opsrp3XZ6Kw rw, owner /home/*/.opera/cache4/opsrpHLJwPF rw, owner /home/*/.opera/cache4/opsrpkPCLkH rw, owner /home/*/.opera/cache4/revocation/ r, owner /home/*/.opera/cache4/revocation/dcache4.url rwk, owner /home/*/.opera/cache4/revocation/opr0TdhZP rwk, owner /home/*/.opera/cache4/revocation/opr1w7qkj rwk, owner /home/*/.opera/cache4/revocation/oprBL6s5f rwk, owner /home/*/.opera/cache4/revocation/oprHbpv5T rwk, owner /home/*/.opera/cache4/revocation/opsrpDj3pgy rw, owner /home/*/.opera/cache4/revocation/opsrpEvfp5z rw, owner /home/*/.opera/cache4/revocation/opsrpvlimgW rw, owner /home/*/.opera/cache4/revocation/opsrpvpVLE4 rw, owner /home/*/.opera/cache4/revocation/vlink4.dat rwk, owner /home/*/.opera/cookies4.dat rwk, owner /home/*/.opera/download.dat rwk, owner /home/*/.opera/fontswitch.ini rwk, owner /home/*/.opera/global.dat rwk, owner /home/*/.opera/images/http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fgoogle%2Ffavicon.ico rk, owner /home/*/.opera/images/http%3A%2F%2Ftechnet.microsoft.com%2Ffavicon.ico rk, owner /home/*/.opera/images/redir.opera.com.idx rk, owner /home/*/.opera/images/technet.microsoft.com.idx rk, owner /home/*/.opera/lock rwk, owner /home/*/.opera/mail/ w, owner /home/*/.opera/mail/accounts.ini rwk, owner /home/*/.opera/mail/index.ini rwk, owner /home/*/.opera/mail/indexer/indexer.ax rwk, owner /home/*/.opera/mail/indexer/indexer.bx rwk, owner /home/*/.opera/mail/indexer/message_id rwk, owner /home/*/.opera/mail/lexicon/lexicon.ax rwk, owner /home/*/.opera/mail/lexicon/lexicon.bx rwk, owner /home/*/.opera/mail/omailbase.dat rwk, owner /home/*/.opera/mail/opr4NYOBc rwk, owner /home/*/.opera/mail/opr7k0eKT rwk, owner /home/*/.opera/mail/oprAKscmI rwk, owner /home/*/.opera/mail/oprM4zcXO rwk, owner /home/*/.opera/mail/oprp74u7k rwk, owner /home/*/.opera/mail/oprsT7GIj rwk, owner /home/*/.opera/mail/opsrp7ZAVmS rw, owner /home/*/.opera/mail/opsrp7q2EAR rw, owner /home/*/.opera/mail/opsrpCLRiMw rw, owner /home/*/.opera/mail/opsrpZrg0d8 rw, owner /home/*/.opera/mail/opsrpc0ZRnR rw, owner /home/*/.opera/mail/opsrpqKcALJ rw, owner /home/*/.opera/notes.adr rk, owner /home/*/.opera/opcache/ r, owner /home/*/.opera/opcache/dcache4.url rwk, owner /home/*/.opera/opcache/opr0047I w, owner /home/*/.opera/opcache/opr00484 w, owner /home/*/.opera/opcache/opr0048C wk, owner /home/*/.opera/opcache/opr0048I wk, owner /home/*/.opera/opcache/opr0048J wk, owner /home/*/.opera/opcache/opr0048W wk, owner /home/*/.opera/opcache/opr7NYlOI rwk, owner /home/*/.opera/opcache/oprGx8PfN rwk, owner /home/*/.opera/opcache/oprNgmhvC rwk, owner /home/*/.opera/opcache/opsrpUGRFbI rw, owner /home/*/.opera/opcache/opsrpeQWJPi rw, owner /home/*/.opera/opcache/opsrpq9Jfi2 rw, owner /home/*/.opera/opera6.adr rk, owner /home/*/.opera/opera6.ini rwk, owner /home/*/.opera/opr0AkJUf rwk, owner /home/*/.opera/opr13XdAh rwk, owner /home/*/.opera/opr1EdG4O rwk, owner /home/*/.opera/opr1JeV0y rwk, owner /home/*/.opera/opr1XQgre rwk, owner /home/*/.opera/opr2MvSem rwk, owner /home/*/.opera/opr4sPrGq rwk, owner /home/*/.opera/opr5S4EbR rwk, owner /home/*/.opera/opr5yMZq0 rwk, owner /home/*/.opera/opr64S7XQ rwk, owner /home/*/.opera/opr6IpXT6 rwk, owner /home/*/.opera/opr6YxXDn rwk, owner /home/*/.opera/opr6nrtB4 rwk, owner /home/*/.opera/opr760Uu9 rwk, owner /home/*/.opera/opr7Jzgsh rwk, owner /home/*/.opera/opr7x0RbW rwk, owner /home/*/.opera/opr85zW0N rwk, owner /home/*/.opera/opr8pSEig rwk, owner /home/*/.opera/opr9J2Vfv rwk, owner /home/*/.opera/oprAEdjx4 rwk, owner /home/*/.opera/oprAVkB1R rwk, owner /home/*/.opera/oprAsEEM6 rwk, owner /home/*/.opera/oprC0FvSB rwk, owner /home/*/.opera/oprC5tv2v rwk, owner /home/*/.opera/oprCleweB rwk, owner /home/*/.opera/oprDd3cZT rwk, owner /home/*/.opera/oprEGLhMF rwk, owner /home/*/.opera/oprEi75rn rwk, owner /home/*/.opera/oprFBlwI0 rwk, owner /home/*/.opera/oprI3jgXK rwk, owner /home/*/.opera/oprJIJ9Cp rwk, owner /home/*/.opera/oprM8L8Gu rwk, owner /home/*/.opera/oprMqntWG rwk, owner /home/*/.opera/oprNophB0 rwk, owner /home/*/.opera/oprOc8skG rwk, owner /home/*/.opera/oprPMh0SN rwk, owner /home/*/.opera/oprQRfyfW rwk, owner /home/*/.opera/oprQuCg0e rwk, owner /home/*/.opera/oprQwNh7G rwk, owner /home/*/.opera/oprR1JWNR rwk, owner /home/*/.opera/oprRGoiAU rwk, owner /home/*/.opera/oprRaI3Am rwk, owner /home/*/.opera/oprSkexcy rwk, owner /home/*/.opera/oprV1zfzO rwk, owner /home/*/.opera/oprVOPAXD rwk, owner /home/*/.opera/oprVWjUOE rwk, owner /home/*/.opera/oprVg0Y90 rwk, owner /home/*/.opera/oprWVh6VZ rwk, owner /home/*/.opera/oprWuZ9dA rwk, owner /home/*/.opera/oprXHQPR9 rwk, owner /home/*/.opera/oprYDqkQd rwk, owner /home/*/.opera/oprYIWFBi rwk, owner /home/*/.opera/oprYdPCHn rwk, owner /home/*/.opera/oprYfPBDT rwk, owner /home/*/.opera/oprZ70DrD rwk, owner /home/*/.opera/oprZAf3Km rwk, owner /home/*/.opera/opra2XnTt rwk, owner /home/*/.opera/oprand.dat rk, owner /home/*/.opera/oprbZFvqy rwk, owner /home/*/.opera/oprd604m7 rwk, owner /home/*/.opera/oprdoG0qb rwk, owner /home/*/.opera/opreUrgOq rwk, owner /home/*/.opera/oprfJFnsM rwk, owner /home/*/.opera/oprfUfQlL rwk, owner /home/*/.opera/oprg4sbcM rwk, owner /home/*/.opera/oprg8xL8O rwk, owner /home/*/.opera/oprhH0toG rwk, owner /home/*/.opera/oprhMMyAM rwk, owner /home/*/.opera/oprhQJTuK rwk, owner /home/*/.opera/opriVSLRw rwk, owner /home/*/.opera/oprizrtJn rwk, owner /home/*/.opera/oprj1DWy7 rwk, owner /home/*/.opera/oprj673K8 rwk, owner /home/*/.opera/oprkPmCaK rwk, owner /home/*/.opera/oprlsmQ9y rwk, owner /home/*/.opera/oprml3vjd rwk, owner /home/*/.opera/oproPH4pn rwk, owner /home/*/.opera/oprozOsTK rwk, owner /home/*/.opera/oprpoDTJT rwk, owner /home/*/.opera/oprr68v5Z rwk, owner /home/*/.opera/oprrVAk59 rwk, owner /home/*/.opera/oprrlFuZn rwk, owner /home/*/.opera/oprrnoGsV rwk, owner /home/*/.opera/oprroZaiK rwk, owner /home/*/.opera/oprs70Hsa rwk, owner /home/*/.opera/oprsWbhhD rwk, owner /home/*/.opera/oprscA81N rwk, owner /home/*/.opera/oprt9frvm rwk, owner /home/*/.opera/oprtANhRV rwk, owner /home/*/.opera/oprv3Oj7Q rwk, owner /home/*/.opera/oprvQNpuO rwk, owner /home/*/.opera/oprvoPOIC rwk, owner /home/*/.opera/oprw7Tqri rwk, owner /home/*/.opera/oprwVtMU3 rwk, owner /home/*/.opera/oprxOeKZD rwk, owner /home/*/.opera/oprxntDLn rwk, owner /home/*/.opera/opryFgulN rwk, owner /home/*/.opera/opryn47pQ rwk, owner /home/*/.opera/opsrp0DwU4G rw, owner /home/*/.opera/opsrp0gdbAL rw, owner /home/*/.opera/opsrp1CQglH rw, owner /home/*/.opera/opsrp2YXJlc rw, owner /home/*/.opera/opsrp3WFDVO rw, owner /home/*/.opera/opsrp4p1j8W rw, owner /home/*/.opera/opsrp58wM5P rw, owner /home/*/.opera/opsrp6nF0ht rw, owner /home/*/.opera/opsrp7Pq0IX rw, owner /home/*/.opera/opsrp7jk3PF rw, owner /home/*/.opera/opsrp7yTpfK rw, owner /home/*/.opera/opsrp9MzOAv rw, owner /home/*/.opera/opsrpB62Ip3 rw, owner /home/*/.opera/opsrpBnnSVK rw, owner /home/*/.opera/opsrpC6L7Yl rw, owner /home/*/.opera/opsrpChfzZK rw, owner /home/*/.opera/opsrpH2Hqx3 rw, owner /home/*/.opera/opsrpJ80Xy6 rw, owner /home/*/.opera/opsrpJjo52u rw, owner /home/*/.opera/opsrpK0vPg4 rw, owner /home/*/.opera/opsrpKeu4tJ rw, owner /home/*/.opera/opsrpLJfSdN rw, owner /home/*/.opera/opsrpLNn29s rw, owner /home/*/.opera/opsrpLb7UmG rw, owner /home/*/.opera/opsrpLtkKYk rw, owner /home/*/.opera/opsrpM1O8N1 rw, owner /home/*/.opera/opsrpM8Nb3g rw, owner /home/*/.opera/opsrpMEnDrR rw, owner /home/*/.opera/opsrpN5dXt3 rw, owner /home/*/.opera/opsrpN65rkh rw, owner /home/*/.opera/opsrpNLccRe rw, owner /home/*/.opera/opsrpNV5mmM rw, owner /home/*/.opera/opsrpPDa5wT rw, owner /home/*/.opera/opsrpQXBxf3 rw, owner /home/*/.opera/opsrpRMq7BT rw, owner /home/*/.opera/opsrpRNwSvr rw, owner /home/*/.opera/opsrpS2kbQQ rw, owner /home/*/.opera/opsrpSnTGyr rw, owner /home/*/.opera/opsrpTYjPya rw, owner /home/*/.opera/opsrpULSdNb rw, owner /home/*/.opera/opsrpUzy3bd rw, owner /home/*/.opera/opsrpWH8G4X rw, owner /home/*/.opera/opsrpWcrXip rw, owner /home/*/.opera/opsrpXdBi8b rw, owner /home/*/.opera/opsrpY6aybY rw, owner /home/*/.opera/opsrpYWyBYV rw, owner /home/*/.opera/opsrpYyEulc rw, owner /home/*/.opera/opsrpZgGvF6 rw, owner /home/*/.opera/opsrpZuljsl rw, owner /home/*/.opera/opsrpaW4yRl rw, owner /home/*/.opera/opsrpbrjNZa rw, owner /home/*/.opera/opsrpdRuXk7 rw, owner /home/*/.opera/opsrpe3V8MK rw, owner /home/*/.opera/opsrpeyWdxd rw, owner /home/*/.opera/opsrpfHzAkT rw, owner /home/*/.opera/opsrpfRNEub rw, owner /home/*/.opera/opsrpfeFDGO rw, owner /home/*/.opera/opsrphnOxXo rw, owner /home/*/.opera/opsrpiGef9O rw, owner /home/*/.opera/opsrpipbJ73 rw, owner /home/*/.opera/opsrpj7oPkZ rw, owner /home/*/.opera/opsrpji4tN4 rw, owner /home/*/.opera/opsrpjnJLxl rw, owner /home/*/.opera/opsrpkNABqJ rw, owner /home/*/.opera/opsrpktj3lM rw, owner /home/*/.opera/opsrpllfvxb rw, owner /home/*/.opera/opsrpmDUMk0 rw, owner /home/*/.opera/opsrpoXc5mB rw, owner /home/*/.opera/opsrpoc04Qw rw, owner /home/*/.opera/opsrpp7kwGi rw, owner /home/*/.opera/opsrpq1tfxL rw, owner /home/*/.opera/opsrpqXBlRO rw, owner /home/*/.opera/opsrpqhaU8d rw, owner /home/*/.opera/opsrprJFLWY rw, owner /home/*/.opera/opsrprPiIrm rw, owner /home/*/.opera/opsrprX5yQE rw, owner /home/*/.opera/opsrprzwvAb rw, owner /home/*/.opera/opsrpstfLgF rw, owner /home/*/.opera/opsrptALu1m rw, owner /home/*/.opera/opsrptZ52Kq rw, owner /home/*/.opera/opsrptlZbmJ rw, owner /home/*/.opera/opsrpubkr6w rw, owner /home/*/.opera/opsrpvC7rQe rw, owner /home/*/.opera/opsrpvWw1Za rw, owner /home/*/.opera/opsrpvbRx7a rw, owner /home/*/.opera/opsrpvuoEQt rw, owner /home/*/.opera/opsrpw6MvHx rw, owner /home/*/.opera/opsrpwPWPBG rw, owner /home/*/.opera/opsrpwRN3zT rw, owner /home/*/.opera/opsrpwRm3Qs rw, owner /home/*/.opera/opsrpwsaNzs rw, owner /home/*/.opera/opsrpxMSvkC rw, owner /home/*/.opera/opsrpxu7WHP rw, owner /home/*/.opera/opsrpyACMA0 rw, owner /home/*/.opera/opsrpyDEEkP rw, owner /home/*/.opera/opsrpyiNidS rw, owner /home/*/.opera/opsrpzAO9uQ rw, owner /home/*/.opera/opssl6.dat rk, owner /home/*/.opera/opthumb.dat rk, owner /home/*/.opera/override_downloaded.ini rk, owner /home/*/.opera/pluginpath.ini rwk, owner /home/*/.opera/sessions/ rw, owner /home/*/.opera/sessions/autosave.win rwk, owner /home/*/.opera/sessions/autosave.win.bak a, owner /home/*/.opera/sessions/opr0Gssa4 rwk, owner /home/*/.opera/sessions/oprA1pLYO rwk, owner /home/*/.opera/sessions/oprJa4t2X rwk, owner /home/*/.opera/sessions/oprRQ94hB rwk, owner /home/*/.opera/sessions/oprUAYYJS rwk, owner /home/*/.opera/sessions/oprlG5GJv rwk, owner /home/*/.opera/sessions/oprrHnVOi rwk, owner /home/*/.opera/sessions/opsrp4YQfJJ rw, owner /home/*/.opera/sessions/opsrp58Pqb7 rw, owner /home/*/.opera/sessions/opsrpVC8Rlc rw, owner /home/*/.opera/sessions/opsrpYAMOkW rw, owner /home/*/.opera/sessions/opsrpaKPt3p rw, owner /home/*/.opera/sessions/opsrpgd3Hnb rw, owner /home/*/.opera/sessions/opsrpsrpb08 rw, owner /home/*/.opera/speeddial.ini rwk, owner /home/*/.opera/styles/user/ r, owner /home/*/.opera/styles/user/accessibility.css rwk, owner /home/*/.opera/styles/user/altdebugger.css rwk, owner /home/*/.opera/styles/user/classid.css rwk, owner /home/*/.opera/styles/user/contrastbw.css rwk, owner /home/*/.opera/styles/user/contrastwb.css rwk, owner /home/*/.opera/styles/user/disablebreaks.css rwk, owner /home/*/.opera/styles/user/disablefloats.css rwk, owner /home/*/.opera/styles/user/disableforms.css rwk, owner /home/*/.opera/styles/user/disablepositioning.css rwk, owner /home/*/.opera/styles/user/disabletables.css rwk, owner /home/*/.opera/styles/user/outline.css rwk, owner /home/*/.opera/styles/user/structureblock.css rwk, owner /home/*/.opera/styles/user/structureinline.css rwk, owner /home/*/.opera/styles/user/structuretables.css rwk, owner /home/*/.opera/styles/user/tablelayout.css rwk, owner /home/*/.opera/styles/user/toc.css rwk, owner /home/*/.opera/typed_history.xml rk, owner /home/*/.opera/vlink4.dat rwk, owner /home/*/.opera/vps/ r, owner /home/*/.opera/vps/0000/adoc.bx rwk, owner /home/*/.opera/vps/0000/md.dat rwk, owner /home/*/.opera/vps/0000/url.ax rwk, owner /home/*/.opera/vps/0000/w.ax rwk, owner /home/*/.opera/vps/0000/wb.vx rwk, owner /home/*/.opera/vps/0001/adoc.bx rwk, owner /home/*/.opera/vps/0001/md.dat rwk, owner /home/*/.opera/vps/0001/url.ax rwk, owner /home/*/.opera/vps/0001/w.ax rwk, owner /home/*/.opera/vps/0001/wb.vx rwk, owner /home/*/.opera/vps/0002/adoc.bx rwk, owner /home/*/.opera/vps/0002/md.dat rwk, owner /home/*/.opera/vps/0002/url.ax rwk, owner /home/*/.opera/vps/0002/w.ax rwk, owner /home/*/.opera/vps/0002/wb.vx rwk, owner /home/*/.opera/vps/0003/adoc.bx rwk, owner /home/*/.opera/vps/0003/md.dat rwk, owner /home/*/.opera/vps/0003/url.ax rwk, owner /home/*/.opera/vps/0003/w.ax rwk, owner /home/*/.opera/vps/0003/wb.vx rwk, owner /home/*/.opera/vps/0004/adoc.bx rwk, owner /home/*/.opera/vps/0004/md.dat rwk, owner /home/*/.opera/vps/0004/url.ax rwk, owner /home/*/.opera/vps/0004/w.ax rwk, owner /home/*/.opera/vps/0004/wb.vx rwk, owner /home/*/.qt/.qt_plugins_3.3rc.lock rwk, owner /home/*/.qt/.qtrc.lock rwk, owner /home/*/.qt/qt_plugins_3.3rc r, owner /home/*/.qt/qtrc r, owner /home/*/Desktop/ rw, owner /home/*/Desktop/Autoruns.zip ak, /opt/kde3/bin/ark px, /opt/kde3/bin/kfmclient rix, /opt/kde3/lib/kde3/plugins/styles/ r, /opt/kde3/lib/kde3/plugins/styles/plastik.so mr, /opt/kde3/lib/lib*so* mr, /opt/kde3/share/applications/kde/ark.desktop rk, /opt/kde3/share/applications/mimeinfo.cache rk, /opt/kde3/share/icons/ r, /opt/kde3/share/icons/crystalsvg/32x32/mimetypes/tgz.png rk, /opt/kde3/share/icons/crystalsvg/index.theme rk, /opt/kde3/share/mimelnk/application/x-zip-compressed.desktop rk, /tmp/.X11-unix/X0 w, /usr/lib/** mr, /usr/lib/opera/9.62/operapluginwrapper rix, /usr/share/X11/locale/compose.dir r, /usr/share/X11/locale/en_US.UTF-8/Compose r, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/applications/mimeinfo.cache rk, /usr/share/desktop-data/qtrc r, /usr/share/fonts/** r, /usr/share/ghostscript/fonts/** r, /usr/share/icons/ r, /usr/share/icons/DMZ/cursors/bd_double_arrow r, /usr/share/icons/DMZ/cursors/copy r, /usr/share/icons/DMZ/cursors/hand2 r, /usr/share/icons/DMZ/cursors/left_ptr r, /usr/share/icons/DMZ/cursors/left_ptr_watch r, /usr/share/icons/DMZ/cursors/link r, /usr/share/icons/DMZ/cursors/move r, /usr/share/icons/DMZ/cursors/sb_h_double_arrow r, /usr/share/icons/DMZ/cursors/watch r, /usr/share/icons/DMZ/cursors/xterm r, /usr/share/icons/DMZ/index.theme r, /usr/share/icons/hicolor/index.theme rk, /usr/share/mime/aliases rk, /usr/share/mime/application/x-compressed-tar.xml rk, /usr/share/mime/application/zip.xml rk, /usr/share/mime/globs rk, /usr/share/mime/subclasses rk, /usr/share/opera/encoding.bin rk, /usr/share/opera/ini/dialog.ini rk, /usr/share/opera/ini/fastforward.ini rk, /usr/share/opera/ini/font.ini rk, /usr/share/opera/ini/pluginpath.ini rk, /usr/share/opera/ini/standard_keyboard.ini rk, /usr/share/opera/ini/standard_menu.ini rk, /usr/share/opera/ini/standard_mouse.ini rk, /usr/share/opera/ini/standard_toolbar.ini rk, /usr/share/opera/locale/english.lng rk, /usr/share/opera/locale/pl/polski.lng rk, /usr/share/opera/locale/pl/search.ini rk, /usr/share/opera/skin/standard_skin.zip rk, /usr/share/opera/styles/contentblock.css rk, /usr/share/opera/styles/mathml.css rk, /usr/share/opera/styles/wml.css rk, /var/cache/fontconfig/0c42b92420913fbcd7539015ba025a31-x86.cache-2 r, /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86.cache-2 r, /var/cache/fontconfig/2d31a572ce6667f6a0da9c8dc611898b-x86.cache-2 r, /var/cache/fontconfig/30786aca7a961ef9f9799e540455831d-x86.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2 r, /var/cache/fontconfig/4b172ca7f111e3cffadc3636415fead9-x86.cache-2 r, /var/cache/fontconfig/5ca8086aeacc9c68e81a71e7ef846b3b-x86.cache-2 r, /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86.cache-2 r, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 r, /var/cache/fontconfig/82263fb4001171a9d4b2e27da14be10b-x86.cache-2 r, /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-x86.cache-2 r, /var/cache/fontconfig/a1c95d6dfc9a7b34f44445cf81166004-x86.cache-2 r, /var/cache/fontconfig/b6bbb9f898b73777cfe763014a8c08d3-x86.cache-2 r, /var/cache/fontconfig/c938cb1e82ff5ba1829a2dab18b1c8a9-x86.cache-2 r, /var/cache/fontconfig/cf6c88e680607f2ab796171745f068a4-x86.cache-2 r, /var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-x86.cache-2 r, /var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-x86.cache-2 r, /var/cache/gio-2.0/defaults.list rk, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, /var/run/nscd/socket w, } about 1 year ago 1 202 maku Edit History
opensuse11.0 /usr/lib/postfix/tlsmgr #include <tunables/global> /usr/lib/postfix/tlsmgr { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, owner /etc/postfix/dynamicmaps.cf r, owner /etc/postfix/main.cf r, owner /usr/lib/postfix/tlsmgr m, /usr/lib/postfix/tlsmgr r, owner /var/lib/postfix/prng_exch rwk, } about 1 year ago several small additions 99 cboltz-server Edit History
opensuse10.3 /usr/lib/vmware/lib/wrapper-gtk24.sh #include <tunables/global> /usr/lib/vmware/lib/wrapper-gtk24.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> /bin/bash ixr, /bin/grep ixr, /dev/ r, /dev/dsp r, /dev/sg1 r, /dev/tty rw, /etc/gtk-2.0/gdk-pixbuf.loaders r, /etc/gtk-2.0/gtkrc r, /etc/vmware/ r, /etc/vmware/config r, /home/*/.Xauthority r, /home/*/.config/qtcurvestylerc r, /home/*/.kde/share/config/kdeglobals r, /home/*/.qt/qtrc r, /home/*/.vmware/ rw, /home/*/.vmware/license.ws.6.0.200610 r, /home/*/.vmware/preferences r, /proc/*/cmdline r, /proc/cpuinfo r, /proc/meminfo r, /proc/net/dev r, /proc/sys/dev/parport r, /proc/uptime r, /tmp/ r, /tmp/.X11-unix/X0 w, /tmp/gconfd-admincs1/lock/ior r, /tmp/orbit-admincs1/ w, /tmp/orbit-admincs1/linc-1cf0-0-225dfec52121a w, /tmp/orbit-admincs1/linc-e42-0-7a2c25cc88df2 w, /tmp/vmware-admincs1.0 rw, /tmp/vmware-admincs1/ r, "/tmp/vmware-admincs1/VMware Workstation-:0.0-sp" rw, /tmp/vmware-admincs1/ui-3253.log w, /tmp/vmware-admincs1/ui-3253.log.lck/ rw, /tmp/vmware-admincs1/ui-3253.log.lck/D23516.lck/ w, /tmp/vmware-admincs1/ui-3253.log.lck/E23516.lck rw, /tmp/vmware-admincs1/ui-3253.log.lck/M23516.lck rw, /tmp/vmware-admincs1/ui-3649.log w, /usr/bin/gconftool-2 ixr, /usr/bin/ldd Ux, /usr/lib/vmware/bin/vmware ixr, /usr/lib/vmware/bin/vmware-tray ixr, /usr/lib/vmware/lib/wrapper-gtk24.sh mr, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/icons/gnome/icon-theme.cache mr, /usr/share/icons/gnome/index.theme r, /usr/share/themes/QtCurve/gtk-2.0/gtkrc r, /usr/share/themes/QtCurve/gtk-2.0/gtkrc-kde3 r, /var/run/dbus/system_bus_socket w, } about 1 year ago vmware 236 knoble Edit History
opensuse10.3 /sbin/runlevel #include <tunables/global> /sbin/runlevel { #include <abstractions/base> /sbin/runlevel mr, /var/run/utmp krw, } over 2 years ago Import of jmichaels profiles 110 dominic Edit History
ubuntu-gutsy /usr/lib/evolution/2.12/evolution-exchange-storage #include <tunables/global> /usr/lib/evolution/2.12/evolution-exchange-storage { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/sound/events/*.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.evolution/*.db rw, /home/*/.evolution/*.db~ rw, /home/*/.gnome2_private/ w, /proc/*/mounts r, /tmp/orbit-void/bonobo-activation-register.lock klrw, /usr/lib/evolution/2.12/evolution-exchange-storage mr, } over 2 years ago gnome 181 hbpteam Edit History
opensuse11.0 /usr/bin/evolution #include <tunables/global> /usr/bin/evolution flags=(complain) { #include <abstractions/base> network dgram, network inet dgram, network inet stream, network stream, deny owner /home/maku/.evolution/.running w, deny owner /home/maku/.evolution/camel-cert.db~ a, deny owner /home/maku/.evolution/mail/.#searches.xml a, deny owner /home/maku/.evolution/mail/config/.#et-expanded-mbox:_home_maku_.evolution_mail_local_Inbox a, deny owner /home/maku/.evolution/mail/local/Outbox rw, deny owner /tmp/orbit-maku/linc-20bd-0-513de79c96411 w, deny /usr/share/evolution/2.22/errors/ r, deny /usr/share/evolution/2.22/images/ r, deny /usr/share/icons/Tango/16x16/status/dialog-warning.png r, /etc/fonts/** r, /etc/gnome-vfs-2.0/modules/ r, /etc/gnome-vfs-2.0/modules/default-modules.conf r, /etc/gnome-vfs-2.0/modules/font-method.conf r, /etc/gnome-vfs-2.0/modules/smb-module.conf r, /etc/gnome-vfs-2.0/modules/ssl-modules.conf r, /etc/gnome-vfs-2.0/modules/theme-method.conf r, /etc/gtk-2.0/gdk-pixbuf.loaders r, /etc/gtk-2.0/gtk.immodules r, /etc/gtk-2.0/gtkrc r, /etc/hosts r, /etc/nsswitch.conf r, /etc/opt/kde3/share/icons/ r, /etc/opt/kde3/share/icons/crystalsvg/icon-theme.cache r, /etc/pango/pango.modules r, /etc/passwd r, /etc/resolv.conf r, /etc/services r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.config/qtcurve.gtk-colors rw, owner /home/*/.config/qtcurve.gtk-icons rw, owner /home/*/.config/qtcurvestylerc r, owner /home/*/.evolution/ r, owner /home/*/.evolution/.running a, owner /home/*/.evolution/cache/http/01/http:%2f%2frynekpracy.pl%2fgrafika_nowa%2fnewsletter%2fstopka_2.gif rw, owner /home/*/.evolution/cache/http/04/http:%2f%2frynekpracy.pl%2fgrafika%2fnewsletter%2fnic.gif rw, owner /home/*/.evolution/cache/http/05/http:%2f%2frynekpracy.pl%2fgrafika_nowa%2fnewsletter%2fstopka_1.gif rw, owner /home/*/.evolution/cache/http/06/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fprzeglad_gora2.gif rw, owner /home/*/.evolution/cache/http/0f/http:%2f%2frynekpracy.pl%2fgrafika%2fnewsletter%2flinia_niebieska.gif rw, owner /home/*/.evolution/cache/http/11/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fhumor.jpg rw, owner /home/*/.evolution/cache/http/16/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fanalizy.jpg rw, owner /home/*/.evolution/cache/http/16/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fzapytanie.jpg rw, owner /home/*/.evolution/cache/http/1d/http:%2f%2frynekpracy.pl%2fgrafika%2fnewsletter%2fsonda_wynik.gif rw, owner /home/*/.evolution/cache/http/26/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fsedlak.jpg rw, owner /home/*/.evolution/cache/http/28/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fzyczenie.jpg rw, owner /home/*/.evolution/cache/http/31/http:%2f%2frynekpracy.pl%2fgrafika%2fnewsletter%2flinia_szara.gif rw, owner /home/*/.evolution/cache/http/31/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fbrp.jpg rw, owner /home/*/.evolution/cache/http/31/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fnasze_raporty.gif rw, owner /home/*/.evolution/cache/http/32/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2ftop_newsletter_5.jpg rw, owner /home/*/.evolution/cache/http/34/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fprzeglad_rynku.gif rw, owner /home/*/.evolution/cache/http/37/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2f50plus.jpg rw, owner /home/*/.evolution/cache/http/38/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fdzial_analiz_new.jpg rw, owner /home/*/.evolution/cache/http/38/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fprzeglad_dol_2.gif rw, owner /home/*/.evolution/cache/http/3a/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fbannery%2fwynagrodzenia.jpg rw, owner /home/*/.evolution/cache/http/3b/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fmonitor_newsletter.gif rw, owner /home/*/.evolution/cache/http/3c/http:%2f%2frynekpracy.pl%2fgrafika_rynek%2fprzeglad_tlo.gif rw, owner /home/*/.evolution/cache/tmp/ r, owner /home/*/.evolution/cache/tmp/mail.log.W3uvlN a, owner /home/*/.evolution/cache/tmp/mail.log.sYeKFr a, owner /home/*/.evolution/cache/tmp/mail.log.tebp9Q a, owner /home/*/.evolution/cache/tmp/mail.log.xOOGFz a, owner /home/*/.evolution/camel-cert.db r, owner /home/*/.evolution/cert8.db rw, owner /home/*/.evolution/key3.db rw, owner /home/*/.evolution/mail/config/.#folder-tree-expand-state.xml rw, owner /home/*/.evolution/mail/config/et-expanded-mbox:_home_maku_.evolution_mail_local_Inbox r, owner /home/*/.evolution/mail/config/folder-tree-expand-state.xml rw, owner /home/*/.evolution/mail/config/gtkrc-mail-fonts r, owner /home/*/.evolution/mail/local/ r, owner /home/*/.evolution/mail/local/.#Inbox.cmeta rw, owner /home/*/.evolution/mail/local/.#evolution.sbd/Junk.cmeta r, owner /home/*/.evolution/mail/local/.#evolution.sbd/Trash.cmeta r, owner /home/*/.evolution/mail/local/Drafts.cmeta r, owner /home/*/.evolution/mail/local/Drafts.ibex.index rw, owner /home/*/.evolution/mail/local/Drafts.ibex.index.data rw, owner /home/*/.evolution/mail/local/Inbox rwk, owner /home/*/.evolution/mail/local/Inbox.cmeta rw, owner /home/*/.evolution/mail/local/Inbox.ev-summary r, owner /home/*/.evolution/mail/local/Inbox.ibex.index rw, owner /home/*/.evolution/mail/local/Inbox.ibex.index.data rw, owner /home/*/.evolution/mail/local/Inbox.lock w, owner /home/*/.evolution/mail/local/InboxBEIULU w, owner /home/*/.evolution/mail/local/InboxBO0GLU w, owner /home/*/.evolution/mail/local/InboxRNDCLU w, owner /home/*/.evolution/mail/local/Outbox.cmeta r, owner /home/*/.evolution/mail/local/Outbox.ev-summary r, owner /home/*/.evolution/mail/local/Outbox.ibex.index rw, owner /home/*/.evolution/mail/local/Outbox.ibex.index.data rw, owner /home/*/.evolution/mail/local/Sent.cmeta r, owner /home/*/.evolution/mail/local/Sent.ev-summary r, owner /home/*/.evolution/mail/local/Sent.ibex.index rw, owner /home/*/.evolution/mail/local/Sent.ibex.index.data rw, owner /home/*/.evolution/mail/searches.xml r, owner /home/*/.evolution/secmod.db r, owner /home/*/.fontconfig/a8d626dfaa99cb0ebf0eba05ac19f7aa-x86.cache-2 r, owner /home/*/.kde/share/config/gtkrc-2.0 r, owner /home/*/.kde/share/config/kdeglobals r, owner /home/*/.qt/qtrc r, /opt/kde3/share/icons/ r, /opt/kde3/share/icons/crystalsvg/16x16/actions/editclear.png r, /opt/kde3/share/icons/crystalsvg/16x16/actions/find.png r, /opt/kde3/share/icons/crystalsvg/22x22/actions/button_cancel.png r, /opt/kde3/share/icons/crystalsvg/22x22/actions/button_ok.png r, /opt/kde3/share/icons/crystalsvg/22x22/actions/stop.png r, /opt/kde3/share/icons/crystalsvg/32x32/actions/help.png r, /opt/kde3/share/icons/crystalsvg/icon-theme.cache r, /opt/kde3/share/icons/crystalsvg/index.theme r, /opt/kde3/share/icons/hicolor/icon-theme.cache r, owner /proc/*/cmdline r, /tmp/ r, /tmp/.X11-unix/X0 w, owner /tmp/gconfd-maku/lock/ior r, owner /tmp/keyring-YM1CDw/socket w, owner /tmp/orbit-maku/ w, owner /tmp/orbit-maku/bonobo-activation-register.lock rwk, owner /tmp/orbit-maku/bonobo-activation-server-ior r, owner /tmp/orbit-maku/linc-2079-0-2cb716f66cc74 w, owner /tmp/orbit-maku/linc-2154-0-333383bd9eab3 w, owner /tmp/orbit-maku/linc-21b2-0-3ebd92beb302f w, owner /tmp/orbit-maku/linc-d49-0-6537b2556b93e w, owner /tmp/orbit-maku/linc-d4c-0-40ea262e565ab w, owner /tmp/orbit-maku/linc-d74-0-10998b88392cf w, owner /tmp/orbit-maku/linc-d79-0-25d6a80353e6b w, /usr/bin/dbus-launch rix, /usr/bin/evolution r, /usr/lib/** mr, /usr/share/X11/locale/compose.dir r, /usr/share/X11/locale/en_US.UTF-8/Compose r, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/evolution/2.22/etspec/message-list.etspec r, /usr/share/evolution/2.22/filtertypes.xml r, /usr/share/evolution/2.22/icons/ r, /usr/share/evolution/2.22/icons/hicolor/16x16/actions/ r, /usr/share/evolution/2.22/icons/hicolor/16x16/actions/folder-copy.png r, /usr/share/evolution/2.22/icons/hicolor/16x16/actions/folder-move.png r, /usr/share/evolution/2.22/icons/hicolor/16x16/actions/mail-copy.png r, /usr/share/evolution/2.22/icons/hicolor/16x16/actions/mail-move.png r, /usr/share/evolution/2.22/icons/hicolor/16x16/places/ r, /usr/share/evolution/2.22/icons/hicolor/16x16/places/mail-inbox.png r, /usr/share/evolution/2.22/icons/hicolor/16x16/places/mail-outbox.png r, /usr/share/evolution/2.22/icons/hicolor/16x16/places/mail-sent.png r, /usr/share/evolution/2.22/icons/hicolor/22x22/actions/ r, /usr/share/evolution/2.22/icons/hicolor/22x22/places/ r, /usr/share/evolution/2.22/icons/hicolor/24x24/actions/ r, /usr/share/evolution/2.22/icons/hicolor/24x24/places/ r, /usr/share/evolution/2.22/icons/hicolor/24x24/places/mail-inbox.png r, /usr/share/evolution/2.22/icons/hicolor/24x24/places/mail-outbox.png r, /usr/share/evolution/2.22/icons/hicolor/32x32/actions/ r, /usr/share/evolution/2.22/icons/hicolor/48x48/categories/ r, /usr/share/evolution/2.22/icons/hicolor/scalable/actions/ r, /usr/share/evolution/2.22/images/online.png r, /usr/share/evolution/2.22/searchtypes.xml r, /usr/share/evolution/2.22/ui/evolution-mail-global.xml r, /usr/share/evolution/2.22/ui/evolution-mail-list.xml r, /usr/share/evolution/2.22/ui/evolution-mail-message.xml r, /usr/share/evolution/2.22/ui/evolution.xml r, /usr/share/evolution/2.22/vfoldertypes.xml r, /usr/share/evolution/2.22/views/mail/As_Sent_Folder.galview r, /usr/share/evolution/2.22/views/mail/By_Follow_Up_Flag.galview r, /usr/share/evolution/2.22/views/mail/By_Sender.galview r, /usr/share/evolution/2.22/views/mail/By_Status.galview r, /usr/share/evolution/2.22/views/mail/By_Subject.galview r, /usr/share/evolution/2.22/views/mail/Messages.galview r, /usr/share/evolution/2.22/views/mail/Wide_View_Normal.galview r, /usr/share/evolution/2.22/views/mail/Wide_View_Sent.galview r, /usr/share/evolution/2.22/views/mail/galview.xml r, /usr/share/fonts/** r, /usr/share/gtkhtml-3.14/keybindingsrc.emacs r, /usr/share/icons/ r, /usr/share/icons/DMZ/cursors/bottom_right_corner r, /usr/share/icons/DMZ/cursors/crosshair r, /usr/share/icons/DMZ/cursors/grabbing r, /usr/share/icons/DMZ/cursors/hand2 r, /usr/share/icons/DMZ/cursors/left_ptr r, /usr/share/icons/DMZ/cursors/sb_h_double_arrow r, /usr/share/icons/DMZ/cursors/sb_v_double_arrow r, /usr/share/icons/DMZ/cursors/xterm r, /usr/share/icons/DMZ/index.theme r, /usr/share/icons/Gilouche/16x16/actions/folder-new.png r, /usr/share/icons/Gilouche/16x16/places/folder-saved-search.png r, /usr/share/icons/Gilouche/16x16/places/folder.png r, /usr/share/icons/Gilouche/icon-theme.cache r, /usr/share/icons/Gilouche/index.theme r, /usr/share/icons/Tango/16x16/actions/address-book-new.png r, /usr/share/icons/Tango/16x16/actions/appointment-new.png r, /usr/share/icons/Tango/16x16/actions/contact-new.png r, /usr/share/icons/Tango/16x16/actions/document-print-preview.png r, /usr/share/icons/Tango/16x16/actions/document-print.png r, /usr/share/icons/Tango/16x16/actions/document-properties.png r, /usr/share/icons/Tango/16x16/actions/document-save-as.png r, /usr/share/icons/Tango/16x16/actions/edit-copy.png r, /usr/share/icons/Tango/16x16/actions/edit-cut.png r, /usr/share/icons/Tango/16x16/actions/edit-find.png r, /usr/share/icons/Tango/16x16/actions/edit-paste.png r, /usr/share/icons/Tango/16x16/actions/go-jump.png r, /usr/share/icons/Tango/16x16/actions/mail-forward.png r, /usr/share/icons/Tango/16x16/actions/mail-mark-junk.png r, /usr/share/icons/Tango/16x16/actions/mail-message-new.png r, /usr/share/icons/Tango/16x16/actions/mail-reply-all.png r, /usr/share/icons/Tango/16x16/actions/mail-reply-sender.png r, /usr/share/icons/Tango/16x16/actions/mail-send-receive.png r, /usr/share/icons/Tango/16x16/actions/process-stop.png r, /usr/share/icons/Tango/16x16/actions/window-new.png r, /usr/share/icons/Tango/16x16/animations/process-working.png r, /usr/share/icons/Tango/16x16/categories/preferences-desktop.png r, /usr/share/icons/Tango/16x16/emblems/emblem-important.png r, /usr/share/icons/Tango/16x16/mimetypes/image-x-generic.png r, /usr/share/icons/Tango/16x16/mimetypes/x-office-address-book.png r, /usr/share/icons/Tango/16x16/mimetypes/x-office-calendar.png r, /usr/share/icons/Tango/16x16/places/user-trash.png r, /usr/share/icons/Tango/16x16/status/mail-attachment.png r, /usr/share/icons/Tango/24x24/actions/document-print.png r, /usr/share/icons/Tango/24x24/actions/edit-delete.png r, /usr/share/icons/Tango/24x24/actions/go-next.png r, /usr/share/icons/Tango/24x24/actions/go-previous.png r, /usr/share/icons/Tango/24x24/actions/mail-forward.png r, /usr/share/icons/Tango/24x24/actions/mail-mark-junk.png r, /usr/share/icons/Tango/24x24/actions/mail-reply-all.png r, /usr/share/icons/Tango/24x24/actions/mail-reply-sender.png r, /usr/share/icons/Tango/24x24/actions/mail-send-receive.png r, /usr/share/icons/Tango/24x24/mimetypes/x-office-address-book.png r, /usr/share/icons/Tango/24x24/mimetypes/x-office-calendar.png r, /usr/share/icons/Tango/32x32/actions/mail-send-receive.png r, /usr/share/icons/Tango/icon-theme.cache r, /usr/share/icons/Tango/index.theme r, /usr/share/icons/Tango/scalable/actions/mail-send-receive.svg r, /usr/share/icons/crystalsvg/128x128/actions/ r, /usr/share/icons/crystalsvg/128x128/apps/ r, /usr/share/icons/crystalsvg/128x128/devices/ r, /usr/share/icons/crystalsvg/128x128/filesystems/ r, /usr/share/icons/crystalsvg/128x128/mimetypes/ r, /usr/share/icons/crystalsvg/16x16/actions/ r, /usr/share/icons/crystalsvg/16x16/apps/ r, /usr/share/icons/crystalsvg/16x16/devices/ r, /usr/share/icons/crystalsvg/16x16/filesystems/ r, /usr/share/icons/crystalsvg/16x16/mimetypes/ r, /usr/share/icons/crystalsvg/22x22/actions/ r, /usr/share/icons/crystalsvg/22x22/apps/ r, /usr/share/icons/crystalsvg/22x22/devices/ r, /usr/share/icons/crystalsvg/22x22/filesystems/ r, /usr/share/icons/crystalsvg/22x22/mimetypes/ r, /usr/share/icons/crystalsvg/32x32/actions/ r, /usr/share/icons/crystalsvg/32x32/apps/ r, /usr/share/icons/crystalsvg/32x32/devices/ r, /usr/share/icons/crystalsvg/32x32/filesystems/ r, /usr/share/icons/crystalsvg/32x32/mimetypes/ r, /usr/share/icons/crystalsvg/48x48/actions/ r, /usr/share/icons/crystalsvg/48x48/apps/ r, /usr/share/icons/crystalsvg/48x48/devices/ r, /usr/share/icons/crystalsvg/48x48/filesystems/ r, /usr/share/icons/crystalsvg/48x48/mimetypes/ r, /usr/share/icons/crystalsvg/64x64/actions/ r, /usr/share/icons/crystalsvg/64x64/apps/ r, /usr/share/icons/crystalsvg/64x64/devices/ r, /usr/share/icons/crystalsvg/64x64/filesystems/ r, /usr/share/icons/crystalsvg/64x64/mimetypes/ r, /usr/share/icons/crystalsvg/scalable/actions/ r, /usr/share/icons/crystalsvg/scalable/apps/ r, /usr/share/icons/crystalsvg/scalable/devices/ r, /usr/share/icons/crystalsvg/scalable/filesystems/ r, /usr/share/icons/crystalsvg/scalable/mimetypes/ r, /usr/share/icons/gnome/16x16/actions/application-exit.png r, /usr/share/icons/gnome/16x16/actions/document-page-setup.png r, /usr/share/icons/gnome/16x16/actions/mail-mark-important.png r, /usr/share/icons/gnome/16x16/actions/mail-mark-notjunk.png r, /usr/share/icons/gnome/16x16/actions/mail-mark-read.png r, /usr/share/icons/gnome/16x16/actions/mail-mark-unread.png r, /usr/share/icons/gnome/16x16/actions/window-close.png r, /usr/share/icons/gnome/16x16/actions/zoom-in.png r, /usr/share/icons/gnome/16x16/actions/zoom-original.png r, /usr/share/icons/gnome/16x16/actions/zoom-out.png r, /usr/share/icons/gnome/16x16/status/mail-read.png r, /usr/share/icons/gnome/16x16/status/mail-replied.png r, /usr/share/icons/gnome/16x16/status/mail-unread.png r, /usr/share/icons/gnome/16x16/stock/document/stock_task.png r, /usr/share/icons/gnome/16x16/stock/document/stock_todo.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_new-24h-appointment.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_new-meeting.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_notes.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-high.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-higher.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-highest.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-low.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-lower.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-lowest.png r, /usr/share/icons/gnome/16x16/stock/generic/stock_score-normal.png r, /usr/share/icons/gnome/16x16/stock/net/stock_contact-list.png r, /usr/share/icons/gnome/16x16/stock/net/stock_disconnect.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail-filters-apply.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail-flag-for-followup-done.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail-flag-for-followup.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail-import.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail-open-multiple.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail-unread-multiple.png r, /usr/share/icons/gnome/16x16/stock/net/stock_mail.png r, /usr/share/icons/gnome/16x16/stock/net/stock_shared-by-me.png r, /usr/share/icons/gnome/16x16/stock/net/stock_shared-to-me.png r, /usr/share/icons/gnome/16x16/stock/object/stock_insert-note.png r, /usr/share/icons/gnome/24x24/actions/mail-mark-notjunk.png r, /usr/share/icons/gnome/24x24/stock/document/stock_todo.png r, /usr/share/icons/gnome/24x24/stock/generic/stock_notes.png r, /usr/share/icons/gnome/24x24/stock/net/stock_mail.png r, /usr/share/icons/gnome/icon-theme.cache r, /usr/share/icons/gnome/index.theme r, /usr/share/icons/hicolor/icon-theme.cache r, /usr/share/icons/hicolor/index.theme r, /usr/share/locale-bundle/pl/LC_MESSAGES/atk10.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/evolution-2.22.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/evolution-data-server-2.22.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/glib20.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/gtk20-properties.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/gtk20.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/gtkhtml-3.14.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/libbonobo-2.0.mo r, /usr/share/locale-bundle/pl/LC_MESSAGES/libbonoboui-2.0.mo r, /usr/share/pixmaps/ r, /usr/share/themes/Gilouche/gtk-2.0/gtkrc r, /usr/share/themes/QtCurve/gtk-2.0/gtkrc r, /var/cache/fontconfig/0c42b92420913fbcd7539015ba025a31-x86.cache-2 r, /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86.cache-2 r, /var/cache/fontconfig/2d31a572ce6667f6a0da9c8dc611898b-x86.cache-2 r, /var/cache/fontconfig/30786aca7a961ef9f9799e540455831d-x86.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2 r, /var/cache/fontconfig/4b172ca7f111e3cffadc3636415fead9-x86.cache-2 r, /var/cache/fontconfig/5ca8086aeacc9c68e81a71e7ef846b3b-x86.cache-2 r, /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86.cache-2 r, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 r, /var/cache/fontconfig/82263fb4001171a9d4b2e27da14be10b-x86.cache-2 r, /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-x86.cache-2 r, /var/cache/fontconfig/a1c95d6dfc9a7b34f44445cf81166004-x86.cache-2 r, /var/cache/fontconfig/b6bbb9f898b73777cfe763014a8c08d3-x86.cache-2 r, /var/cache/fontconfig/c938cb1e82ff5ba1829a2dab18b1c8a9-x86.cache-2 r, /var/cache/fontconfig/cf6c88e680607f2ab796171745f068a4-x86.cache-2 r, /var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-x86.cache-2 r, /var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-x86.cache-2 r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, /var/lib/dbus/machine-id r, /var/run/dbus/system_bus_socket w, /var/run/nscd/socket w, /var/tmp/ r, } 7 months ago Initial import 63 thomasrjones Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 97 samavedam_vijay Edit History
opensuse10.3 /opt/kde3/bin/kmail #include <tunables/global> /opt/kde3/bin/kmail flags=(complain) { #include <abstractions/base> /opt/kde3/bin/kmail mr, /opt/kde3/lib/lib*so* mr, } about 1 year ago qaz 112 vismanza Edit History
opensuse10.3 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/lib/firefox/firefox.sh mr, } about 1 year ago tristan 101 e1337r0ck3rX7 Edit History
opensuse10.3 /bin/ping # $Id: bin.ping 521 2007-03-30 23:45:28Z agruen $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /bin/ping { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability net_raw, capability setuid, /bin/ping mixr, /etc/modules.conf r, } over 2 years ago Initial Revision 176 novell Edit History
ubuntu-gutsy /usr/bin/gksu #include <tunables/global> /usr/bin/gksu { #include <abstractions/base> /usr/bin/gksu mr, } over 2 years ago gnome 152 hbpteam Edit History
ubuntu-gutsy /usr/bin/gnome-system-log #include <tunables/global> /usr/bin/gnome-system-log { #include <abstractions/base> /usr/bin/gnome-system-log mr, } over 2 years ago gnome 135 hbpteam Edit History
opensuse10.3 /etc/sysconfig/network/scripts/dhcpcd-hook-samba #include <tunables/global> /etc/sysconfig/network/scripts/dhcpcd-hook-samba { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /bin/gawk ixr, /etc/sysconfig/network/dhcp r, /etc/sysconfig/network/scripts/dhcpcd-hook-samba mr, /etc/sysconfig/network/scripts/dhcpcd-hook-samba-functions r, /proc/meminfo r, /var/lib/dhcp/dhclient-*.leases r, } over 2 years ago none 126 cinimod Edit History
opensuse10.3 /usr/local/bin/amule #include <tunables/global> /usr/local/bin/amule { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/gnome> #include <abstractions/nameservice> /bin/bash ixr, /bin/uname ixr, /dev/tty rw, /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.aMule/ rw, /home/*/.aMule/* krw, /home/*/.aMule/Incoming/ rw, /home/*/.aMule/Incoming/* rw, /home/*/.aMule/Temp/ rw, /home/*/.aMule/Temp/*.backup rw, /home/*/.aMule/Temp/*.bak rw, /home/*/.aMule/Temp/*.met rw, /home/*/.aMule/Temp/*.part rw, /home/*/.esd_auth r, /home/*/.fontconfig/*.cache-2 r, /home/*/.fonts/ r, /home/*/.gnome2/Totem/* rw, /home/*/.gnome2_private/ w, /home/*/.gstreamer-0.10/*.xml r, /home/*/.gstreamer-0.10/plugins/ r, /home/*/.gstreamer-0.10/plugins/*.so mr, /home/*/.icons/ r, /home/*/.local/share/icons/ r, /home/*/.local/share/mime/aliases r, /home/*/.local/share/mime/globs r, /home/*/.local/share/mime/magic r, /home/*/.local/share/mime/subclasses r, /home/*/.recently-used.xbel rw, /home/*/.recently-used.xbel.* rw, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /tmp/orbit-usr01/bonobo-activation-register.lock klrw, /usr/bin/bug-buddy ixr, /usr/bin/mplayer ixr, /usr/bin/totem ixr, /usr/local/bin/amule ixr, /usr/local/share/pixmaps/ r, /usr/share/applications/**.desktop r, /usr/share/gnome/autostart/*.desktop r, /usr/share/locale-bundle/de/LC_MESSAGES/*.mo r, /usr/share/totem/*.png r, /usr/share/totem/*.ui r, /usr/share/totem/*.xml r, /var/cache/libx11/compose/* r, } over 2 years ago 13 168 anonymus1 Edit History
opensuse11.0 /bin/bash #include <tunables/global> /bin/bash flags=(complain) { #include <abstractions/base> } 11 months ago 80 purrcy Edit History
opensuse10.3 /usr/sbin/mysqld-max #include <tunables/global> /usr/sbin/mysqld-max { #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, capability setgid, capability setuid, network inet tcp, /etc/ld.so.preload r, /etc/my.cnf r, /usr/sbin/mysqld r, /usr/sbin/mysqld-max mr, /usr/share/mysql/** r, /var/db/nscd/passwd r, /var/lib/distccd/** lkrw, /var/lib/mysql/ r, /var/lib/mysql/** klrw, /var/run/mysqld/* lrw, } 12 months ago 89 shimingzhou Edit History
ubuntu-gutsy /usr/bin/ripole #include <tunables/global> /usr/bin/ripole { #include <abstractions/base> /usr/bin/ripole mr, /var/lib/amavis/tmp/** rw, } about 1 year ago 86 stive Edit History
opensuse11.0 /usr/bin/test #include <tunables/global> /usr/bin/test flags=(complain) { #include <abstractions/base> } about 1 year ago 102 lbarsov Edit History
opensuse11.0 /usr/bin/ktorrent #include <tunables/global> /usr/bin/ktorrent { #include <abstractions/base> } about 1 year ago 116 kingsv30 Edit History
opensuse11.0 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/mysql/libmysql*.so* mr, /usr/lib/php/extensions/*.so mr, /usr/lib/php4/*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib/python[12].[0-9]/site-packages r, /usr/lib/qt3/lib/lib*.so* mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/mysql/libmysql*.so* mr, /usr/lib64/php/extensions/*.so mr, /usr/lib64/php4/*.so mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/python[12].[0-9]/site-packages r, /usr/lib64/qt3/lib/lib*.so* mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index rw, /usr/share/ssl/openssl.cnf r, /var/lib/php/sess_* rwl, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, ^DEFAULT_URI { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } ^HANDLING_UNTRUSTED_INPUT { #include <abstractions/nameservice> /**.htaccess r, /var/log/apache2/* w, } } about 1 year ago httpd2 129 kovik-apparmor Edit History
opensuse10.3 /bin/hostname #include <tunables/global> /bin/hostname { #include <abstractions/base> #include <abstractions/nameservice> capability sys_admin, /bin/hostname mr, } over 2 years ago none 130 cinimod Edit History
opensuse10.3 /sbin/ifconfig #include <tunables/global> /sbin/ifconfig { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, capability sys_module, /proc/net/ r, /proc/net/* r, /sbin/ifconfig mr, } over 2 years ago none 113 cinimod Edit History
opensuse10.3 /usr/bin/VBox #include <tunables/global> /usr/bin/VBox flags=(complain) { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> capability sys_ptrace, network inet dgram, network inet stream, network inet6 stream, / r, /Archiv/ rw, /Archiv/.Trash-overwrite/ rw, /Archiv/.Trash-patrick/ rw, /Archiv/Filez/ rw, /Archiv/Filez/GSO/ rw, /Archiv/Filez/GSO/** rw, /Archiv/Filez/Multimedia/Tonstudio/ r, /Archiv/Filez/Multimedia/Tonstudio/** rw, /bin/ r, /bin/basename ixr, /bin/bash ixr, /bin/gawk ixr, /bin/grep ixr, /bin/lsmod ixr, /bin/ps ixr, /bin/rm ixr, /boot/ r, /dev/ r, /dev/fd0 rw, /dev/sr0 r, /dev/tty rw, /dev/vboxdrv rw, /etc/ r, /etc/X11/qt_plugins_3.3rc r, /etc/X11/qtrc r, /etc/fonts/** r, /etc/fstab r, /etc/gnome-vfs-2.0/modules/ r, /etc/gnome-vfs-2.0/modules/default-modules.conf r, /etc/gnome-vfs-2.0/modules/font-method.conf r, /etc/gnome-vfs-2.0/modules/mapping-modules.conf r, /etc/gnome-vfs-2.0/modules/smb-module.conf r, /etc/gnome-vfs-2.0/modules/ssl-modules.conf r, /etc/gnome-vfs-2.0/modules/theme-method.conf r, /etc/gre.d/ r, /etc/gre.d/1.8.1.10.conf r, /etc/gre.d/1.8.1.9.conf r, /etc/host.conf r, /etc/hosts r, /etc/magic r, /etc/nsswitch.conf r, /etc/passwd r, /etc/resolv.conf r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.VirtualBox/* rw, /home/*/.VirtualBox/Machines/GSO/GSO.xml rw, /home/*/.VirtualBox/Machines/GSO/Logs/* rw, "/home/*/.VirtualBox/Machines/WinXP TonStudio/" w, /home/*/.VirtualBox/VDI/* krw, /home/*/.Xauthority r, /home/*/.fontconfig/*.cache-2 r, /home/*/.gnome2_private/ w, /home/*/.qt/.qtrc.lock krw, /home/*/.qt/qtrc r, /lib/ r, /log.txt r, /media/ r, /mnt/ r, /mypcs/ rw, /myscripts/ r, /opt/ r, /opt/kde3/lib/kde3/plugins/styles/ r, /opt/kde3/lib/kde3/plugins/styles/plastik.so mr, /opt/kde3/lib/lib*so* mr, /proc/ r, /proc/*/mounts r, /proc/*/stat r, /proc/*/status r, /proc/bus/usb/002/004 rw, /proc/bus/usb/003/002 rw, /proc/bus/usb/003/003 rw, /proc/bus/usb/003/004 rw, /proc/bus/usb/003/008 rw, /proc/bus/usb/004/002 rw, /proc/bus/usb/004/003 rw, /proc/bus/usb/004/004 rw, /proc/bus/usb/004/008 rw, /proc/bus/usb/005/002 rw, /proc/bus/usb/005/004 rw, /proc/bus/usb/005/008 rw, /proc/bus/usb/006/002 rw, /proc/bus/usb/006/003 rw, /proc/bus/usb/006/004 rw, /proc/bus/usb/007/002 rw, /proc/bus/usb/007/003 rw, /proc/bus/usb/007/004 rw, /proc/bus/usb/007/005 rw, /proc/bus/usb/007/006 rw, /proc/bus/usb/devices r, /proc/meminfo r, /proc/modules r, /proc/stat r, /proc/sys/kernel/ngroups_max r, /proc/sys/kernel/pid_max r, /proc/tty/drivers r, /proc/uptime r, /sbin/ r, /srv/ r, /sys/ r, /tmp/ rw, /tmp/.ICE-unix/* w, /tmp/.X11-unix/X0 w, /tmp/.vbox-overwrite-ipc/ rw, /tmp/.vbox-overwrite-ipc/ipcd w, /tmp/.vbox-overwrite-ipc/lock kw, /tmp/gconfd-overwrite/lock/ior r, /tmp/orbit-overwrite/ w, /tmp/orbit-overwrite/linc-* w, /usr/ r, /usr/bin/VBox mr, /usr/bin/bug-buddy ixr, /usr/bin/expr ixr, /usr/bin/file ixr, /usr/bin/gnome-open ixr, /usr/bin/which ixr, /usr/bin/whoami ixr, /usr/lib/** mr, /usr/lib/firefox/firefox-bin ixr, /usr/lib/firefox/firefox.sh ixr, /usr/lib/virtualbox/VBoxSVC ixr, /usr/lib/virtualbox/VBoxXPCOMIPCD ixr, /usr/lib/virtualbox/VirtualBox ixr, /usr/share/X11/locale/compose.dir r, /usr/share/X11/locale/en_US.UTF-8/Compose r, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/desktop-data/qtrc r, /usr/share/doc/packages/VirtualBox/ r, /usr/share/fonts/** r, /usr/share/icons/Industrial/cursors/hand2 r, /usr/share/icons/Industrial/cursors/left_ptr r, /usr/share/icons/Industrial/cursors/left_ptr_watch r, /usr/share/icons/Industrial/cursors/sb_h_double_arrow r, /usr/share/icons/Industrial/cursors/sb_v_double_arrow r, /usr/share/icons/Industrial/cursors/watch r, /usr/share/icons/Industrial/cursors/xterm r, /usr/share/icons/Industrial/index.theme r, /usr/share/icons/Tango/index.theme r, /usr/share/icons/gnome/index.theme r, /usr/share/locale-bundle/de/LC_MESSAGES/gtk20-properties.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/gtk20.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/libbonobo-2.0.mo r, /usr/share/locale-bundle/de/LC_MESSAGES/libgnome-2.0.mo r, /usr/share/misc/magic.mgc r, /usr/share/virtualbox/** r, /var/ r, /var/cache/fontconfig/* r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, /var/run/nscd/group r, /var/run/nscd/passwd r, /var/run/nscd/socket w, } over 2 years ago 169 overwrite Edit History
opensuse10.3 /usr/sbin/NetworkManagerDispatcher #include <tunables/global> /usr/sbin/NetworkManagerDispatcher { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> /bin/bash ixr, /etc/NetworkManager/dispatcher.d/ r, /etc/NetworkManager/dispatcher.d/autofs Px, /etc/NetworkManager/dispatcher.d/netcontrol_global_hooks Px, /etc/NetworkManager/dispatcher.d/netcontrol_services Px, /etc/NetworkManager/dispatcher.d/nfs Px, /etc/NetworkManager/dispatcher.d/privoxy Px, /proc/meminfo r, /usr/sbin/NetworkManagerDispatcher mr, /var/run/NetworkManagerDispatcher.pid w, } over 2 years ago Import of jmichaels profiles 149 dominic Edit History
opensuse10.3 /sbin/runlevel #include <tunables/global> /sbin/runlevel { #include <abstractions/base> /sbin/runlevel mr, /var/run/utmp krw, } over 2 years ago none 118 cinimod Edit History
opensuse11.0 /usr/bin/vlc #include <tunables/global> /usr/bin/vlc flags=(complain) { #include <abstractions/base> } about 1 year ago 117 antonin_s Edit History
opensuse10.3 /usr/lib/postfix/showq #include <tunables/global> /usr/lib/postfix/showq flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, /etc/gai.conf r, /etc/postfix/dynamicmaps.cf r, /etc/postfix/main.cf r, /proc/net/if_inet6 r, /usr/lib/postfix/showq mr, /var/spool/postfix/active/ r, /var/spool/postfix/deferred/ r, /var/spool/postfix/deferred/0/ r, /var/spool/postfix/deferred/1/ r, /var/spool/postfix/deferred/2/ r, /var/spool/postfix/deferred/3/ r, /var/spool/postfix/deferred/4/ r, /var/spool/postfix/deferred/5/ r, /var/spool/postfix/deferred/6/ r, /var/spool/postfix/deferred/7/ r, /var/spool/postfix/deferred/8/ r, /var/spool/postfix/deferred/A/ r, /var/spool/postfix/deferred/B/ r, /var/spool/postfix/deferred/C/ r, /var/spool/postfix/deferred/D/ r, /var/spool/postfix/deferred/E/ r, /var/spool/postfix/deferred/F/ r, /var/spool/postfix/hold/ r, /var/spool/postfix/incoming/ r, /var/spool/postfix/maildrop/ r, /var/spool/postfix/pid/unix.showq krw, } about 1 year ago e 130 mikemende Edit History
opensuse10.3 /sda7/distributions/10.3/bin/zcat #include <tunables/global> /sda7/distributions/10.3/bin/zcat { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /sda7/distributions/10.3/bin/zcat mr, } about 1 year ago sda 122 resqp2if Edit History
opensuse11.0 /usr/bin/tor #include <tunables/global> /usr/bin/tor { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, /etc/tor/torrc r, /usr/bin/tor mr, /var/db/nscd/* r, /var/lib/tor/* rw, /var/lib/tor/*/ r, /var/lib/tor/cached-status/** rw, owner /var/log/tor/* w, /var/log/tor/* a, /var/run/tor/tor.pid w, } 6 months ago 44 shimingzhou Edit History
ubuntu-gutsy /sbin/portmap # $Id: sbin.portmap 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /sbin/portmap { #include <abstractions/base> #include <abstractions/nameservice> capability net_bind_service, capability setgid, capability setuid, /etc/bindresvport.blacklist r, /etc/hosts.allow r, /etc/hosts.deny r, /sbin/portmap rmix, } about 1 year ago 97 stive Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 91 jerry Edit History
opensuse11.0 /usr/sbin/apache2ctl #include <tunables/global> /usr/sbin/apache2ctl flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago personal 123 BorzdeG Edit History
opensuse10.3 /bin/hostname #include <tunables/global> /bin/hostname { #include <abstractions/base> #include <abstractions/nameservice> capability sys_admin, /bin/hostname mr, } over 2 years ago Import of jmichaels profiles 165 dominic Edit History
opensuse10.3 /sbin/ifconfig #include <tunables/global> /sbin/ifconfig { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, capability sys_module, /proc/net/ r, /proc/net/* r, /sbin/ifconfig mr, } over 2 years ago Import of jmichaels profiles 152 dominic Edit History
opensuse10.3 /usr/sbin/NetworkManagerDispatcher #include <tunables/global> /usr/sbin/NetworkManagerDispatcher { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> /bin/bash ixr, /etc/NetworkManager/dispatcher.d/ r, /etc/NetworkManager/dispatcher.d/autofs Px, /etc/NetworkManager/dispatcher.d/netcontrol_global_hooks Px, /etc/NetworkManager/dispatcher.d/netcontrol_services Px, /etc/NetworkManager/dispatcher.d/nfs Px, /etc/NetworkManager/dispatcher.d/privoxy Px, /proc/meminfo r, /usr/sbin/NetworkManagerDispatcher mr, /var/run/NetworkManagerDispatcher.pid w, } over 2 years ago none 127 cinimod Edit History
opensuse11.0 /usr/lib/firefox/firefox #include <tunables/global> /usr/lib/firefox/firefox flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /etc/fonts/** r, /etc/gai.conf r, /etc/gnome-vfs-2.0/modules/ r, /etc/gnome-vfs-2.0/modules/default-modules.conf r, /etc/gnome-vfs-2.0/modules/font-method.conf r, /etc/gnome-vfs-2.0/modules/obex-module.conf r, /etc/gnome-vfs-2.0/modules/smb-module.conf r, /etc/gnome-vfs-2.0/modules/ssl-modules.conf r, /etc/gnome-vfs-2.0/modules/theme-method.conf r, /usr/lib/firefox/firefox.sh rix, } 8 months ago 68 knigeth Edit History
opensuse11.0 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> deny capability sys_ptrace, /bin/basename rix, /bin/bash rix, /bin/grep rix, /etc/magic r, /usr/bin/file rix, /usr/lib/firefox/firefox px, /usr/share/misc/magic.mgc r, } 6 months ago 59 kelln Edit History
opensuse11.0 /usr/lib64/firefox/firefox #include <tunables/global> /usr/lib64/firefox/firefox { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /** r, /etc/gre.d/ r, owner /home/*/.beagle/socket w, /home/*/.beagle/socket r, owner /home/*/.config/gtk-2.0/* w, /home/*/.config/gtk-2.0/* r, owner /home/*/.config/qtcurve.gtk-colors w, /home/*/.config/qtcurve.gtk-colors r, owner /home/*/.config/qtcurve.gtk-icons w, /home/*/.config/qtcurve.gtk-icons r, owner /home/*/.mozilla/firefox/** w, /home/*/.mozilla/firefox/** r, owner /home/*/.mozilla/firefox/*/* wk, /home/*/.mozilla/firefox/*/* r, owner /home/*/.mozilla/firefox/*/Cache.Trash/ w, owner /var/mozilla/*/.mozilla/firefox/** w, /var/mozilla/*/.mozilla/firefox/** r, owner /var/mozilla/*/.mozilla/firefox/*/* wk, /var/mozilla/*/.mozilla/firefox/*/* r, owner /var/mozilla/*/.mozilla/firefox/*/Cache.Trash/ w, } 12 months ago new profiles - on suse11 80 antonomasia Edit History
opensuse10.3 /opt/skype/skype #include <tunables/global> /opt/skype/skype flags=(complain) { #include <abstractions/base> /opt/skype/skype mr, } about 1 year ago 113 CarlosAlbertoRibeiro Edit History
opensuse10.3 /usr/bin/beagle-search #include <tunables/global> /usr/bin/beagle-search flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/bin/beagle-search mr, } over 2 years ago few more profile tweaks 161 jmichael Edit History
opensuse10.3 /usr/bin/ssh-agent #include <tunables/global> /usr/bin/ssh-agent { #include <abstractions/base> /tmp/** w, /usr/bin/ssh-agent mr, } over 2 years ago changes-3 115 security Edit History
opensuse10.3 /usr/share/kolab/scripts/kolab_smtpdpolicy #include <tunables/global> /usr/share/kolab/scripts/kolab_smtpdpolicy { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/perl> /etc/kolab/kolab_smtpdpolicy.conf r, /usr/bin/perl ix, /usr/share/kolab/scripts/kolab_smtpdpolicy mr, } about 1 year ago 123 arclyde Edit History
opensuse11.0 /sbin/SuSEfirewall2 #include <tunables/global> /sbin/SuSEfirewall2 flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/bin/tty rix, other /usr/sbin/ip6tables-batch -> /usr/sbin/ip6tables-batch, /usr/sbin/ip6tables-batch Cx -> /usr/sbin/ip6tables-batch, other /usr/sbin/iptables-batch , /usr/sbin/iptables-batch Px, profile /usr/sbin/ip6tables-batch { } } about 1 year ago 103 h_keiner Edit History
opensuse11.0 /bin/hostname #include <tunables/global> /bin/hostname { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability sys_admin, /bin/hostname mr, } about 1 year ago allow to change hostname. 94 poeml Edit History
opensuse10.3 /sbin/portmap #include <tunables/global> /sbin/portmap { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability net_bind_service, capability setgid, capability setuid, /etc/hosts.allow r, /etc/hosts.deny r, /sbin/portmap mr, /var/run/portmap_mapping rw, } over 2 years ago 149 JaMm Edit History
opensuse10.3 /usr/bin/gnome-terminal #include <tunables/global> /usr/bin/gnome-terminal flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> capability sys_ptrace, /bin/bash Ux, /dev/ptmx rw, /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2_private/ w, /proc/meminfo r, /tmp/orbit-*/bonobo-activation-register.lock klrw, /usr/bin/bug-buddy ixr, /usr/bin/gnome-terminal mr, /usr/lib/vte/gnome-pty-helper Px, /usr/share/terminfo/** r, /usr/share/vte/termcap/* r, /var/cache/libx11/compose/* r, } over 2 years ago misc update 130 jmichael Edit History
opensuse10.3 /opt/kde3/bin/kmplayer #include <tunables/global> /opt/kde3/bin/kmplayer flags=(complain) { #include <abstractions/base> /opt/kde3/bin/kmplayer mr, /opt/kde3/lib/lib*so* mr, } over 2 years ago kmplayer 130 Falko_Gehde Edit History
opensuse10.3 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/lib/firefox/firefox.sh mr, } about 1 year ago 0.001 113 mechwarr1214 Edit History
opensuse10.3 /bin/basename #include <tunables/global> /bin/basename flags=(complain) { #include <abstractions/base> /bin/basename mr, } over 2 years ago argh, switch things back to complain for a while 158 jmichael Edit History
opensuse10.3 /etc/gdm/PostLogin/Default #include <tunables/global> /etc/gdm/PostLogin/Default { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/gdm/PostLogin/Default mr, /proc/meminfo r, } over 2 years ago Import of jmichaels profiles 154 dominic Edit History
opensuse10.3 /etc/init.d/boot.dazuko #include <tunables/global> /etc/init.d/boot.dazuko flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> capability sys_module, /bin/basename ixr, /bin/bash ixr, /bin/grep ixr, /bin/lsmod ixr, /bin/stty ixr, /etc/init.d/boot.dazuko mr, /etc/modprobe.conf r, /etc/modprobe.conf.local r, /etc/modprobe.d/ r, /etc/modprobe.d/blacklist r, /etc/modprobe.d/ipv6 r, /etc/modprobe.d/ipw2200 r, /etc/modprobe.d/iwlwifi r, /etc/modprobe.d/module-renames r, /etc/modprobe.d/nvidia r, /etc/modprobe.d/pnp-aliases r, /etc/modprobe.d/sound r, /etc/modprobe.d/thinkpad_acpi r, /etc/modprobe.d/tv r, /etc/modprobe.d/unsupported.blacklist r, /etc/modprobe.d/xorg-x11-driver-video r, /etc/rc.status r, /etc/sysconfig/dazuko r, /etc/sysconfig/kernel r, /lib/modules/*/modules.dep r, /lib/modules/*/updates/dazuko.ko krw, /proc/modules r, /sbin/modprobe ixr, } over 2 years ago it works 185 overwrite Edit History
opensuse11.0 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/mysql/libmysql*.so* mr, /usr/lib/php/extensions/*.so mr, /usr/lib/php4/*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib/python[12].[0-9]/site-packages r, /usr/lib/qt3/lib/lib*.so* mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/mysql/libmysql*.so* mr, /usr/lib64/php/extensions/*.so mr, /usr/lib64/php4/*.so mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/python[12].[0-9]/site-packages r, /usr/lib64/qt3/lib/lib*.so* mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index rw, /usr/share/ssl/openssl.cnf r, /var/lib/php/sess_* rwl, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, ^DEFAULT_URI flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } ^HANDLING_UNTRUSTED_INPUT flags=(complain) { #include <abstractions/nameservice> /**.htaccess r, /var/log/apache2/* w, } } 2 months ago initial apache2 23 rbf072858 Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago dave3 106 shot211 Edit History
ubuntu-gutsy /usr/bin/python2.5 #include <tunables/global> /usr/bin/python2.5 flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/python> capability dac_override, /etc/apt/apt.conf.d/ r, /etc/apt/apt.conf.d/* r, /etc/apt/sources.list r, /etc/apt/sources.list.d/ r, /etc/apt/sources.list.d/*.list r, /proc/meminfo r, /proc/stat r, /usr/bin/python2.5 mr, /usr/share/command-not-found/programs.d/ r, /usr/share/command-not-found/programs.d/*.db r, /usr/share/python-apt/templates/ r, /usr/share/python-apt/templates/*.info r, /usr/share/python-apt/templates/*.mirrors r, } over 2 years ago gnome 148 hbpteam Edit History
ubuntu-gutsy /usr/lib/jvm/java-1.5.0-sun-1.5.0.13/jre/bin/javaws #include <tunables/global> /usr/lib/jvm/java-1.5.0-sun-1.5.0.13/jre/bin/javaws { #include <abstractions/base> /usr/lib/jvm/java-1.5.0-sun-1.5.0.13/jre/bin/javaws mr, } over 2 years ago gnome 152 hbpteam Edit History
ubuntu-gutsy /etc/cron.daily/man-db #include <tunables/global> /etc/cron.daily/man-db { #include <abstractions/base> #include <abstractions/perl> #include <abstractions/user-manpages> capability chown, capability setgid, capability setuid, / r, /bin/chown ixr, /bin/dash ixr, /etc/cron.daily/man-db mr, /etc/group r, /etc/manpath.config r, /etc/nsswitch.conf r, /etc/passwd r, /sbin/start-stop-daemon ixr, /usr/bin/find ixr, /usr/bin/perl ix, /usr/bin/xargs ixr, /usr/lib/** mr, /usr/lib/man-db/manconv ixr, /usr/lib/man-db/mandb ixr, /usr/man/ r, /usr/sbin/dpkg-statoverride ixr, /usr/share/man/ r, /usr/share/perl/** r, /usr/share/perl5/** r, /var/cache/ r, /var/cache/man/ rw, /var/cache/man/** krw, /var/lib/dpkg/* r, } 11 months ago 78 stive Edit History
opensuse10.3 /bin/basename #include <tunables/global> /bin/basename { #include <abstractions/base> /bin/basename mr, } over 2 years ago 20071015 126 davepl Edit History
opensuse10.3 /usr/sbin/wpa_supplicant #include <tunables/global> /usr/sbin/wpa_supplicant flags=(complain) { #include <abstractions/base> capability net_admin, capability net_raw, capability sys_module, network inet dgram, network packet dgram, /proc/net/ r, /proc/net/unix r, /usr/sbin/wpa_supplicant mr, /var/run/NetworkManager/wpa_ctrl_* w, /var/run/wpa_supplicant-global w, /var/run/wpa_supplicant/ w, /var/run/wpa_supplicant/* w, } over 2 years ago argh, switch things back to complain for a while 155 jmichael Edit History
opensuse10.3 /usr/bin/gnome-wm #include <tunables/global> /usr/bin/gnome-wm { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /bin/grep ixr, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/compiz Px, /usr/bin/gnome-wm mr, /usr/bin/xdpyinfo Px, } over 2 years ago Import of jmichaels profiles 132 dominic Edit History
opensuse10.3 /etc/gdm/PostLogin/Default #include <tunables/global> /etc/gdm/PostLogin/Default { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/gdm/PostLogin/Default mr, /proc/meminfo r, } over 2 years ago none 125 cinimod Edit History
opensuse10.3 /usr/lib/cyrus/bin/notifyd #include <tunables/global> /usr/lib/cyrus/bin/notifyd { #include <abstractions/base> /etc/imapd.* r, /mnt/mail/config/** krw, /usr/lib/cyrus/bin/notifyd mr, /var/lib/imap/** krw, } about 1 year ago 118 arclyde Edit History
opensuse10.3 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/user-tmp> /bin/basename Px, /bin/bash ixr, /bin/grep ixr, /bin/mktemp ixr, /etc/magic r, /home/*/.gdbinit r, /home/*/.inputrc r, /proc/*/auxv r, /proc/*/mem r, /proc/*/status r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/expr ixr, /usr/bin/file ixr, /usr/bin/gdb ixr, /usr/lib/firefox/firefox-bin Pxr, /usr/lib/firefox/firefox.sh mr, /usr/share/misc/magic.mgc r, } over 2 years ago 126 overwrite Edit History
ubuntu-gutsy /usr/bin/xkbcomp #include <tunables/global> /usr/bin/xkbcomp { #include <abstractions/X> #include <abstractions/base> /usr/bin/xkbcomp mr, /var/lib/xkb/*.xkm w, } over 2 years ago gnome 164 hbpteam Edit History
ubuntu-gutsy /usr/lib/postfix/scache # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/scache { #include <abstractions/base> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /usr/lib/postfix/scache rmix, /var/run/nscd/group r, } about 1 year ago 89 stive Edit History
opensuse10.3 /usr/sbin/cron #include <tunables/global> /usr/sbin/cron flags=(complain) { #include <abstractions/base> /usr/sbin/cron mr, } about 1 year ago 134 rm2011 Edit History
opensuse10.3 /usr/bin/gnome-wm #include <tunables/global> /usr/bin/gnome-wm { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /bin/grep ixr, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/compiz Px, /usr/bin/gnome-wm mr, /usr/bin/xdpyinfo Px, } over 2 years ago none 107 cinimod Edit History
ubuntu-gutsy /tmp/upxBLFO3MBALNH #include <tunables/global> /tmp/upxBLFO3MBALNH flags=(complain) { #include <abstractions/base> /tmp/upxBLFO3MBALNH mr, } over 2 years ago 167 larsthegeek Edit History
opensuse10.3 /usr/bin/xdpyinfo #include <tunables/global> /usr/bin/xdpyinfo flags=(complain) { #include <abstractions/X> #include <abstractions/base> /home/*/.Xauthority r, /usr/bin/xdpyinfo mr, } over 2 years ago few more changes to get gnome session working elsewhere 170 jmichael Edit History
opensuse11.0 /usr/lib/opera/9.52/operaplugincleaner #include <tunables/global> /usr/lib/opera/9.52/operaplugincleaner flags=(complain) { #include <abstractions/base> /usr/lib/** mr, } about 1 year ago opera 101 vojtaeus Edit History
ubuntu-gutsy /sbin/apparmor_parser #include <tunables/global> /sbin/apparmor_parser flags=(complain) { #include <abstractions/base> #include <abstractions/user-tmp> /etc/apparmor.d/abstractions/X r, /etc/apparmor.d/abstractions/audio r, /etc/apparmor.d/abstractions/authentication r, /etc/apparmor.d/abstractions/base r, /etc/apparmor.d/abstractions/bash r, /etc/apparmor.d/abstractions/consoles r, /etc/apparmor.d/abstractions/dbus r, /etc/apparmor.d/abstractions/fonts r, /etc/apparmor.d/abstractions/freedesktop.org r, /etc/apparmor.d/abstractions/gnome r, /etc/apparmor.d/abstractions/kerberosclient r, /etc/apparmor.d/abstractions/mdns r, /etc/apparmor.d/abstractions/nameservice r, /etc/apparmor.d/abstractions/nis r, /etc/apparmor.d/abstractions/nvidia r, /etc/apparmor.d/abstractions/orbit2 r, /etc/apparmor.d/abstractions/perl r, /etc/apparmor.d/abstractions/python r, /etc/apparmor.d/abstractions/user-tmp r, /etc/apparmor.d/abstractions/winbind r, /etc/apparmor.d/tunables/global r, /etc/apparmor.d/tunables/home r, /etc/apparmor.d/tunables/proc r, /etc/apparmor/subdomain.conf r, /proc/*/mounts r, /proc/meminfo r, /sbin/apparmor_parser mr, /sys/kernel/security/apparmor/.replace w, /sys/kernel/security/apparmor/matching r, } over 2 years ago gnome 131 hbpteam Edit History
opensuse10.3 /etc/init.d/ntp #include <tunables/global> /etc/init.d/ntp flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/nis> #include <abstractions/wutmp> capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_ptrace, capability sys_time, capability sys_tty_config, /bin/bash ixr, /bin/cp ixr, /bin/rm ixr, /bin/stty ixr, /dev/blog w, /etc/gai.conf r, /etc/init.d/ntp ixr, /etc/ntp.conf r, /etc/rc.status r, /etc/sysconfig/ntp r, /proc/ r, /proc/*/stat r, /proc/*/statm r, /proc/meminfo r, /proc/net/if_inet6 r, /sbin/checkproc ixr, /sbin/killproc ixr, /sbin/startproc ixr, /usr/sbin/ntpd Pxmr, /usr/sbin/ntpdate Px, /var/lib/ntp/drift/ntp.drift r, /var/lib/ntp/etc/localtime w, /var/lib/ntp/var/run/ntp/ntpd.pid rw, /var/log/ntp a, /var/run/nscd/services r, } over 2 years ago argh, switch things back to complain for a while 137 jmichael Edit History
ubuntu-gutsy /usr/sbin/portsentry #include <tunables/global> /usr/sbin/portsentry flags=(complain) { #include <abstractions/base> /usr/sbin/portsentry mr, } over 2 years ago 163 gejo Edit History
opensuse10.3 /usr/lib/ssh/x11-ssh-askpass #include <tunables/global> /usr/lib/ssh/x11-ssh-askpass { #include <abstractions/base> /usr/lib/ssh/x11-ssh-askpass mr, } over 2 years ago none 123 cinimod Edit History
ubuntu-gutsy /usr/lib/postgresql/8.3/bin/postgres #include <tunables/global> /usr/lib/postgresql/8.3/bin/postgres { #include <abstractions/base> #include <abstractions/nameservice> /etc/postgresql-common/* r, /etc/postgresql/** r, /etc/ssl/** r, /usr/lib/** mr, /usr/shar/share/zoneinfo/ r, /usr/share/postgresql/8.3/timezonesets/* r, /usr/share/zoneinfo/ r, /var/lib/postgresql/8.3/main/** lrw, /var/run/postgresql/* w, } about 1 year ago 99 stive Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 114 josemanuel Edit History
ubuntu-gutsy /usr/lib/libgconf2-4/gconfd-2 #include <tunables/global> /usr/lib/libgconf2-4/gconfd-2 { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> /etc/gconf/2/path r, /etc/gconf/gconf.xml.defaults/ r, /etc/gconf/gconf.xml.defaults/%%gconf-tree.xml r, /etc/gconf/gconf.xml.mandatory/ r, /etc/gconf/gconf.xml.mandatory/%%gconf-tree.xml r, /home/*/.gconf/ r, /home/*/.gconf/.testing.writeability w, /home/*/.gconf/apps/ r, /home/*/.gconf/apps/deskbar/* rw, /home/*/.gconf/apps/evolution/* rw, /home/*/.gconf/apps/evolution/**.xml rw, /home/*/.gconf/apps/evolution/addressbook/ r, /home/*/.gconf/apps/evolution/calendar/ r, /home/*/.gconf/apps/evolution/calendar/display/ r, /home/*/.gconf/apps/evolution/calendar/memos/ r, /home/*/.gconf/apps/evolution/calendar/notify/ r, /home/*/.gconf/apps/evolution/calendar/tasks/ r, /home/*/.gconf/apps/evolution/mail/ r, /home/*/.gconf/apps/evolution/mail/*.new rw, /home/*/.gconf/apps/evolution/memos/ r, /home/*/.gconf/apps/evolution/memos/* r, /home/*/.gconf/apps/evolution/shell/ r, /home/*/.gconf/apps/evolution/shell/*.new rw, /home/*/.gconf/apps/evolution/shell/view_defaults/ r, /home/*/.gconf/apps/evolution/shell/view_defaults/*.new rw, /home/*/.gconf/apps/evolution/shell/view_defaults/folder_bar/ r, /home/*/.gconf/apps/evolution/shell/view_defaults/folder_bar/*.new rw, /home/*/.gconf/apps/evolution/tasks/ r, /home/*/.gconf/apps/gnome-screensaver/%%gconf.xml.new rw, /home/*/.gconf/apps/gnome-screensaver/*.xml rw, /home/*/.gconf/apps/metacity/ r, /home/*/.gconf/apps/metacity/*.xml r, /home/*/.gconf/apps/metacity/general/ r, /home/*/.gconf/apps/metacity/general/*.xml r, /home/*/.gconf/apps/nautilus/ r, /home/*/.gconf/apps/nautilus/preferences/*.xml r, /home/*/.gconf/apps/panel/ r, /home/*/.gconf/apps/panel/applets/clock_screen0/ r, /home/*/.gconf/apps/panel/applets/clock_screen0/**.xml rw, /home/*/.gconf/apps/panel/applets/clock_screen0/prefs/ r, /home/*/.gconf/apps/panel/applets/clock_screen0/prefs/*.new rw, /home/*/.gconf/apps/panel/applets/clock_screen0/prefs/timezones/ r, /home/*/.gconf/apps/panel/applets/clock_screen0/prefs/timezones/*.new rw, /home/*/.gconf/apps/panel/applets/deskbar_screen0/ r, /home/*/.gconf/apps/panel/applets/fast_user_switch_screen0/ r, /home/*/.gconf/apps/panel/applets/fast_user_switch_screen0/prefs/ r, /home/*/.gconf/apps/panel/applets/fast_user_switch_screen0/prefs/*.new rw, /home/*/.gconf/apps/panel/applets/fast_user_switch_screen0/prefs/*.xml rw, /home/*/.gconf/apps/panel/applets/mixer_screen0/ r, /home/*/.gconf/apps/panel/applets/notification_area_screen0/ r, /home/*/.gconf/apps/panel/applets/show_desktop_button_screen0/ r, /home/*/.gconf/apps/panel/applets/trashapplet_screen0/ r, /home/*/.gconf/apps/panel/applets/window_list_screen0/ r, /home/*/.gconf/apps/panel/applets/window_list_screen0/prefs/ r, /home/*/.gconf/apps/panel/applets/window_list_screen0/prefs/*.new rw, /home/*/.gconf/apps/panel/applets/window_list_screen0/prefs/*.xml rw, /home/*/.gconf/apps/panel/applets/workspace_switcher_screen0/ r, /home/*/.gconf/apps/panel/applets/workspace_switcher_screen0/**.xml rw, /home/*/.gconf/apps/panel/applets/workspace_switcher_screen0/prefs/ r, /home/*/.gconf/apps/panel/applets/workspace_switcher_screen0/prefs/*.new rw, /home/*/.gconf/apps/panel/general/*.xml r, /home/*/.gconf/apps/panel/toplevels/ r, /home/*/.gconf/apps/panel/toplevels/bottom_panel_screen0/ r, /home/*/.gconf/apps/panel/toplevels/bottom_panel_screen0/*.xml r, /home/*/.gconf/apps/panel/toplevels/bottom_panel_screen0/background/%%gconf.xml r, /home/*/.gconf/desktop/ r, /home/*/.gconf/desktop/gnome/ r, /home/*/.gconf/desktop/gnome/*.xml r, /home/*/.gconf/desktop/gnome/accessibility/ r, /home/*/.gconf/desktop/gnome/accessibility/keyboard/*.xml r, /home/*/.gconf/desktop/gnome/applications/ r, /home/*/.gconf/desktop/gnome/applications/window_manager/*.new rw, /home/*/.gconf/desktop/gnome/applications/window_manager/*.xml rw, /home/*/.gconf/desktop/gnome/background/%%gconf.xml r, /home/*/.gconf/desktop/gnome/font_rendering/*.xml r, /home/*/.gconf/desktop/gnome/peripherals/ r, /home/*/.gconf/desktop/gnome/peripherals/keyboard/ r, /home/*/.gconf/desktop/gnome/peripherals/keyboard/%%gconf.xml r, /home/*/.gconfd/saved_state rw, /home/*/.gconfd/saved_state.orig w, /home/*/.gconfd/saved_state.tmp rw, /tmp/gconfd-void/lock/0t1193126927ut222865u1000p17459r1477785876k3219965624 kw, /usr/lib/libgconf2-4/gconfd-2 mr, /var/lib/gconf/debian.defaults/ r, /var/lib/gconf/debian.defaults/*.xml r, /var/lib/gconf/defaults/ r, /var/lib/gconf/defaults/*.xml r, } over 2 years ago gnome 234 hbpteam Edit History
ubuntu-gutsy /usr/lib/nautilus-cd-burner/mapping-daemon #include <tunables/global> /usr/lib/nautilus-cd-burner/mapping-daemon { #include <abstractions/base> #include <abstractions/user-tmp> /etc/nsswitch.conf r, /etc/passwd r, /usr/lib/nautilus-cd-burner/mapping-daemon mr, } over 2 years ago gnome 159 hbpteam Edit History
ubuntu-gutsy /bin/pwd #include <tunables/global> /bin/pwd flags=(complain) { #include <abstractions/base> / r, /bin/pwd mr, /home/ r, } over 2 years ago gnome 176 hbpteam Edit History
opensuse11.0 /usr/bin/nm-openvpn-service-openvpn-helper #include <tunables/global> /usr/bin/nm-openvpn-service-openvpn-helper { #include <abstractions/base> #include <abstractions/dbus> owner /usr/bin/nm-openvpn-service-openvpn-helper mr, } about 1 year ago 121 delder Edit History
opensuse10.3 /FYP/FileReadWrite #include <tunables/global> /FYP/FileReadWrite { #include <abstractions/base> /FYP/FileReadWrite mr, /FYP/data/prices.dat rw, } about 1 year ago 115 FYPJ Edit History
opensuse10.3 /usr/bin/package-manager #include <tunables/global> /usr/bin/package-manager flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/bin/package-manager mr, } over 2 years ago argh, switch things back to complain for a while 154 jmichael Edit History
ubuntu-gutsy /usr/bin/ttb #include <tunables/global> /usr/bin/ttb { #include <abstractions/base> /usr/bin/python2.5 ix, /usr/bin/ttb mr, } over 2 years ago gnome 182 hbpteam Edit History
opensuse10.3 /usr/lib/ssh/x11-ssh-askpass #include <tunables/global> /usr/lib/ssh/x11-ssh-askpass { #include <abstractions/base> /usr/lib/ssh/x11-ssh-askpass mr, } over 2 years ago Import of jmichaels profiles 141 dominic Edit History
ubuntu-gutsy /usr/lib/postfix/qmgr # $Id: usr.lib.postfix.qmgr 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/qmgr { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> /etc/mailname r, /usr/lib/postfix/qmgr rmix, /var/spool/postfix/** krw, /{var/spool/postfix/,}active/ r, /{var/spool/postfix/,}active/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}defer/ r, /{var/spool/postfix/,}defer/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}deferred/ r, /{var/spool/postfix/,}deferred/[0-9A-F]/ rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/ r, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}private/bounce w, /{var/spool/postfix/,}private/defer w, /{var/spool/postfix/,}private/local w, /{var/spool/postfix/,}private/relay w, /{var/spool/postfix/,}private/rewrite w, /{var/spool/postfix/,}private/smtp w, /{var/spool/postfix/,}private/trace w, /{var/spool/postfix/,}private/uucp w, /{var/spool/postfix/,}public/flush w, /{var/spool/postfix/,}public/qmgr r, } about 1 year ago 95 stive Edit History
opensuse10.3 /usr/bin/mplayer #include <tunables/global> /usr/bin/mplayer flags=(complain) { #include <abstractions/X> #include <abstractions/audio> #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/freedesktop.org> #include <abstractions/gnome> #include <abstractions/nameservice> #include <abstractions/php5> /cur/tmp/** rw, /etc/mplayer/input.conf r, /etc/mplayer/mplayer.conf r, /home/*/** r, /home/*/.config/qtcurve.gtk-colors rw, /home/*/.config/qtcurve.gtk-icons rw, /home/*/.mplayer/* rw, /opt/kde3/lib/lib*so* mr, /proc/*/cmdline r, /usr/** r, /usr/bin/mplayer mr, /usr/lib/win32/*.dll mr, } about 1 year ago internet radio u.a. 114 shivver-fox Edit History
opensuse10.3 /bin/uname #include <tunables/global> /bin/uname flags=(complain) { #include <abstractions/base> /bin/uname mr, /proc/cpuinfo r, } about 1 year ago 101 arturk Edit History
opensuse11.0 /usr/sbin/httpd2-worker #include <tunables/global> /usr/sbin/httpd2-worker { #include <abstractions/base> #include <abstractions/nis> capability chown, capability net_bind_service, capability setgid, capability setuid, network stream, owner /etc/apache2/* r, /etc/apache2/conf.d/ r, owner /etc/apache2/sysconfig.d/include.conf r, owner /etc/apache2/sysconfig.d/loadmodule.conf r, owner /etc/apache2/vhosts.d/ r, owner /etc/apache2/vhosts.d/accounting.conf r, owner /etc/group r, owner /etc/host.conf r, owner /etc/hosts r, owner /etc/mime.types r, owner /etc/nsswitch.conf r, owner /etc/passwd r, owner /etc/resolv.conf r, owner /usr/lib/** r, owner /usr/sbin/httpd2-worker r, owner /var/log/apache2/access_log a, owner /var/log/apache2/accounting a, owner /var/log/apache2/dummy-host.example.com-error_log a, owner /var/log/apache2/error_log a, owner /var/run/cgisock.3773 w, owner /var/run/httpd2.pid a, owner /var/run/nscd/socket w, } about 1 year ago 118 stranger Edit History
ubuntu-gutsy /usr/bin/gnome-sound-properties #include <tunables/global> /usr/bin/gnome-sound-properties { #include <abstractions/base> /usr/bin/gnome-sound-properties mr, } over 2 years ago gnome 137 hbpteam Edit History
ubuntu-gutsy /usr/sbin/dovecot #include <tunables/global> /usr/sbin/dovecot { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability chown, capability dac_override, capability dac_read_search, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, /etc/dovecot/dovecot-sql.conf r, /etc/dovecot/dovecot.conf r, /etc/mtab r, /etc/ssl/certs/* r, /etc/ssl/openssl.cnf r, /etc/ssl/private/* r, /home/*/.Maildir/* mklrw, /home/*/.Maildir/*/ w, /home/*/.maildir/ r, /home/*/.maildir/** klrw, /proc/sys/kernel/ngroups_max r, /usr/lib/dovecot/dovecot-auth ixr, /usr/lib/dovecot/imap ixr, /usr/lib/dovecot/imap-login ixr, /usr/lib/dovecot/pop3 ixr, /usr/lib/dovecot/pop3-login ixr, /usr/lib/dovecot/ssl-build-param ixr, /usr/sbin/dovecot mr, /var/lib/dovecot/* krw, /var/run/dovecot/ rw, /var/run/dovecot/* rw, /var/run/dovecot/login/ rw, /var/run/dovecot/login/* rw, /var/spool/postfix/private/auth-client w, } 8 days ago 4 stive Edit History
opensuse11.0 Georg Mussul http://www.xing.com/profile/Georg_Mussul about 1 year ago 109 Georg Mussul Edit History
opensuse10.3 /opt/kde3/bin/kpdf #include <tunables/global> /opt/kde3/bin/kpdf { #include <abstractions/base> /opt/kde3/bin/kpdf mr, /opt/kde3/lib64/libDCOP.so.* mr, /opt/kde3/lib64/libkdecore.so.* mr, /opt/kde3/lib64/libkdefx.so.* mr, /opt/kde3/lib64/libkdesu.so.* mr, /opt/kde3/lib64/libkdeui.so.* mr, /opt/kde3/lib64/libkio.so.* mr, /opt/kde3/lib64/libkparts.so.* mr, /opt/kde3/lib64/libkwalletclient.so.* mr, /tmp/.X11-unix/* w, } over 2 years ago 216 kijo387 Edit History
opensuse11.0 /usr/sbin/sshd #include <tunables/global> /usr/sbin/sshd flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> audit capability net_bind_service, capability setgid, owner /dev/tty rw, owner /etc/ssh/ssh_host_dsa_key r, owner /etc/ssh/ssh_host_rsa_key r, owner /etc/ssh/sshd_config r, owner /proc/*/fd/ r, owner /proc/*/mounts r, owner /usr/sbin/sshd r, owner /var/run/sshd.init.pid a, } 5 months ago 43 alejandro Edit History
ubuntu-gutsy /etc/cron.daily/apache2 #include <tunables/global> /etc/cron.daily/apache2 { #include <abstractions/base> /bin/dash ixr, /etc/cron.daily/apache2 mr, /etc/default/apache2 r, } /etc/cron.daily/apache2//DEFAULT_URI { } /etc/cron.daily/apache2//HANDLING_UNTRUSTED_INPUT { } about 1 year ago 91 stive Edit History
opensuse10.3 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh { #include <abstractions/base> #include <abstractions/bash> /bin/basename ixr, /bin/bash ixr, /bin/grep ixr, /dev/tty rw, /etc/magic r, /usr/bin/file ixr, /usr/lib64/firefox/firefox-bin Px, /usr/lib64/firefox/firefox.sh mr, /usr/share/misc/magic r, /usr/share/misc/magic.mgc r, } over 2 years ago 224 kijo387 Edit History
opensuse11.0 /usr/lib64/firefox/firefox.sh #include <tunables/global> /usr/lib64/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } about 1 year ago 108 sylwek Edit History
opensuse10.3 /usr/bin/sudo #include <tunables/global> /usr/bin/sudo flags=(complain) { #include <abstractions/base> /usr/bin/sudo mr, } over 2 years ago 136 overwrite Edit History
ubuntu-gutsy /usr/bin/nautilus #include <tunables/global> /usr/bin/nautilus { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/gnome/defaults.list r, /etc/sound/events/*.soundlist r, /home/*/* rw, /home/*/.Trash/ rw, /home/*/.config/ r, /home/*/.config/user-dirs.dirs r, /home/*/.gnome/gnome-vfs/.trash_entry_cache rw, /home/*/.gnome2/ rw, /home/*/.gnome2/nautilus-scripts/ rw, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.kde/share/config/kdeglobals r, /home/*/.nautilus/metafiles/* rw, /home/*/.thumbnails/normal/ r, /home/*/.thumbnails/normal/*.png r, /home/*/Desktop/ rw, /home/*/Desktop/* rw, /home/*/Documents/ rw, /home/*/Music/ rw, /home/*/Pictures/ rw, /home/*/Public/ rw, /home/*/Templates/ rw, /home/*/Videos/ rw, /home/*/themes/* r, /home/void/ rw, /proc/*/mounts r, /proc/filesystems r, /proc/meminfo r, /tmp/** klrw, /usr/bin/evince Px, /usr/bin/nautilus mr, /usr/lib/nautilus-cd-burner/mapping-daemon Px, /usr/local/share/applications/ r, /usr/local/share/applications/*.cache r, /usr/local/share/icons/ r, /usr/share/applications/ r, /usr/share/applications/*.cache r, /usr/share/applications/*.desktop r, /usr/share/gdm/applications/ r, /usr/share/gdm/applications/*.cache r, /usr/share/mime/application/*.xml r, /usr/share/nautilus/ui/*.xml r, } over 2 years ago gnome 154 hbpteam Edit History
opensuse11.0 /usr/lib64/amanda/amandad #include <tunables/global> /usr/lib64/amanda/amandad { #include <abstractions/base> } 8 months ago 66 shimingzhou Edit History
opensuse11.0 /usr/bin/opera #include <tunables/global> /usr/bin/opera flags=(complain) { #include <abstractions/base> #include <abstractions/bash> capability sys_ptrace, network dgram, network stream, /bin/bash rix, /bin/grep rix, /bin/ls mrix, /bin/ps rix, /bin/sed mrpx, /dev/tty rw, /etc/X11/kstylerc r, /etc/X11/qt_plugins_3.3rc r, /etc/X11/qtrc r, /etc/fonts/** r, /etc/gtk-2.0/gtk.immodules r, /etc/gtk-2.0/gtkrc r, /etc/host.conf r, /etc/hosts r, /etc/mailcap rk, /etc/nsswitch.conf r, /etc/opera6rc rk, /etc/opera6rc.fixed rk, /etc/opt/kde3/share/applications/mimeinfo.cache rk, /etc/passwd r, /etc/resolv.conf r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.adobe/Flash_Player/AssetCache/ r, owner /home/*/.config/qtcurve.gtk-colors rw, owner /home/*/.config/qtcurve.gtk-icons rw, owner /home/*/.config/qtcurvestylerc r, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.kde/share/config/gtkrc-2.0 r, owner /home/*/.kde/share/config/kcmnspluginrc rwk, owner /home/*/.kde/share/config/kdeglobals r, owner /home/*/.local/share/icons/ r, owner /home/*/.macromedia/Flash_Player/#SharedObjects/ r, owner /home/*/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/* r, owner /home/*/.mozilla/firefox/** r, owner /home/*/.mozilla/plugins/ r, owner /home/*/.opera/ rw, owner /home/*/.opera/* rwk, owner /home/*/.opera/cache4/ r, owner /home/*/.opera/cache4/* rwk, owner /home/*/.opera/cache4/revocation/ r, owner /home/*/.opera/cache4/revocation/* rwk, owner /home/*/.opera/images/* rwk, owner /home/*/.opera/mail/ w, owner /home/*/.opera/mail/* rwk, owner /home/*/.opera/mail/indexer/* rwk, owner /home/*/.opera/mail/lexicon/* rwk, owner /home/*/.opera/opcache/ r, owner /home/*/.opera/opcache/* rwk, owner /home/*/.opera/sessions/ rw, owner /home/*/.opera/sessions/* rwk, owner /home/*/.opera/skin/ r, owner /home/*/.opera/skin/* rk, owner /home/*/.opera/styles/user/ r, owner /home/*/.opera/styles/user/* rwk, owner /home/*/.opera/thumbnails/* rk, owner /home/*/.opera/toolbar/ r, owner /home/*/.opera/toolbar/* rwk, owner /home/*/.opera/vps/ r, owner /home/*/.opera/vps/0000/* rwk, owner /home/*/.opera/widgets/* rwk, owner /home/*/.qt/.kstylerc.lock rwk, owner /home/*/.qt/.qt_plugins_3.3rc.lock rwk, owner /home/*/.qt/.qtrc.lock rwk, owner /home/*/.qt/kstylerc r, owner /home/*/.qt/qt_plugins_3.3rc r, owner /home/*/.qt/qtrc r, /opt/ r, /opt/kde3/lib/kde3/plugins/styles/ r, /opt/kde3/lib/kde3/plugins/styles/* mr, /opt/kde3/lib/lib*so* mr, /opt/kde3/share/applications/mimeinfo.cache rk, /opt/kde3/share/fonts/** r, /opt/kde3/share/icons/ r, /opt/kde3/share/icons/crystalsvg/index.theme rk, /proc/ r, /proc/*/cmdline r, owner /proc/*/maps r, /proc/*/stat r, /proc/*/status r, /proc/meminfo r, /proc/stat r, /proc/sys/kernel/pid_max r, /proc/tty/drivers r, /proc/uptime r, /tmp/.X11-unix/X0 w, /usr/ r, /usr/X11R6/lib/ r, /usr/bin/opera r, /usr/lib/ r, /usr/lib/** mr, /usr/lib/opera/9.52/opera rix, /usr/lib/opera/9.52/operaplugincleaner px, /usr/lib/opera/9.52/operapluginwrapper rix, /usr/lib/opera/9.52/works px, /usr/local/ r, /usr/local/lib/ r, /usr/share/X11/locale/compose.dir r, /usr/share/X11/locale/en_US.UTF-8/Compose r, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/applications/mimeinfo.cache rk, /usr/share/desktop-data/qtrc r, /usr/share/fonts/** r, /usr/share/ghostscript/fonts/** r, /usr/share/icons/ r, /usr/share/icons/** rk, /usr/share/locale-bundle/cs/LC_MESSAGES/coreutils.mo r, /usr/share/locale-bundle/cs/LC_MESSAGES/gtk20-properties.mo r, /usr/share/locale-bundle/cs/LC_MESSAGES/gtk20.mo r, /usr/share/mime/aliases rk, /usr/share/mime/globs rk, /usr/share/mime/subclasses rk, /usr/share/opera/encoding.bin rk, /usr/share/opera/ini/dialog.ini rk, /usr/share/opera/ini/fastforward.ini rk, /usr/share/opera/ini/font.ini rk, /usr/share/opera/ini/pluginpath.ini rk, /usr/share/opera/ini/standard_keyboard.ini rk, /usr/share/opera/ini/standard_menu.ini rk, /usr/share/opera/ini/standard_mouse.ini rk, /usr/share/opera/ini/standard_toolbar.ini rk, /usr/share/opera/locale/en/search.ini rk, /usr/share/opera/locale/english.lng rk, /usr/share/opera/skin/ r, /usr/share/opera/skin/* rk, /usr/share/opera/styles/* rk, /usr/share/themes/Gilouche/gtk-2.0/gtkrc r, /usr/share/themes/QtCurve/gtk-2.0/gtkrc r, /var/cache/fontconfig/* r, /var/cache/gio-2.0/defaults.list rk, /var/cache/libx11/compose/* r, } about 1 year ago opera 113 vojtaeus Edit History
opensuse10.3 /opt/kde3/bin/kwatchgnupg #include <tunables/global> /opt/kde3/bin/kwatchgnupg flags=(complain) { #include <abstractions/base> /opt/kde3/bin/kwatchgnupg mr, /opt/kde3/lib/lib*so* mr, } about 1 year ago gconf-neu 105 shivver-fox Edit History
opensuse10.3 /usr/bin/gconftool-2 #include <tunables/global> /usr/bin/gconftool-2 flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> capability kill, capability sys_ptrace, /etc/gconf/gconf.xml.defaults/ r, /etc/gconf/gconf.xml.defaults/.testing.writeability w, /etc/gconf/gconf.xml.schemas/ r, /etc/gconf/gconf.xml.schemas/** rw, /etc/gconf/schema-install-source r, /etc/gconf/schemas/**.schemas r, /etc/gconf/schemas/*.entries r, /proc/ r, /proc/*/cmdline r, /proc/*/stat r, /usr/bin/gconftool-2 mr, /usr/bin/killall ixr, /usr/lib/GConf/2/gconfd-2 Px, /usr/share/locale-bundle/de/LC_MESSAGES/GConf2.mo r, } over 2 years ago 127 overwrite Edit History
ubuntu-gutsy /usr/bin/albumshaper #include <tunables/global> /usr/bin/albumshaper { #include <abstractions/base> /bin/dash ix, /usr/bin/albumshaper mr, } over 2 years ago gnome 144 hbpteam Edit History
opensuse10.3 /usr/sbin/sabayon-apply #include <tunables/global> /usr/sbin/sabayon-apply { #include <abstractions/X> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/python> /etc/xml/catalog r, /etc/xml/suse-catalog.xml r, /home/*/.Xauthority r, /proc/meminfo r, /usr/bin/env ixr, /usr/bin/python2.5 ixr, /usr/sbin/sabayon-apply mr, } over 2 years ago Import of jmichaels profiles 138 dominic Edit History
ubuntu-gutsy /usr/bin/vino-session #include <tunables/global> /usr/bin/vino-session { #include <abstractions/base> #include <abstractions/gnome> #include <abstractions/nameservice> /etc/sound/events/*.soundlist r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.gnome2_private/ w, /proc/*/mounts r, /usr/bin/vino-session mr, } over 2 years ago gnome 145 hbpteam Edit History
opensuse10.3 /usr/bin/numlockx #include <tunables/global> /usr/bin/numlockx { #include <abstractions/X> #include <abstractions/base> /home/*/.Xauthority r, /usr/bin/numlockx mr, } over 2 years ago Import of jmichaels profiles 152 dominic Edit History
opensuse11.0 /usr/bin/skype #include <tunables/global> /usr/bin/skype { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/fonts> #include <abstractions/nameservice> /home/*/.ICEauthority r, /home/*/.Skype/ rw, /home/*/.Skype/** rwk, /home/*/.Xauthority r, /home/*/.config/Trolltech.conf rk, /home/*/.fontconfig/* r, /home/*/.mozilla/ r, /home/*/.mozilla/firefox/ r, /home/*/.mozilla/firefox/*/ r, /home/*/.mozilla/firefox/*/bookmarkbackups/ r, /home/*/.mozilla/firefox/*/chrome/ r, /home/*/.mozilla/firefox/*/extensions/ r, /home/*/.mozilla/firefox/*/prefs.js r, /proc/interrupts r, /tmp/.ICE-unix/* w, /tmp/.X11-unix/X0 w, /usr/bin/skype mr, /usr/lib/qt4/plugins/iconengines/ r, /usr/lib/qt4/plugins/imageformats/ r, /usr/lib/qt4/plugins/imageformats/*.so mr, /usr/lib/qt4/plugins/inputmethods/ r, /usr/share/X11/locale/** r, /usr/share/icons/** r, /usr/share/skype/sounds/*.wav rk, /var/cache/libx11/compose/* r, } 5 months ago 42 maleks Edit History
opensuse10.3 /usr/lib/firefox/firefox.sh # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/firefox/firefox.sh { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> #include <abstractions/user-tmp> / r, /** r, /bin/basename mixr, /bin/bash mixr, /bin/gawk mixr, /bin/grep mixr, /bin/ps Uxr, /cur/** rw, /dat/**/ rw, /home/*/** rw, /home/*/.mozilla/firefox/** krw, /opt/kde3/bin/kpdf Px, /usr/bin/audacity px, /usr/bin/file mixr, /usr/bin/gtk-gnash Px, /usr/bin/mplayer px, /usr/bin/which mixr, /usr/lib/GConf/2/gconfd-2 Px, /usr/lib/browser-plugins/* mr, /usr/lib/firefox/firefox ixr, /usr/lib/firefox/firefox-bin px, /usr/lib/firefox/firefox.sh rmix, /usr/lib/firefox/mozilla-xremote-client px, /usr/lib/jvm/java-1.5.0-sun-1.5.0_update16/jre/bin/java_vm Px, /usr/lib/win32/drvc.so mr, /usr/lib/xine/plugins/1.23/*.so mr, /usr/lib/xine/plugins/1.23/post/xineplug_post_goom.so mr, /usr/lib/xine/plugins/1.23/post/xineplug_post_tvtime.so mr, /var/tmp/ rw, } about 1 year ago internet radio u.a. 90 shivver-fox Edit History
opensuse10.3 /usr/lib/jvm/java-1.6.0.u5-sun-1.6.0.u5/jre/bin/java #include <tunables/global> /usr/lib/jvm/java-1.6.0.u5-sun-1.6.0.u5/jre/bin/java { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/lib/jvm/java-1.6.0.u5-sun-1.6.0.u5/jre/bin/java mr, } about 1 year ago java 92 rockets Edit History
opensuse10.3 /usr/lib/firefox/firefox.sh #include <tunables/global> /usr/lib/firefox/firefox.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/lib/firefox/firefox.sh mr, } over 2 years ago test 102 higp Edit History
opensuse10.3 /var/lib/distccd/flashgot.m384mqii.default/flashgot.fgt #include <tunables/global> /var/lib/distccd/flashgot.m384mqii.default/flashgot.fgt { #include <abstractions/base> /var/lib/distccd/flashgot.m384mqii.default/flashgot.fgt mr, } about 1 year ago 111 hello Edit History
opensuse10.3 /usr/sbin/sabayon-apply #include <tunables/global> /usr/sbin/sabayon-apply { #include <abstractions/X> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/python> /etc/xml/catalog r, /etc/xml/suse-catalog.xml r, /home/*/.Xauthority r, /home/*/.xsession-errors w, /proc/meminfo r, /usr/bin/env ixr, /usr/bin/python2.5 ixr, /usr/sbin/sabayon-apply mr, } over 2 years ago none 120 cinimod Edit History
opensuse10.3 /usr/bin/numlockx #include <tunables/global> /usr/bin/numlockx { #include <abstractions/X> #include <abstractions/base> /home/*/.Xauthority r, /usr/bin/numlockx mr, } over 2 years ago none 112 cinimod Edit History
ubuntu-gutsy /usr/lib/postfix/master # $Id: usr.lib.postfix.master 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/master { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability dac_override, capability kill, capability net_bind_service, /etc/mailname r, /etc/postfix/master.cf r, /usr/lib/postfix/anvil Px, /usr/lib/postfix/bounce Px, /usr/lib/postfix/cleanup Px, /usr/lib/postfix/error ixr, /usr/lib/postfix/flush Px, /usr/lib/postfix/local Px, /usr/lib/postfix/master rmix, /usr/lib/postfix/nqmgr Px, /usr/lib/postfix/pickup Px, /usr/lib/postfix/pipe Px, /usr/lib/postfix/proxymap Px, /usr/lib/postfix/qmgr Px, /usr/lib/postfix/scache Px, /usr/lib/postfix/showq Px, /usr/lib/postfix/smtp Px, /usr/lib/postfix/smtpd Px, /usr/lib/postfix/tlsmgr Px, /usr/lib/postfix/trivial-rewrite Px, /var/spool/postfix/active/* krw, /var/spool/postfix/etc/* r, /var/spool/postfix/pid/unix.retry krw, /{var/spool/postfix/,}pid/master.pid krw, /{var/spool/postfix/,}private/* wl, /{var/spool/postfix/,}private/tlsmgr rwl, /{var/spool/postfix/,}public/{cleanup,flush,pickup,qmgr,showq,tlsmgr} rwl, } about 1 year ago 100 stive Edit History
opensuse11.0 /usr/bin/gpg2 #include <tunables/global> /usr/bin/gpg2 { #include <abstractions/base> #include <abstractions/nvidia> capability ipc_lock, owner /usr/bin/gpg2 mr, owner /var/tmp/** rw, } about 1 year ago ... 93 knotwurk Edit History
opensuse10.3 /opt/SecondLife_i686_1_19_0_5/secondlife #include <tunables/global> /opt/SecondLife_i686_1_19_0_5/secondlife { #include <abstractions/base> #include <abstractions/bash> /bin/arch ixr, /bin/bash ixr, /bin/cat ixr, /opt/SecondLife_i686_1_19_0_5/secondlife mr, /usr/bin/dirname ixr, /usr/bin/readlink ixr, } about 1 year ago 118 angel832 Edit History
opensuse10.3 /usr/lib/firefox/firefox-bin #include <tunables/global> /usr/lib/firefox/firefox-bin { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/nameservice> network inet stream, network inet6 stream, deny /usr/bin/bug-buddy x, /bin/netstat cx, /etc/gnome-vfs-2.0/modules/ r, /etc/sound/events/gtk-events-2.soundlist r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.esd_auth r, owner /home/*/.fontconfig/* r, owner /home/*/.gnome2_private/ w, owner /home/*/.mozilla/firefox/** rw, owner /home/*/.mozilla/firefox/*/*.sqlite rwk, owner /home/*/.mozilla/firefox/*/.parentlock wk, /usr/lib/firefox/firefox-bin mr, /var/cache/libx11/compose/* r, profile /bin/netstat { #include <abstractions/base> network inet dgram, /bin/netstat mr, /proc/net/ r, /proc/net/dev r, /proc/net/unix r, } } about 1 year ago test profile - please don't use 110 jjohansen Edit History
opensuse10.3 /usr/sbin/postfix #include <tunables/global> /usr/sbin/postfix { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> #include <abstractions/nis> capability dac_override, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /bin/bash ixr, /bin/egrep ixr, /bin/grep ixr, /bin/ls ixmr, /bin/uname ixr, /dev/console rw, /dev/tty rw, /etc/gai.conf r, /etc/postfix/ r, /etc/postfix/dynamicmaps.cf r, /etc/postfix/main.cf r, /etc/postfix/master.cf r, /etc/postfix/post-install r, /etc/postfix/postfix-files r, /etc/postfix/postfix-script ixr, /etc/postfix/relocated.db krw, /etc/postfix/transport.db krw, /etc/postfix/virtual.db krw, /proc/meminfo r, /proc/net/if_inet6 r, /proc/stat r, /proc/sys/kernel/ngroups_max r, /usr/bin/cmp ixr, /usr/bin/find ixr, /usr/lib/postfix/bounce ixr, /usr/lib/postfix/error ixr, /usr/lib/postfix/master ixr, /usr/lib/postfix/pickup ixr, /usr/lib/postfix/qmgr ixr, /usr/lib/postfix/smtp ixr, /usr/lib/postfix/trivial-rewrite ixr, /usr/sbin/ r, /usr/sbin/postconf ixr, /usr/sbin/postfix mr, /usr/sbin/postlog ixr, /usr/sbin/postqueue ixr, /usr/sbin/postsuper ixr, /usr/sbin/sendmail r, /usr/share/doc/packages/postfix/README_FILES/QMQP_README r, /var/run/nscd/services r, /var/spool/postfix/ r, /var/spool/postfix/active/ r, /var/spool/postfix/active/100091AF41CB krw, /var/spool/postfix/active/4BE3E1AF41C1 krw, /var/spool/postfix/active/4CE981AF41C2 krw, /var/spool/postfix/active/644E71AF41C4 krw, /var/spool/postfix/active/A3C3F1AF41B0 krw, /var/spool/postfix/active/BDB231AF41B6 krw, /var/spool/postfix/active/CAE441AF41C0 krw, /var/spool/postfix/bounce/ r, /var/spool/postfix/corrupt/ r, /var/spool/postfix/defer/ r, /var/spool/postfix/defer/1/ r, /var/spool/postfix/defer/1/100091AF41CB kw, /var/spool/postfix/defer/4/ r, /var/spool/postfix/defer/4/4BE3E1AF41C1 kw, /var/spool/postfix/defer/4/4CE981AF41C2 kw, /var/spool/postfix/defer/6/ r, /var/spool/postfix/defer/6/644E71AF41C4 kw, /var/spool/postfix/defer/A/ r, /var/spool/postfix/defer/A/A3C3F1AF41B0 kw, /var/spool/postfix/defer/B/ r, /var/spool/postfix/defer/B/BDB231AF41B6 kw, /var/spool/postfix/defer/C/ r, /var/spool/postfix/defer/C/CAE441AF41C0 kw, /var/spool/postfix/deferred/ r, /var/spool/postfix/deferred/1/ r, /var/spool/postfix/deferred/1/100091AF41CB rw, /var/spool/postfix/deferred/4/ r, /var/spool/postfix/deferred/4/4BE3E1AF41C1 rw, /var/spool/postfix/deferred/4/4CE981AF41C2 rw, /var/spool/postfix/deferred/6/ r, /var/spool/postfix/deferred/6/644E71AF41C4 rw, /var/spool/postfix/deferred/A/ r, /var/spool/postfix/deferred/A/A3C3F1AF41B0 rw, /var/spool/postfix/deferred/B/ r, /var/spool/postfix/deferred/B/BDB231AF41B6 rw, /var/spool/postfix/deferred/C/ r, /var/spool/postfix/deferred/C/CAE441AF41C0 rw, /var/spool/postfix/flush/ r, /var/spool/postfix/hold/ r, /var/spool/postfix/incoming/ r, /var/spool/postfix/maildrop/ r, /var/spool/postfix/pid/master.pid krw, /var/spool/postfix/pid/unix.defer krw, /var/spool/postfix/pid/unix.retry krw, /var/spool/postfix/pid/unix.smtp krw, /var/spool/postfix/private/ r, /var/spool/postfix/private/anvil w, /var/spool/postfix/private/bounce w, /var/spool/postfix/private/bsmtp w, /var/spool/postfix/private/cyrus w, /var/spool/postfix/private/defer w, /var/spool/postfix/private/discard w, /var/spool/postfix/private/error w, /var/spool/postfix/private/ifmail w, /var/spool/postfix/private/lmtp w, /var/spool/postfix/private/local w, /var/spool/postfix/private/maildrop w, /var/spool/postfix/private/procmail w, /var/spool/postfix/private/proxymap w, /var/spool/postfix/private/relay w, /var/spool/postfix/private/retry w, /var/spool/postfix/private/rewrite w, /var/spool/postfix/private/scache w, /var/spool/postfix/private/smtp w, /var/spool/postfix/private/trace w, /var/spool/postfix/private/uucp w, /var/spool/postfix/private/verify w, /var/spool/postfix/private/virtual w, /var/spool/postfix/public/ r, /var/spool/postfix/public/cleanup w, /var/spool/postfix/public/flush w, /var/spool/postfix/public/pickup rw, /var/spool/postfix/public/qmgr rw, /var/spool/postfix/public/showq w, /var/spool/postfix/trace/ r, } about 1 year ago 112 milos Edit History
opensuse10.3 /usr/bin/test #include <tunables/global> /usr/bin/test flags=(complain) { #include <abstractions/base> /usr/bin/test mr, } over 2 years ago test 135 hogy Edit History
opensuse11.0 /usr/sbin/pure-ftpd #include <tunables/global> /usr/sbin/pure-ftpd { #include <abstractions/base> #include <abstractions/nis> capability audit_control, capability dac_override, capability dac_read_search, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, owner /etc/environment r, owner /etc/ftpusers r, owner /etc/ldap.conf r, owner /etc/login.defs r, owner /etc/nsswitch.conf r, owner /etc/openldap/ldap.conf r, owner /etc/pam.d/* r, owner /etc/passwd r, owner /etc/resolv.conf r, owner /etc/security/limits.conf r, owner /etc/security/pam_env.conf r, owner /etc/shadow r, owner /etc/shells r, /home/*/ rw, /home/*/** rw, /home/*/www/htdocs/ rw, /home/*/www/htdocs/** rw, owner /lib64/security/pam_cracklib.so mr, owner /lib64/security/pam_deny.so mr, owner /lib64/security/pam_env.so mr, owner /lib64/security/pam_ldap.so mr, owner /lib64/security/pam_limits.so mr, owner /lib64/security/pam_listfile.so mr, owner /lib64/security/pam_localuser.so mr, owner /lib64/security/pam_loginuid.so mr, owner /lib64/security/pam_shells.so mr, owner /lib64/security/pam_umask.so mr, owner /lib64/security/pam_unix*.so mr, owner /lib64/security/pam_warn.so mr, owner /proc/*/loginuid w, owner /proc/*/mounts r, owner /proc/*/net/tcp r, owner /proc/*/net/tcp6 r, owner /proc/loadavg r, owner /var/run/pure-ftpd/client-* r, /var/run/pure-ftpd/client-* wk, } 9 days ago 4 msakamoto Edit History
opensuse11.0 /usr/bin/wine #include <tunables/global> /usr/bin/wine flags=(complain) { #include <abstractions/base> } 4 months ago 41 bedo Edit History
opensuse10.3 /usr/lib/helix-dbus-server/helix-dbus-server.bin #include <tunables/global> /usr/lib/helix-dbus-server/helix-dbus-server.bin flags=(complain) { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/nameservice> /proc/cpuinfo r, /usr/lib/RealPlayer10/**.so mr, /usr/lib/helix-dbus-server/helix-dbus-server.bin mr, } over 2 years ago argh, switch things back to complain for a while 143 jmichael Edit History
ubuntu-gutsy /usr/bin/nautilus-cd-burner #include <tunables/global> /usr/bin/nautilus-cd-burner { #include <abstractions/base> /usr/bin/nautilus-cd-burner mr, } over 2 years ago gnome 122 hbpteam Edit History
opensuse10.3 /usr/sbin/NetworkManager #include <tunables/global> /usr/sbin/NetworkManager flags=(complain) { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/nameservice> capability net_admin, capability net_raw, capability sys_module, network packet packet, /etc/resolv.conf w, /etc/resolv.conf.tmp rw, /etc/sysconfig/network/ r, /etc/sysconfig/network/dhcp r, /proc/net/psched r, /sbin/ip Px, /usr/lib/NetworkManager/nm-crash-logger Px, /usr/sbin/NetworkManager mr, /usr/sbin/nscd Px, /usr/sbin/wpa_supplicant Px, /var/run/NetworkManager.pid w, /var/run/NetworkManager/wpa_ctrl_* w, /var/run/wpa_supplicant-global w, /var/run/wpa_supplicant/* w, } over 2 years ago argh, switch things back to complain for a while 169 jmichael Edit History
opensuse10.3 /usr/lib/firefox/firefox-bin #include <tunables/global> /usr/lib/firefox/firefox-bin { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> capability sys_nice, / r, /Archiv/ r, /Archiv/Filez/ r, /Archiv/Filez/.privat/ r, /Archiv/Filez/.privat/** r, /Archiv/Filez/GSO/ r, /Archiv/Filez/GSO/** r, /Archiv/computer/howto/cedega/Cedega_6_Quick_Start_Guide.html r, /bin/basename ixr, /bin/bash ixr, /bin/grep ixr, /bin/netstat Px, /bin/ps Px, /bin/uname ixr, /etc/cups/lpoptions r, /etc/gai.conf r, /etc/gnome-vfs-2.0/modules/ r, /etc/mailcap r, /etc/mime.types r, /etc/mtab r, /etc/opt/kde3/share/applications/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, /etc/samba/dhcp.conf r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/ r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.adobe/Flash_Player/** r, /home/*/.beagle/socket w, /home/*/.bookmarks.html rw, /home/*/.cedegarc r, /home/*/.config/ r, /home/*/.config/gtk-2.0/gtkfilechooser.ini rw, /home/*/.config/gtk-2.0/gtkfilechooser.ini.* rw, /home/*/.dmrc r, /home/*/.dvipsrc r, /home/*/.emacs r, /home/*/.esd_auth r, /home/*/.evolution/ r, /home/*/.evolution/.evolution-composer.autosave-A9ON3T w, /home/*/.evolution/camel-cert.db rw, /home/*/.evolution/camel-cert.db~ rw, /home/*/.evolution/categories.xml r, /home/*/.evolution/cert8.db rw, /home/*/.evolution/key3.db rw, /home/*/.evolution/mail/config/folder-tree-expand-state.xml r, /home/*/.evolution/mail/config/gtkrc-mail-fonts r, /home/*/.evolution/secmod.db r, /home/*/.evolution/signatures/signature-0 r, /home/*/.exrc r, /home/*/.fontconfig/* r, /home/*/.gnome2/Totem/state.ini rw, /home/*/.gnome2/Totem/state.ini.KFDV2T rw, /home/*/.gnome2/Totem/state.ini.W6XS2T rw, /home/*/.gnome2/Totem/xine_config rw, /home/*/.gnome2/Totem/xine_config~ w, /home/*/.gnome2/accels/gedit rw, /home/*/.gnome2/evolution-ErtiHU w, /home/*/.gnome2/gecko-rQhLuR w, /home/*/.gnome2/gedit-2 rw, /home/*/.gnome2/gedit-2.6N632T rw, /home/*/.gnome2/gedit-metadata.xml rw, /home/*/.gnome2_private/ w, /home/*/.gpilotd.pid r, /home/*/.gtkrc-1.2-gnome2 r, /home/*/.icons/ r, /home/*/.inputrc r, /home/*/.kde/share/config/kdeglobals r, /home/*/.kermrc r, /home/*/.local/share/applications/ r, /home/*/.local/share/applications/*.desktop r, /home/*/.local/share/applications/defaults.list r, /home/*/.local/share/applications/mimeinfo.cache r, /home/*/.local/share/icons/ r, /home/*/.local/share/mime/aliases r, /home/*/.local/share/mime/globs r, /home/*/.local/share/mime/magic r, /home/*/.local/share/mime/subclasses r, /home/*/.macromedia/Flash_Player/** rw, /home/*/.mailcap r, /home/*/.mozilla/ r, /home/*/.mozilla/firefox/ r, /home/*/.mozilla/firefox/** krw, /home/*/.mozilla/plugins/ r, /home/*/.mozilla/plugins/libflashplayer.so mr, /home/*/.muttrc r, /home/*/.ooo-2.0/.lock krw, /home/*/.ooo-2.0/user/basic/Standard/Module1.xba kr, /home/*/.ooo-2.0/user/basic/Standard/dialog.xlb kr, /home/*/.ooo-2.0/user/basic/Standard/script.xlb kr, /home/*/.ooo-2.0/user/basic/dialog.xlc kr, /home/*/.ooo-2.0/user/basic/script.xlc kr, /home/*/.ooo-2.0/user/config/imagecache/ r, /home/*/.ooo-2.0/user/config/javasettings_Linux_x86.xml r, /home/*/.ooo-2.0/user/config/soffice.cfg/modules/swriter/menubar/ r, /home/*/.ooo-2.0/user/config/soffice.cfg/modules/swriter/statusbar/ r, /home/*/.ooo-2.0/user/config/soffice.cfg/modules/swriter/toolbar/ r, /home/*/.ooo-2.0/user/psprint/ r, /home/*/.ooo-2.0/user/psprint/driver/ r, /home/*/.ooo-2.0/user/psprint/pspfontcache r, /home/*/.ooo-2.0/user/registry/ r, /home/*/.ooo-2.0/user/registry/cache/ r, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Addons.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Calc.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Commands.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Common.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Compatibility.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Events.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Impress.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Jobs.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Linguistic.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Paths.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.ProtocolHandler.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Recovery.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.SFX.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Substitution.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.TabBrowse.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.TypeDetection.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.Controller.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.Factories.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.GenericCommands.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.GlobalSettings.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.WriterCommands.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.WriterWindowState.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.UI.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Views.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.Writer.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Office.WriterWeb.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.Setup.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.System.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.TypeDetection.Filter.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.TypeDetection.Misc.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.TypeDetection.Types.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.VCL.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.ucb.Configuration.dat kr, /home/*/.ooo-2.0/user/registry/cache/org.openoffice.ucb.Store.dat kr, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Common.xcu krw, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Common.xcu_tmp krw, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Linguistic.xcu kr, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Recovery.xcu krw, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Recovery.xcu_tmp krw, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/UI/WriterWindowState.xcu kr, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Views.xcu krw, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Views.xcu_tmp krw, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Office/Writer.xcu kr, /home/*/.ooo-2.0/user/registry/data/org/openoffice/Setup.xcu kr, /home/*/.ooo-2.0/user/registry/data/org/openoffice/ucb/Store.xcu kr, /home/*/.ooo-2.0/user/uno_packages/cache/ r, /home/*/.ooo-2.0/user/uno_packages/cache/log.txt krw, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/ r, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/Linux_x86.rdb kr, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/Linux_x86_.rdb krw, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/Linux_x86rc krw, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/common.rdb kr, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/common_.rdb krw, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/unorc krw, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registered_packages.db rw, /home/*/.ooo-2.0/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/registry/ r, /home/*/.ooo-2.0/user/uno_packages/cache/stamp.sys krw, /home/*/.ooo-2.0/user/uno_packages/cache/uno_packages.db rw, /home/*/.ooo-2.0/user/uno_packages/cache/uno_packages/ r, /home/*/.ooo-2.0/user/wordbook/ r, /home/*/.opensuse-updater-gnome r, /home/*/.realplayerrc r, /home/*/.recently-used krw, /home/*/.recently-used.xbel rw, /home/*/.recently-used.xbel.* rw, /home/*/.urlview r, /home/*/.viminfo r, /home/*/.windows-label r, /home/*/.xcoralrc r, /home/*/.xim.template r, /home/*/.xine/catalog.cache rw, /home/*/.xinitrc.template r, /home/*/.xsession-errors r, /home/*/.xtalkrc r, /home/*/.y2log r, /home/*/Desktop/ r, /home/*/Desktop/** rw, /home/*/Documents/** rw, /home/*/mycompiz r, /opt/kde3/bin/gwenview Px, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/kde/amarok.desktop r, /opt/kde3/share/applications/kde/kate.desktop r, /opt/kde3/share/applications/kde/kfmclient_dir.desktop r, /opt/kde3/share/applications/kde/kwrite.desktop r, /opt/kde3/share/applications/kde/realplay-kde.desktop r, /opt/kde3/share/applications/mimeinfo.cache r, /proc/*/maps r, /proc/cpuinfo r, /proc/meminfo r, /proc/stat r, /proc/sys/kernel/ngroups_max r, /root/.gnome2_private/ w, /root/.mozilla/firefox/** krw, /tmp/ rw, /tmp/** klrw, /usr/X11R6/lib/lib*so* mr, /usr/bin/acroread Px, /usr/bin/banshee ixr, /usr/bin/bug-buddy ixr, /usr/bin/dirname ixr, /usr/bin/eog Px, /usr/bin/evince Px, /usr/bin/evolution ixr, /usr/bin/file-roller Px, /usr/bin/find ixr, /usr/bin/gedit ixr, /usr/bin/gimp-remote-2.2 Px, /usr/bin/gnome-mplayer ixr, /usr/bin/gnome-open ixr, /usr/bin/gvim-normal ixr, /usr/bin/head ixr, /usr/bin/mplayer Px, /usr/bin/nautilus ixr, /usr/bin/oowriter ixr, /usr/bin/purple-url-handler ixr, /usr/bin/python2.5 ixr, /usr/bin/totem ixr, /usr/bin/wine ixr, /usr/bin/xdg-open ixr, /usr/lib/** kmr, /usr/lib/firefox/** mrw, /usr/lib/firefox/firefox-bin ixr, /usr/lib/firefox/firefox.sh Px, /usr/lib/ooo-2.0/program/javaldx ixr, /usr/lib/ooo-2.0/program/ooqstart ixr, /usr/lib/ooo-2.0/program/pagein ixr, /usr/lib/ooo-2.0/program/soffice ixr, /usr/lib/ooo-2.0/program/soffice.bin ixr, /usr/lib/totem/totem-plugin-viewer ixr, /usr/share/** r, /usr/share/locale-bundle/de/LC_MESSAGES/*.mo mr, /usr/share/locale/** mr, /usr/share/ooo-2.0/share/config/images_crystal.zip kr, /usr/share/ooo-2.0/share/config/images_tango.zip kr, /var/cache/gnome-vfs/defaults.list r, /var/cache/libx11/compose/* r, /var/run/cups/cups.sock w, /var/run/nscd/services r, } over 2 years ago 170 overwrite Edit History
ubuntu-gutsy /usr/bin/mkfontdir #include <tunables/global> /usr/bin/mkfontdir { #include <abstractions/base> /bin/dash ixr, /usr/bin/mkfontdir mr, /usr/bin/mkfontscale Px, } over 2 years ago gnome 136 hbpteam Edit History
opensuse11.0 /bin/hostname #include <tunables/global> /bin/hostname flags=(complain) { #include <abstractions/base> } 9 months ago 68 erinome Edit History
opensuse10.3 /opt/kde3/bin/kmail #include <tunables/global> /opt/kde3/bin/kmail flags=(complain) { #include <abstractions/base> /opt/kde3/bin/kmail mr, /opt/kde3/lib/lib*so* mr, } about 1 year ago kmail1 120 mmm Edit History
opensuse10.3 /etc/NetworkManager/dispatcher.d/nfs #include <tunables/global> /etc/NetworkManager/dispatcher.d/nfs { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /bin/ls ixmr, /etc/NetworkManager/dispatcher.d/nfs mr, /etc/init.d/rc5.d/ r, /proc/meminfo r, /sbin/runlevel Px, } over 2 years ago Import of jmichaels profiles 127 dominic Edit History
opensuse10.3 /usr/lib/postfix/cleanup # $Id: usr.lib.postfix.cleanup 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/cleanup { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability net_bind_service, /etc/gai.conf r, /etc/postfix/* krw, /etc/{m,fs}tab r, /usr/lib/postfix/cleanup rmix, /var/spool/postfix/** krw, /{var/spool/postfix/,}hold/[0-9A-F]* w, /{var/spool/postfix/,}incoming/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl, /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl, /{var/spool/postfix/,}incoming/[0-9]*.[0-9]* rwl, /{var/spool/postfix/,}pid/unix.cleanup rw, /{var/spool/postfix/,}private/{rewrite,bounce} w, /{var/spool/postfix/,}public/qmgr w, } over 2 years ago ssh needed the ability to create /root/.ssh, and assorted CUPS fixes 133 crispin Edit History
ubuntu-gutsy /home/aevaughn/bin/namd/namd2 #include <tunables/global> /home/aevaughn/bin/namd/namd2 flags=(complain) { #include <abstractions/base> /home/aevaughn/bin/namd/namd2 mr, } over 2 years ago aevaughn 138 aevaughn Edit History
opensuse11.0 /usr/bin/linuxdcpp #include <tunables/global> /usr/bin/linuxdcpp flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /etc/fonts/** r, /etc/gtk-2.0/gdk-pixbuf64.loaders r, /etc/gtk-2.0/gtk64.immodules r, /etc/gtk-2.0/gtkrc r, /etc/pango/pango64.modules r, owner /home/*/ r, owner /home/*/.Xauthority r, owner /home/*/.config/Trolltech.conf r, owner /home/*/.config/gtk-2.0/gtkfilechooser.ini r, owner /home/*/.config/qtcurve.gtk-colors rw, owner /home/*/.config/qtcurve.gtk-icons rw, owner /home/*/.dc\+\+/ADLSearch.xml r, owner /home/*/.dc\+\+/Certificates/ r, owner /home/*/.dc\+\+/Certificates/client.crt r, owner /home/*/.dc\+\+/Certificates/client.key r, owner /home/*/.dc\+\+/DCPlusPlus.xml r, owner /home/*/.dc\+\+/Favorites.xml r, owner /home/*/.dc\+\+/LinuxDC\+\+.xml r, owner /home/*/.dc\+\+/Queue.xml r, owner /home/*/.dc\+\+/profile.lck wk, owner /home/*/.fontconfig/cd018c4c8233b51c4259a1895a99c429-x86-64.cache-2 r, owner /home/*/.fonts.conf r, owner /home/*/.gtk-bookmarks r, owner /home/*/.gtkrc-2.0-kde4 r, owner /home/*/.kde/share/config/kdeglobals r, owner /home/*/.kde4/share/config/gtkrc-2.0 r, owner /home/*/.local/share/mime/mime.cache r, owner /home/*/.recently-used.xbel r, /opt/kde3/share/icons/ r, /opt/kde3/share/icons/hicolor/icon-theme.cache r, owner /proc/*/cmdline r, owner /proc/*/mounts r, /tmp/.X11-unix/X0 w, /usr/bin/linuxdcpp r, /usr/lib64/** mr, /usr/share/fonts/** r, /usr/share/gvfs/remote-volume-monitors/ r, /usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r, /usr/share/gvfs/remote-volume-monitors/hal.monitor r, /usr/share/icons/ r, /usr/share/icons/Gilouche/icon-theme.cache r, /usr/share/icons/Gilouche/index.theme r, /usr/share/icons/Oxygen_White/cursors/00008160000006810000408080010102 r, /usr/share/icons/Oxygen_White/cursors/pointer r, /usr/share/icons/Oxygen_White/cursors/w-resize r, /usr/share/icons/Oxygen_White/cursors/xterm r, /usr/share/icons/gnome/icon-theme.cache r, /usr/share/icons/gnome/index.theme r, /usr/share/icons/hicolor/icon-theme.cache r, /usr/share/icons/hicolor/index.theme r, /usr/share/linuxdcpp/glade/mainwindow.glade r, /usr/share/linuxdcpp/pixmaps/FinishedDL.png r, /usr/share/linuxdcpp/pixmaps/FinishedUL.png r, /usr/share/linuxdcpp/pixmaps/connect.png r, /usr/share/linuxdcpp/pixmaps/download.png r, /usr/share/linuxdcpp/pixmaps/favhubs.png r, /usr/share/linuxdcpp/pixmaps/hash.png r, /usr/share/linuxdcpp/pixmaps/linuxdcpp-icon.png r, /usr/share/linuxdcpp/pixmaps/linuxdcpp.png r, /usr/share/linuxdcpp/pixmaps/publichubs.png r, /usr/share/linuxdcpp/pixmaps/queue.png r, /usr/share/linuxdcpp/pixmaps/quit.png r, /usr/share/linuxdcpp/pixmaps/search.png r, /usr/share/linuxdcpp/pixmaps/settings.png r, /usr/share/linuxdcpp/pixmaps/upload.png r, /usr/share/mime/mime.cache r, /usr/share/pixmaps/ r, /usr/share/themes/Clearlooks/gtk-2.0/gtkrc r, /usr/share/themes/QtCurve/gtk-2.0/gtkrc r, /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86-64.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86-64.cache-2 r, /var/cache/fontconfig/5ca8086aeacc9c68e81a71e7ef846b3b-x86-64.cache-2 r, /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86-64.cache-2 r, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86-64.cache-2 r, /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-x86-64.cache-2 r, /var/cache/fontconfig/a1c95d6dfc9a7b34f44445cf81166004-x86-64.cache-2 r, /var/cache/fontconfig/c952848b32a83a3db68a27ab871288f2-x86-64.cache-2 r, } 3 months ago 36 DronT Edit History
opensuse11.0 /opt/WAS_APPARMOR/java/jre/bin/java #include <tunables/global> /opt/WAS_APPARMOR/java/jre/bin/java { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> capability dac_override, capability setgid, capability setuid, capability sys_nice, deny /opt/IHS61_APPARMOR/logs/cgisock w, deny owner /usr/local/ibm/gsk7/lib/libgsk7ssl.so r, /bin/bash rix, owner /dev/tty rw, owner /etc/sysconfig/clock r, owner /opt/IHS61_APPARMOR/** mrwk, /opt/IHS61_APPARMOR/** a, /opt/IHS61_APPARMOR/bin/apachectl rix, /opt/IHS61_APPARMOR/bin/httpd rix, owner /opt/WAS_APPARMOR/ w, owner /opt/WAS_APPARMOR/** mrwk, /opt/WAS_APPARMOR/java/jre/bin/java rix, owner /proc/*/net/if_inet6 r, owner /proc/meminfo r, owner /proc/stat r, owner /tmp/ r, owner /tmp/* rw, owner /tmp/** r, owner /tmp/*/ w, owner /usr/share/zoneinfo/ r, owner /var/run/nscd/services r, } 9 months ago was 70 wasadmin Edit History
opensuse10.3 /usr/lib/gnome-main-menu/main-menu #include <tunables/global> /usr/lib/gnome-main-menu/main-menu flags=(complain) { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/fonts> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> /etc/gnome-vfs-2.0/modules/ r, /etc/mtab r, /etc/opt/kde3/share/applications/ r, /etc/opt/kde3/share/applications/mimeinfo.cache r, /etc/sound/events/gtk-events-2.soundlist r, /home/*/ r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.config/ w, /home/*/.config/gnome-main-menu/ w, /home/*/.config/gnome-main-menu/showable_files_migrated w, /home/*/.esd_auth r, /home/*/.fontconfig/* r, /home/*/.gnome2_private/ w, /home/*/.icons/ r, /home/*/.local/share/applications/ r, /home/*/.local/share/applications/*.desktop r, /home/*/.local/share/applications/defaults.list r, /home/*/.local/share/applications/mimeinfo.cache r, /home/*/.local/share/icons/ r, /home/*/.local/share/mime/aliases r, /home/*/.local/share/mime/globs r, /home/*/.local/share/mime/magic r, /home/*/.local/share/mime/subclasses r, /home/*/.recently-used.xbel r, /home/*/.recently-used.xbel.* rw, /home/*/.thumbnails/ w, /home/*/.thumbnails/** rw, /home/*/Desktop/** r, /home/*/Documents/* rw, /opt/kde3/share/applications/ r, /opt/kde3/share/applications/mimeinfo.cache r, /proc/*/mounts r, /proc/meminfo r, /proc/net/dev r, /proc/partitions r, /proc/stat r, /sys/block/**/stat r, /sys/devices/**/net/*/statistics/* r, /tmp/orbit-*/bonobo-activation-register.lock klrw, /usr/bin/beagle-search Px, /usr/bin/bug-buddy ixr, /usr/bin/evince-thumbnailer Px, /usr/bin/gnome-screensaver-command Px, /usr/bin/gsf-office-thumbnailer Px, /usr/bin/package-manager Px, /usr/bin/totem-video-thumbnailer Px, /usr/lib/gnome-main-menu/main-menu mr, /usr/share/applications/ r, /usr/share/applications/**.desktop r, /usr/share/applications/mimeinfo.cache r, /usr/share/f-spot/icons/**.png r, /usr/share/gdm/applications/ r, /usr/share/gnome-2.0/ui/*.xml r, /usr/share/gnome-main-menu/ r, /usr/share/gnome-main-menu/*.glade r, /usr/share/gnome-main-menu/*.xbel r, /usr/share/gnome-main-menu/empty.ods r, /usr/share/mime/**.xml r, /var/cache/gnome-vfs/defaults.list r, /var/cache/libx11/compose/* r, } over 2 years ago minor changes for 10.3 rc2 initial gnome launch 143 jmichael Edit History
opensuse10.3 /usr/sbin/postfix #include <tunables/global> /usr/sbin/postfix flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> #include <abstractions/nis> capability dac_override, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /bin/bash ixr, /bin/egrep ixr, /bin/grep ixr, /bin/ls ixmr, /bin/uname ixr, /dev/console rw, /dev/tty rw, /etc/gai.conf r, /etc/postfix/ r, /etc/postfix/dynamicmaps.cf r, /etc/postfix/main.cf r, /etc/postfix/master.cf r, /etc/postfix/post-install r, /etc/postfix/postfix-files r, /etc/postfix/postfix-script ixr, /etc/postfix/relocated.db krw, /etc/postfix/transport.db krw, /etc/postfix/virtual.db krw, /proc/meminfo r, /proc/net/if_inet6 r, /proc/stat r, /proc/sys/kernel/ngroups_max r, /usr/bin/cmp ixr, /usr/bin/find ixr, /usr/lib/postfix/bounce ixr, /usr/lib/postfix/error ixr, /usr/lib/postfix/master ixr, /usr/lib/postfix/pickup ixr, /usr/lib/postfix/qmgr ixr, /usr/lib/postfix/smtp ixr, /usr/lib/postfix/trivial-rewrite ixr, /usr/sbin/ r, /usr/sbin/postconf ixr, /usr/sbin/postfix mr, /usr/sbin/postlog ixr, /usr/sbin/postqueue ixr, /usr/sbin/postsuper ixr, /usr/sbin/sendmail r, /usr/share/doc/packages/postfix/README_FILES/QMQP_README r, /var/run/nscd/services r, /var/spool/postfix/ r, /var/spool/postfix/active/ r, /var/spool/postfix/active/100091AF41CB krw, /var/spool/postfix/active/4BE3E1AF41C1 krw, /var/spool/postfix/active/4CE981AF41C2 krw, /var/spool/postfix/active/644E71AF41C4 krw, /var/spool/postfix/active/A3C3F1AF41B0 krw, /var/spool/postfix/active/BDB231AF41B6 krw, /var/spool/postfix/active/CAE441AF41C0 krw, /var/spool/postfix/bounce/ r, /var/spool/postfix/corrupt/ r, /var/spool/postfix/defer/ r, /var/spool/postfix/defer/1/ r, /var/spool/postfix/defer/1/100091AF41CB kw, /var/spool/postfix/defer/4/ r, /var/spool/postfix/defer/4/4BE3E1AF41C1 kw, /var/spool/postfix/defer/4/4CE981AF41C2 kw, /var/spool/postfix/defer/6/ r, /var/spool/postfix/defer/6/644E71AF41C4 kw, /var/spool/postfix/defer/A/ r, /var/spool/postfix/defer/A/A3C3F1AF41B0 kw, /var/spool/postfix/defer/B/ r, /var/spool/postfix/defer/B/BDB231AF41B6 kw, /var/spool/postfix/defer/C/ r, /var/spool/postfix/defer/C/CAE441AF41C0 kw, /var/spool/postfix/deferred/ r, /var/spool/postfix/deferred/1/ r, /var/spool/postfix/deferred/1/100091AF41CB rw, /var/spool/postfix/deferred/4/ r, /var/spool/postfix/deferred/4/4BE3E1AF41C1 rw, /var/spool/postfix/deferred/4/4CE981AF41C2 rw, /var/spool/postfix/deferred/6/ r, /var/spool/postfix/deferred/6/644E71AF41C4 rw, /var/spool/postfix/deferred/A/ r, /var/spool/postfix/deferred/A/A3C3F1AF41B0 rw, /var/spool/postfix/deferred/B/ r, /var/spool/postfix/deferred/B/BDB231AF41B6 rw, /var/spool/postfix/deferred/C/ r, /var/spool/postfix/deferred/C/CAE441AF41C0 rw, /var/spool/postfix/flush/ r, /var/spool/postfix/hold/ r, /var/spool/postfix/incoming/ r, /var/spool/postfix/maildrop/ r, /var/spool/postfix/pid/master.pid krw, /var/spool/postfix/pid/unix.defer krw, /var/spool/postfix/pid/unix.retry krw, /var/spool/postfix/pid/unix.smtp krw, /var/spool/postfix/private/ r, /var/spool/postfix/private/anvil w, /var/spool/postfix/private/bounce w, /var/spool/postfix/private/bsmtp w, /var/spool/postfix/private/cyrus w, /var/spool/postfix/private/defer w, /var/spool/postfix/private/discard w, /var/spool/postfix/private/error w, /var/spool/postfix/private/ifmail w, /var/spool/postfix/private/lmtp w, /var/spool/postfix/private/local w, /var/spool/postfix/private/maildrop w, /var/spool/postfix/private/procmail w, /var/spool/postfix/private/proxymap w, /var/spool/postfix/private/relay w, /var/spool/postfix/private/retry w, /var/spool/postfix/private/rewrite w, /var/spool/postfix/private/scache w, /var/spool/postfix/private/smtp w, /var/spool/postfix/private/trace w, /var/spool/postfix/private/uucp w, /var/spool/postfix/private/verify w, /var/spool/postfix/private/virtual w, /var/spool/postfix/public/ r, /var/spool/postfix/public/cleanup w, /var/spool/postfix/public/flush w, /var/spool/postfix/public/pickup rw, /var/spool/postfix/public/qmgr rw, /var/spool/postfix/public/showq w, /var/spool/postfix/trace/ r, } over 2 years ago dazuko 459 overwrite Edit History
opensuse10.3 /usr/bin/gnome-keyring-daemon #include <tunables/global> /usr/bin/gnome-keyring-daemon flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability sys_ptrace, /home/*/.gnome2/keyrings/ r, /home/*/.gnome2/keyrings/.keyring* rw, /home/*/.gnome2/keyrings/default.keyring rw, /tmp/keyring-*/ w, /tmp/keyring-*/socket w, /usr/bin/gnome-keyring-daemon mr, /usr/lib/gnome-keyring-1/gnome-keyring-ask Px, } over 2 years ago argh, switch things back to complain for a while 143 jmichael Edit History
opensuse11.0 /sbin/yast2 #include <tunables/global> /sbin/yast2 flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, } 5 months ago thebahdest 42 thebahdness Edit History
opensuse11.0 /usr/bin/mysql #include <tunables/global> /usr/bin/mysql flags=(complain) { #include <abstractions/base> capability dac_override, /etc/my.cnf r, owner /usr/bin/mysql r, owner /usr/share/mysql/charsets/Index.xml r, /var/lib/mysql/.protected/mysql.sock w, owner /var/run/nscd/services r, owner /var/run/nscd/socket w, } about 1 year ago mysql_log 86 snowmannishboy Edit History
opensuse10.3 /usr/local/BGDialupWiFiAgent/wifi_agent.sh #include <tunables/global> /usr/local/BGDialupWiFiAgent/wifi_agent.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> #include <abstractions/perl> capability net_admin, capability net_raw, network inet raw, /bin/bash ixr, /bin/date ixr, /bin/echo ixr, /dev/tty rw, /etc/SuSE-release r, /etc/fonts/** r, /etc/sysconfig/clock r, /proc/*/fd/ r, /proc/*/maps r, /proc/meminfo r, /proc/net/if_inet6 r, /proc/net/ipv6_route r, /proc/net/psched r, /proc/stat r, /proc/sys/net/ipv4/ip_forward w, /root/.Xauthority r, /sbin/arp Ux, /tmp/ r, /tmp/** mrw, /usr/bin/perl ix, /usr/bin/readlink ixr, /usr/lib64/** mr, /usr/lib64/jvm/java-1.6.0.u4-sun-1.6.0.u4/jre/bin/java ixr, /usr/lib64/jvm/java-1.6.0.u4-sun-1.6.0.u4/jre/bin/java.bin ixr, /usr/local/BGDialupWiFiAgent/** mrw, /usr/local/BGDialupWiFiAgent/init.sh ixr, /usr/local/BGDialupWiFiAgent/init_manad.sh ixr, /usr/local/BGDialupWiFiAgent/iptables.sh ixr, /usr/local/BGDialupWiFiAgent/login.sh ixr, /usr/local/BGDialupWiFiAgent/logout.sh ixr, /usr/local/BGDialupWiFiAgent/tell_manad.pl ixr, /usr/local/BGDialupWiFiAgent/wifi_manad.pl ixr, /usr/sbin/iptables mrux, /usr/sbin/tc mrux, /usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE r, /usr/share/X11/locale/locale.alias r, /usr/share/X11/locale/locale.dir r, /usr/share/fonts/** r, /usr/share/ghostscript/fonts/** r, /usr/share/icons/Industrial/cursors/right_ptr r, /usr/share/zoneinfo/ r, /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86-64.cache-2 mr, /var/cache/fontconfig/17eac1165263be9f8c818b6f419cf6e6-x86-64.cache-2 mr, /var/cache/fontconfig/2d31a572ce6667f6a0da9c8dc611898b-x86-64.cache-2 r, /var/cache/fontconfig/30786aca7a961ef9f9799e540455831d-x86-64.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86-64.cache-2 r, /var/cache/fontconfig/4b172ca7f111e3cffadc3636415fead9-x86-64.cache-2 r, /var/cache/fontconfig/5582bcdff229c67b5fec2ece77d58e8f-x86-64.cache-2 r, /var/cache/fontconfig/5ca8086aeacc9c68e81a71e7ef846b3b-x86-64.cache-2 r, /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86-64.cache-2 mr, /var/cache/fontconfig/7975540dee8a6ff17f6798a1cba5e67e-x86-64.cache-2 mr, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86-64.cache-2 mr, /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-x86-64.cache-2 mr, /var/cache/fontconfig/96694e2e5c96306c7f07acd6d3b454e6-x86-64.cache-2 mr, /var/cache/fontconfig/a1c95d6dfc9a7b34f44445cf81166004-x86-64.cache-2 r, /var/cache/fontconfig/d458be102e54cf534d1eef0dcbb02d07-x86-64.cache-2 mr, /var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-x86-64.cache-2 mr, /var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-x86-64.cache-2 mr, /var/run/manad.pid w, } about 1 year ago andrew 87 gankov Edit History
opensuse10.3 /etc/NetworkManager/dispatcher.d/nfs #include <tunables/global> /etc/NetworkManager/dispatcher.d/nfs { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /bin/ls ixmr, /etc/NetworkManager/dispatcher.d/nfs mr, /etc/init.d/rc5.d/ r, /proc/meminfo r, /sbin/runlevel Px, } over 2 years ago none 112 cinimod Edit History
opensuse10.3 /bin/netstat #include <tunables/global> /bin/netstat flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, capability sys_ptrace, /bin/netstat mr, /proc/ r, /proc/*/cmdline r, /proc/*/fd/ r, /proc/net/ r, /proc/net/* r, } over 2 years ago 131 overwrite Edit History
opensuse10.3 /bin/dbus-daemon #include <tunables/global> /bin/dbus-daemon flags=(complain) { #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/nameservice> capability dac_override, capability setgid, capability setuid, /bin/dbus-daemon mr, /etc/dbus-1/session.conf r, /etc/dbus-1/system.conf r, /etc/dbus-1/system.d/ r, /etc/dbus-1/system.d/*.conf r, /usr/bin/helix-dbus-server Px, /usr/lib/control-center-2.0/gnome-settings-daemon Px, /usr/lib/gnome-vfs-2.0/gnome-vfs-daemon Px, /usr/lib/notification-daemon-1.0/notification-daemon Px, /usr/share/dbus-1/services/ r, /usr/share/dbus-1/services/*.service r, /var/run/dbus/pid w, } over 2 years ago argh, switch things back to complain for a while 149 jmichael Edit History
opensuse10.3 /usr/local/BGBillingServer/scheduler.sh #include <tunables/global> /usr/local/BGBillingServer/scheduler.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ixr, /dev/tty rw, /usr/bin/nohup ixr, /usr/lib64/jvm/java-1.6.0.u4-sun-1.6.0.u4/jre/bin/java px, /usr/local/BGBillingServer/log/scheduler.out w, /usr/local/BGBillingServer/scheduler.sh mr, } about 1 year ago andrew 183 gankov Edit History
opensuse10.3 /usr/bin/gnome-screensaver-command #include <tunables/global> /usr/bin/gnome-screensaver-command { #include <abstractions/base> /usr/bin/gnome-screensaver-command mr, } over 2 years ago Import of jmichaels profiles 113 dominic Edit History
ubuntu-gutsy /usr/bin/id #include <tunables/global> /usr/bin/id flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /proc/*/mounts r, /proc/filesystems r, /usr/bin/id mr, } over 2 years ago gnome 172 hbpteam Edit History
ubuntu-gutsy /usr/bin/nessus #include <tunables/global> /usr/bin/nessus { #include <abstractions/base> /usr/bin/nessus mr, } over 2 years ago gnome 130 hbpteam Edit History
opensuse11.0 /usr/sbin/httpd2-prefork #include <tunables/global> /usr/sbin/httpd2-prefork { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability dac_override, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_ptrace, owner /etc/apache2/conf.d/ r, owner /etc/apache2/conf.d/mod_security2.conf r, owner /etc/apache2/conf.d/php5.conf r, owner /etc/apache2/default-server.conf r, owner /etc/apache2/errors.conf r, owner /etc/apache2/httpd.conf r, owner /etc/apache2/listen.conf r, owner /etc/apache2/mod_log_config.conf r, owner /etc/apache2/mod_mime-defaults.conf r, owner /etc/apache2/modsecurity.d/ r, /etc/apache2/modsecurity.d/* r, owner /etc/apache2/server-tuning.conf r, owner /etc/apache2/ssl-global.conf r, /etc/apache2/ssl.crt/ca-bundle1.crt r, /etc/apache2/ssl.crt/server.crt r, /etc/apache2/ssl.key/server.key r, owner /etc/apache2/sysconfig.d/global.conf r, owner /etc/apache2/sysconfig.d/include.conf r, owner /etc/apache2/sysconfig.d/loadmodule.conf r, owner /etc/apache2/uid.conf r, owner /etc/apache2/vhosts.d/ r, /etc/apache2/vhosts.d/vhost-ssl.conf r, /etc/apache2/vhosts.d/vhost.conf r, owner /etc/mime.types r, owner /etc/php5/apache2/php.ini r, owner /etc/php5/conf.d/ r, owner /etc/php5/conf.d/bz2.ini r, owner /etc/php5/conf.d/calendar.ini r, owner /etc/php5/conf.d/ctype.ini r, owner /etc/php5/conf.d/curl.ini r, owner /etc/php5/conf.d/dom.ini r, owner /etc/php5/conf.d/ftp.ini r, owner /etc/php5/conf.d/gd.ini r, owner /etc/php5/conf.d/gettext.ini r, owner /etc/php5/conf.d/hash.ini r, owner /etc/php5/conf.d/iconv.ini r, owner /etc/php5/conf.d/json.ini r, owner /etc/php5/conf.d/mbstring.ini r, owner /etc/php5/conf.d/mcrypt.ini r, owner /etc/php5/conf.d/mysql.ini r, owner /etc/php5/conf.d/mysqli.ini r, owner /etc/php5/conf.d/openssl.ini r, owner /etc/php5/conf.d/pdo.ini r, owner /etc/php5/conf.d/pdo_mysql.ini r, owner /etc/php5/conf.d/pspell.ini r, owner /etc/php5/conf.d/soap.ini r, owner /etc/php5/conf.d/suhosin.ini r, owner /etc/php5/conf.d/tokenizer.ini r, owner /etc/php5/conf.d/xmlreader.ini r, owner /etc/php5/conf.d/xmlwriter.ini r, owner /etc/php5/conf.d/xsl.ini r, owner /etc/php5/conf.d/zip.ini r, owner /etc/php5/conf.d/zlib.ini r, /proc/*/attr/current w, /srv/www/htdocs/** rw, /srv/www/htdocs/domains/nik.pl/exec/* px, /tmp/** rw, owner /usr/lib64/** m, /usr/lib64/** r, owner /usr/sbin/httpd2-prefork r, owner /var/lib/php5/session_mm_apache2handler0.sem wk, /var/log/apache2/* rw, owner /var/run/httpd2.pid w, owner /var/run/nscd/services r, ^DEFAULT_URI { #include <abstractions/nameservice> /dev/urandom r, /etc/localtime r, /proc/*/attr/current w, /proc/meminfo r, owner /srv/www/htdocs/** ak, /srv/www/htdocs/** rw, owner /tmp/* w, /usr/lib/locale/** r, /usr/lib64/gconv/gconv-modules r, /usr/lib64/gconv/gconv-modules.cache r, /usr/share/apache2/error/** r, /usr/share/locale/** r, /usr/share/mysql/charsets/Index.xml r, /usr/share/zoneinfo/ r, /usr/share/zoneinfo/** r, /var/lib/mysql/mysql.sock w, /var/log/apache2/* w, } ^HANDLING_UNTRUSTED_INPUT { network inet stream, /proc/*/attr/current w, /srv/www/htdocs/domains/** r, /usr/share/apache2/error/* r, /var/log/apache2/* w, } } 14 days ago 9 4 camellot Edit History
opensuse11.0 /usr/bin/kopete #include <tunables/global> /usr/bin/kopete flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /etc/fonts/** r, /etc/kde4/share/config/oxygenrc r, /etc/kde4rc r, /etc/rpc r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.config/Trolltech.conf rk, owner /home/*/.fontconfig/05f98b157de9571a4191e527c1faf6b7-x86.cache-2 r, owner /home/*/.kde/share/config/kdeglobals rk, owner /home/*/.kde4/share/ w, owner /home/*/.kde4/share/apps/kabc/ rw, owner /home/*/.kde4/share/apps/kabc/std.vcf rw, owner /home/*/.kde4/share/apps/kopete/ r, owner /home/*/.kde4/share/apps/kopete/contactlist.xml r, owner /home/*/.kde4/share/apps/kopete/statuses.xml r, owner /home/*/.kde4/share/config/ w, owner /home/*/.kde4/share/config/kdeglobals r, owner /home/*/.kde4/share/config/kopeterc rw, owner /home/*/.kde4/share/config/kresources/contact/stdrc rw, owner /home/*/.kde4/share/config/kresources/contact/stdrc.lock w, owner /home/*/.kde4/share/config/kresources/contact/stdrc.lock.dT6237 w, owner /home/*/.kde4/share/config/kresources/contact/stdrc.lock.fB6237 w, owner /home/*/.kde4/share/config/kresources/contact/stdrcCj6237.new rw, owner /home/*/.kde4/share/config/kresources/contact/stdrcJH6237.new rw, /opt/kde3/share/icons/hicolor/ r, /tmp/.X11-unix/X0 w, /usr/bin/kopete r, /usr/lib/** mr, /usr/lib/kde4/libexec/drkonqi rix, /usr/share/ghostscript/fonts/** r, /usr/share/icons/Oxygen_White/cursors/left_ptr r, /usr/share/icons/hicolor/ r, /usr/share/icons/oxygen/ r, /usr/share/kde4/apps/kabc/formats/ r, /usr/share/kde4/apps/kabc/formats/binary.desktop r, /usr/share/kde4/apps/kopete/kopeteui.rc r, /usr/share/kde4/apps/kopete_history/historyui.rc r, /usr/share/kde4/config/kopeterc r, /usr/share/kde4/config/ui/ui_standards.rc r, /usr/share/locale-bundle/en_US/LC_MESSAGES/kde4-openSUSE.mo r, /var/cache/fontconfig/* r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.data rw, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.index rw, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.FW6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.MT6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.PE6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.SL6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.Tw6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.ZK6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.ZT6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.Zb6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.hX6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.ik6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.nn6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.th6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.lock.wX6237 w, owner /var/tmp/kdecache-amir/kpc/kde-icon-cache.updated w, owner /var/tmp/kdecache-amir/ksycoca4 r, } 4 months ago asd 39 amir Edit History
opensuse11.0 /usr/sbin/popper # $Id: usr.sbin.popper 683 2007-05-16 19:51:46Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/popper { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-mail> capability setgid, capability setuid, /log/qpopper.log rw, /usr/sbin/popper mr, /var/spool/mail/* rw, } 7 months ago 69 axanka Edit History
opensuse10.3 /usr/sbin/saslauthd #include <tunables/global> /usr/sbin/saslauthd { #include <abstractions/base> #include <abstractions/nameservice> capability dac_override, /etc/saslauthd.conf r, /usr/sbin/saslauthd mr, /var/run/sasl2/* krw, } over 2 years ago 377 arclyde Edit History
opensuse10.3 /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper #include <tunables/global> /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/sysconfig/proxy r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/lib/control-center-2.0/novell-sysconfig-proxy-helper mr, } over 2 years ago argh, switch things back to complain for a while 167 jmichael Edit History
opensuse10.3 /etc/gdm/Xsession #include <tunables/global> /etc/gdm/Xsession { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/X11/xdm/Xsession Px, /etc/gdm/Xsession mr, /proc/meminfo r, } over 2 years ago Import of jmichaels profiles 141 dominic Edit History
opensuse10.3 /etc/gdm/PreSession/Default #include <tunables/global> /etc/gdm/PreSession/Default { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> capability setgid, capability setuid, /bin/bash ixr, /bin/sed ixr, /etc/gdm/PreSession/Default mr, /usr/bin/gdmflexiserver Px, /usr/bin/xsetroot Px, } over 2 years ago Import of jmichaels profiles 111 dominic Edit History
opensuse10.3 /opt/firefox/firefox #include <tunables/global> /opt/firefox/firefox { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /opt/firefox/firefox mr, } 12 months ago Firefox Browser 82 tom Edit History
opensuse11.0 /usr/lib/postfix/pickup # $Id: usr.lib.postfix.pickup 741 2007-06-11 22:55:56Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/pickup { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> network inet stream, network inet6 dgram, network inet6 stream, owner /etc/gai.conf r, owner /proc/sys/kernel/ngroups_max r, /usr/lib/postfix/pickup mrix, /{var/spool/postfix/,}maildrop/ r, /{var/spool/postfix/,}maildrop/* rwl, /{var/spool/postfix/,}public/cleanup w, /{var/spool/postfix/,}public/pickup r, } about 1 year ago 99 delder Edit History
opensuse10.3 /usr/bin/Azureus.sh #include <tunables/global> /usr/bin/Azureus.sh flags=(complain) { #include <abstractions/base> #include <abstractions/bash> /bin/bash ix, /usr/bin/Azureus.sh mr, } about 1 year ago installer 123 Lanecamper Edit History
opensuse10.3 /usr/bin/gnome-screensaver-command #include <tunables/global> /usr/bin/gnome-screensaver-command { #include <abstractions/base> /usr/bin/gnome-screensaver-command mr, } over 2 years ago none 107 cinimod Edit History
opensuse10.3 /etc/X11/xdm/sys.xsession #include <tunables/global> /etc/X11/xdm/sys.xsession { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/user-tmp> capability sys_ptrace, /bin/bash ixr, /etc/X11/xdm/sys.xsession mr, /etc/X11/xinit/xinitrc r, /etc/X11/xinit/xinitrc.common r, /etc/X11/xinit/xinitrc.d/ r, /etc/X11/xinit/xinitrc.d/sabayon-xinitrc.sh Px, /home/*/.gnupg/agent.info rw, /home/*/.gnupg/agent.pid rw, /proc/ r, /proc/*/stat r, /proc/*/statm r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /sbin/checkproc ixr, /usr/bin/dbus-launch Px, /usr/bin/gpg-agent Pxr, /usr/bin/ssh-agent ixr, /usr/lib/ssh/x11-ssh-askpass Px, } over 2 years ago Import of jmichaels profiles 113 dominic Edit History
opensuse10.3 /bin/su #include <tunables/global> /bin/su flags=(complain) { #include <abstractions/base> /bin/su mr, } over 2 years ago /prg/milos/su.log 115 gomi Edit History
opensuse10.3 Marcel I`am a Linux Newbie about 1 year ago 109 doggy29 Edit History
opensuse10.3 /etc/gdm/Xsession #include <tunables/global> /etc/gdm/Xsession { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/X11/xdm/Xsession Px, /etc/gdm/Xsession mr, /proc/meminfo r, } over 2 years ago none 120 cinimod Edit History
opensuse10.3 /etc/gdm/PreSession/Default #include <tunables/global> /etc/gdm/PreSession/Default { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> capability setgid, capability setuid, /bin/bash ixr, /bin/sed ixr, /etc/gdm/PreSession/Default mr, /usr/bin/gdmflexiserver Px, /usr/bin/xsetroot Px, } over 2 years ago none 87 cinimod Edit History
ubuntu-gutsy /usr/sbin/apache2 #include <tunables/global> /usr/sbin/apache2 { #include <abstractions/base> /usr/sbin/apache2 mr, } /usr/sbin/apache2//DEFAULT_URI { } /usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT { } 11 months ago apache2 89 jmfrank63 Edit History
opensuse10.3 /usr/bin/VirtualBox #include <tunables/global> /usr/bin/VirtualBox flags=(complain) { #include <abstractions/base> /usr/bin/VirtualBox mr, } about 1 year ago Rich 104 ruscorp Edit History
opensuse10.3 /etc/X11/xdm/sys.xsession #include <tunables/global> /etc/X11/xdm/sys.xsession { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/user-tmp> capability sys_ptrace, /bin/bash ixr, /etc/X11/xdm/sys.xsession mr, /etc/X11/xinit/xinitrc r, /etc/X11/xinit/xinitrc.common r, /etc/X11/xinit/xinitrc.d/ r, /etc/X11/xinit/xinitrc.d/sabayon-xinitrc.sh Px, /home/*/.gnupg/agent.info rw, /home/*/.gnupg/agent.pid rw, /proc/ r, /proc/*/stat r, /proc/*/statm r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /sbin/checkproc ixr, /usr/bin/dbus-launch Px, /usr/bin/gpg-agent Pxr, /usr/bin/ssh-agent ixr, /usr/lib/ssh/x11-ssh-askpass Px, } over 2 years ago none 104 cinimod Edit History
opensuse10.3 /sbin/ldconfig #include <tunables/global> /sbin/ldconfig { #include <abstractions/base> /etc/ld.so.cache mrw, /etc/ld.so.cache~ rw, /etc/ld.so.conf r, /etc/ld.so.conf.d/ r, /etc/ld.so.conf.d/* r, /lib/ r, /opt/kde3/lib/ r, /sbin/ldconfig mr, /usr/X11R6/lib/ r, /usr/lib/ r, /usr/local/lib/ r, /var/cache/ldconfig/aux-cache rw, /var/cache/ldconfig/aux-cache~ rw, } over 2 years ago Import of jmichaels profiles 154 dominic Edit History
opensuse10.3 /etc/sysconfig/network/scripts/SuSEfirewall2 #include <tunables/global> /etc/sysconfig/network/scripts/SuSEfirewall2 flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ixr, /etc/sysconfig/network/config r, /etc/sysconfig/network/ifcfg-* r, /etc/sysconfig/network/scripts/SuSEfirewall2 mr, /proc/meminfo r, } over 2 years ago argh, switch things back to complain for a while 138 jmichael Edit History
opensuse11.0 /usr/sbin/httpd2-prefork # $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/httpd2-prefork flags=(complain) { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <abstractions/perl> capability dac_override, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_tty_config, /dev/random r, /etc/apache2/*.conf r, /etc/apache2/magic r, /etc/apache2/mod_perl-startup.pl r, /etc/apache2/ssl.crt/*.crt r, /etc/apache2/ssl.key/*.key r, /etc/apache2/{conf,sysconfig,vhosts}.d/ r, /etc/apache2/{conf,sysconfig,vhosts}.d/* r, /etc/fstab r, /etc/mime.types r, /etc/mtab r, /etc/odbcinst.ini r, /etc/php.d/ r, /etc/php.d/** r, /etc/php.ini r, owner /etc/php5/apache2/php.ini r, owner /etc/php5/conf.d/ r, owner /etc/php5/conf.d/bcmath.ini r, owner /etc/php5/conf.d/bz2.ini r, owner /etc/php5/conf.d/cairo.ini r, owner /etc/php5/conf.d/calendar.ini r, owner /etc/php5/conf.d/ctype.ini r, owner /etc/php5/conf.d/curl.ini r, owner /etc/php5/conf.d/dba.ini r, owner /etc/php5/conf.d/dom.ini r, owner /etc/php5/conf.d/enchant.ini r, owner /etc/php5/conf.d/exif.ini r, owner /etc/php5/conf.d/fileinfo.ini r, owner /etc/php5/conf.d/ftp.ini r, owner /etc/php5/conf.d/gd.ini r, owner /etc/php5/conf.d/gettext.ini r, owner /etc/php5/conf.d/gmp.ini r, owner /etc/php5/conf.d/hash.ini r, owner /etc/php5/conf.d/http.ini r, owner /etc/php5/conf.d/iconv.ini r, owner /etc/php5/conf.d/imap.ini r, owner /etc/php5/conf.d/intl.ini r, owner /etc/php5/conf.d/json.ini r, owner /etc/php5/conf.d/ldap.ini r, owner /etc/php5/conf.d/mbstring.ini r, owner /etc/php5/conf.d/mcrypt.ini r, owner /etc/php5/conf.d/mysql.ini r, owner /etc/php5/conf.d/mysqli.ini r, owner /etc/php5/conf.d/odbc.ini r, owner /etc/php5/conf.d/openssl.ini r, owner /etc/php5/conf.d/pcntl.ini r, owner /etc/php5/conf.d/pdo.ini r, owner /etc/php5/conf.d/pdo_mysql.ini r, owner /etc/php5/conf.d/pdo_odbc.ini r, owner /etc/php5/conf.d/pdo_pgsql.ini r, owner /etc/php5/conf.d/pdo_sqlite.ini r, owner /etc/php5/conf.d/pgsql.ini r, owner /etc/php5/conf.d/phar.ini r, owner /etc/php5/conf.d/posix.ini r, owner /etc/php5/conf.d/pspell.ini r, owner /etc/php5/conf.d/readline.ini r, owner /etc/php5/conf.d/shmop.ini r, owner /etc/php5/conf.d/snmp.ini r, owner /etc/php5/conf.d/soap.ini r, owner /etc/php5/conf.d/sockets.ini r, owner /etc/php5/conf.d/sqlite.ini r, owner /etc/php5/conf.d/sqlite3.ini r, owner /etc/php5/conf.d/suhosin.ini r, owner /etc/php5/conf.d/sysvmsg.ini r, owner /etc/php5/conf.d/sysvsem.ini r, owner /etc/php5/conf.d/sysvshm.ini r, owner /etc/php5/conf.d/tidy.ini r, owner /etc/php5/conf.d/tokenizer.ini r, owner /etc/php5/conf.d/wddx.ini r, owner /etc/php5/conf.d/xcache.ini r, owner /etc/php5/conf.d/xmlreader.ini r, owner /etc/php5/conf.d/xmlrpc.ini r, owner /etc/php5/conf.d/xmlwriter.ini r, owner /etc/php5/conf.d/xsl.ini r, owner /etc/php5/conf.d/zip.ini r, owner /etc/php5/conf.d/zlib.ini r, /proc/*/attr/current w, owner /session_mm_apache2handler0.sem wk, /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /tmp/auth_ldap_cache.sem wl, owner /tmp/mod_mono_dashboard_XXGLOBAL_1 w, /tmp/mod_mono_dashboard_XXGLOBAL_1 r, /tmp/session_mm_apache0.sem wl, /tmp/session_mm_apache2handler0.sem wl, owner /tmp/xcache rw, /usr/X11R6/lib/lib*.so* mr, /usr/X11R6/lib64/lib*.so* mr, /usr/apache2/error/* r, owner /usr/lib/** m, /usr/lib/** r, /usr/lib/apache2-leader/{lib,mod_}*.so* mr, /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib/apache2-worker/{lib,mod_}*.so* mr, /usr/lib/apache2/modules/{lib,mod_}*.so* mr, /usr/lib/apache2/{lib,mod_}*.so mr, /usr/lib/mysql/libmysql*.so* mr, /usr/lib/php/extensions/*.so mr, /usr/lib/php4/*.so mr, /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib/qt3/lib/lib*.so* mr, /usr/lib64/apache2-leader/{lib,mod_}*.so* mr, /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr, /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr, /usr/lib64/apache2-worker/{lib,mod_}*.so* mr, /usr/lib64/apache2/modules/{lib,mod_}*.so* mr, /usr/lib64/apache2/{lib,mod_}*.so* mr, /usr/lib64/mysql/libmysql*.so* mr, /usr/lib64/php/extensions/*.so mr, /usr/lib64/php4/*.so mr, /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr, /usr/lib64/python[12].[0-9]/site-packages r, /usr/lib64/qt3/lib/lib*.so* mr, /usr/local/tomcat/conf/mod_jk.conf r, /usr/local/tomcat/conf/workers-ajp12.properties r, /usr/sbin/httpd2-prefork r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /usr/share/apache2/error/* r, /usr/share/apache2/error/include/* r, /usr/share/misc/magic.mime r, /usr/share/snmp/mibs r, /usr/share/snmp/mibs/*.{txt,mib} r, /usr/share/snmp/mibs/.index rw, /usr/share/ssl/openssl.cnf r, owner /usr/share/terminfo/x/xterm r, /var/lib/php/sess_* rwl, /var/lock/httpd2.lock.* wl, /var/log/apache2/* rwl, /var/log/apache2/** rwl, /var/log/httpd/ssl_scache.dir r, /var/log/httpd/ssl_scache.pag r, /var/run/httpd2.mm.* wl, /var/run/httpd2.pid wl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, ^DEFAULT_URI flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> /srv/www/htdocs r, /srv/www/htdocs/** r, /srv/www/icons/*.{gif,jpg,png} r, /srv/www/vhosts r, /srv/www/vhosts/** r, /usr/sbin/suexec2 mrix, /usr/share/apache2/** r, /var/lib/php/sess_* rwl, /var/log/apache2/** rwl, /var/www/error/* r, /var/www/html/** r, /var/www/icons/*.{gif,jpg,png} r, @{HOME}/public_html r, @{HOME}/public_html/** r, } ^HANDLING_UNTRUSTED_INPUT flags=(complain) { #include <abstractions/nameservice> /**.htaccess r, /proc/*/attr/current w, /var/log/apache2/* w, } ^null-83b { /dev/shm/ r, owner /dev/shm/mono.18881 mrw, /etc/ld.so.cache mr, /etc/mono/2.0/machine.config r, /etc/mono/config r, /lib/lib*so* mr, owner /proc/*/fd/ r, owner /proc/*/maps r, /proc/meminfo r, /proc/stat r, owner /tmp/.wapi/shared_data-yorerocray-Linux-i686-312-12-0 mrw, owner /tmp/.wapi/shared_fileshare-yorerocray-Linux-i686-36-12-0 mrw, /usr/bin/mod-mono-server r, /usr/lib/gconv/gconv-modules.cache mr, /usr/lib/lib*so* mr, /usr/lib/mono/2.0/mscorlib.dll mr, /usr/lib/mono/gac/Mono.WebServer2/0.2.0.0__0738eb9f132ed756/Mono.WebServer2.dll mr, /usr/lib/mono/gac/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll mr, /usr/lib/mono/gac/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll mr, /usr/lib/mono/gac/System/2.0.0.0__b77a5c561934e089/System.dll mr, /usr/lib/mono/gac/mod-mono-server2/2.4.2.0__0738eb9f132ed756/mod-mono-server2.exe mr, /usr/share/locale/** r, } ^null-83f { /dev/bus/usb/ r, /dev/bus/usb/001/001 r, /dev/bus/usb/002/001 r, /etc/SuSE-release r, /etc/ld.so.cache r, /etc/lsb-release r, /etc/lsb-release.d/ r, /etc/mtab r, /lib/lib*so* mr, /proc/*/attr/current w, owner /proc/*/mounts r, /proc/*/net/dev r, /proc/cpuinfo r, /proc/ide/ r, /proc/loadavg r, /proc/meminfo r, /proc/swaps r, /proc/sys/kernel/hostname r, /proc/uptime r, /proc/version r, /srv/www/htdocs/phpsysinfo/config.php r, /srv/www/htdocs/phpsysinfo/distros.ini r, /srv/www/htdocs/phpsysinfo/includes/XPath.class.php r, /srv/www/htdocs/phpsysinfo/includes/class.Template.inc.php r, /srv/www/htdocs/phpsysinfo/includes/class.error.inc.php r, /srv/www/htdocs/phpsysinfo/includes/common_functions.php r, /srv/www/htdocs/phpsysinfo/includes/lang/ r, /srv/www/htdocs/phpsysinfo/includes/lang/es.php r, /srv/www/htdocs/phpsysinfo/includes/os/class.BSD.common.inc.php r, /srv/www/htdocs/phpsysinfo/includes/os/class.Linux.inc.php r, /srv/www/htdocs/phpsysinfo/includes/os/class.parseProgs.inc.php r, /srv/www/htdocs/phpsysinfo/includes/system_footer.php r, /srv/www/htdocs/phpsysinfo/includes/system_header.php r, /srv/www/htdocs/phpsysinfo/includes/xml/filesystems.php r, /srv/www/htdocs/phpsysinfo/includes/xml/hardware.php r, /srv/www/htdocs/phpsysinfo/includes/xml/hddtemp.php r, /srv/www/htdocs/phpsysinfo/includes/xml/mbinfo.php r, /srv/www/htdocs/phpsysinfo/includes/xml/memory.php r, /srv/www/htdocs/phpsysinfo/includes/xml/network.php r, /srv/www/htdocs/phpsysinfo/includes/xml/vitals.php r, /srv/www/htdocs/phpsysinfo/index.php r, /srv/www/htdocs/phpsysinfo/templates/ r, /srv/www/htdocs/phpsysinfo/templates/classic/box.tpl r, /srv/www/htdocs/phpsysinfo/templates/classic/form.tpl r, /srv/www/htdocs/phpsysinfo/templates/classic/images/bar_middle.gif r, /sys/bus/pci/devices/ r, /sys/bus/pci/slots/ r, /sys/bus/scsi/devices/ r, /sys/bus/usb/devices/ r, /sys/devices/pci0000:00/0000:00:00.0/class r, /sys/devices/pci0000:00/0000:00:00.0/config r, /sys/devices/pci0000:00/0000:00:00.0/device r, /sys/devices/pci0000:00/0000:00:00.0/irq r, /sys/devices/pci0000:00/0000:00:00.0/resource r, /sys/devices/pci0000:00/0000:00:00.0/vendor r, /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/class r, /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/config r, /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/device r, /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/irq r, /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/resource r, /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/vendor r, /sys/devices/pci0000:00/0000:00:01.0/class r, /sys/devices/pci0000:00/0000:00:01.0/config r, /sys/devices/pci0000:00/0000:00:01.0/device r, /sys/devices/pci0000:00/0000:00:01.0/irq r, /sys/devices/pci0000:00/0000:00:01.0/resource r, /sys/devices/pci0000:00/0000:00:01.0/vendor r, /sys/devices/pci0000:00/0000:00:07.0/class r, /sys/devices/pci0000:00/0000:00:07.0/config r, /sys/devices/pci0000:00/0000:00:07.0/device r, /sys/devices/pci0000:00/0000:00:07.0/irq r, /sys/devices/pci0000:00/0000:00:07.0/resource r, /sys/devices/pci0000:00/0000:00:07.0/vendor r, /sys/devices/pci0000:00/0000:00:07.1/class r, /sys/devices/pci0000:00/0000:00:07.1/config r, /sys/devices/pci0000:00/0000:00:07.1/device r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:0/0:0:0:0/model r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:0/0:0:0:0/rev r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:0/0:0:0:0/scsi_level r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:0/0:0:0:0/type r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:0/0:0:0:0/vendor r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:1/0:0:1:0/model r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:1/0:0:1:0/rev r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:1/0:0:1:0/scsi_level r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:1/0:0:1:0/type r, /sys/devices/pci0000:00/0000:00:07.1/host0/target0:0:1/0:0:1:0/vendor r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:0/1:0:0:0/model r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:0/1:0:0:0/rev r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:0/1:0:0:0/scsi_level r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:0/1:0:0:0/type r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:0/1:0:0:0/vendor r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:1/1:0:1:0/model r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:1/1:0:1:0/rev r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:1/1:0:1:0/scsi_level r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:1/1:0:1:0/type r, /sys/devices/pci0000:00/0000:00:07.1/host1/target1:0:1/1:0:1:0/vendor r, /sys/devices/pci0000:00/0000:00:07.1/irq r, /sys/devices/pci0000:00/0000:00:07.1/resource r, /sys/devices/pci0000:00/0000:00:07.1/vendor r, /sys/devices/pci0000:00/0000:00:07.2/class r, /sys/devices/pci0000:00/0000:00:07.2/config r, /sys/devices/pci0000:00/0000:00:07.2/device r, /sys/devices/pci0000:00/0000:00:07.2/irq r, /sys/devices/pci0000:00/0000:00:07.2/resource r, /sys/devices/pci0000:00/0000:00:07.2/usb1/busnum r, /sys/devices/pci0000:00/0000:00:07.2/usb1/descriptors r, /sys/devices/pci0000:00/0000:00:07.2/usb1/devnum r, /sys/devices/pci0000:00/0000:00:07.2/vendor r, /sys/devices/pci0000:00/0000:00:07.3/class r, /sys/devices/pci0000:00/0000:00:07.3/config r, /sys/devices/pci0000:00/0000:00:07.3/device r, /sys/devices/pci0000:00/0000:00:07.3/irq r, /sys/devices/pci0000:00/0000:00:07.3/resource r, /sys/devices/pci0000:00/0000:00:07.3/usb2/busnum r, /sys/devices/pci0000:00/0000:00:07.3/usb2/descriptors r, /sys/devices/pci0000:00/0000:00:07.3/usb2/devnum r, /sys/devices/pci0000:00/0000:00:07.3/vendor r, /sys/devices/pci0000:00/0000:00:07.4/class r, /sys/devices/pci0000:00/0000:00:07.4/config r, /sys/devices/pci0000:00/0000:00:07.4/device r, /sys/devices/pci0000:00/0000:00:07.4/irq r, /sys/devices/pci0000:00/0000:00:07.4/resource r, /sys/devices/pci0000:00/0000:00:07.4/vendor r, /sys/devices/pci0000:00/0000:00:07.5/class r, /sys/devices/pci0000:00/0000:00:07.5/config r, /sys/devices/pci0000:00/0000:00:07.5/device r, /sys/devices/pci0000:00/0000:00:07.5/irq r, /sys/devices/pci0000:00/0000:00:07.5/resource r, /sys/devices/pci0000:00/0000:00:07.5/vendor r, /sys/devices/pci0000:00/0000:00:0c.0/class r, /sys/devices/pci0000:00/0000:00:0c.0/config r, /sys/devices/pci0000:00/0000:00:0c.0/device r, /sys/devices/pci0000:00/0000:00:0c.0/irq r, /sys/devices/pci0000:00/0000:00:0c.0/resource r, /sys/devices/pci0000:00/0000:00:0c.0/vendor r, /sys/devices/pci0000:00/0000:00:0d.0/class r, /sys/devices/pci0000:00/0000:00:0d.0/config r, /sys/devices/pci0000:00/0000:00:0d.0/device r, /sys/devices/pci0000:00/0000:00:0d.0/irq r, /sys/devices/pci0000:00/0000:00:0d.0/resource r, /sys/devices/pci0000:00/0000:00:0d.0/vendor r, /usr/bin/lsb_release r, /usr/lib/lib*so* mr, /usr/lib/locale/** r, /usr/share/locale/** r, /usr/share/pci.ids r, /usr/share/usb.ids r, /usr/share/zoneinfo/ r, /usr/share/zoneinfo/** r, /var/log/apache2/access_log w, /var/run/utmp rk, } ^null-87f { /proc/*/attr/current w, /var/log/apache2/access_log w, } ^null-881 { /proc/*/attr/current w, /var/log/apache2/access_log w, } ^null-883 { /proc/*/attr/current w, /var/log/apache2/access_log w, } ^null-885 { /proc/*/attr/current w, /var/log/apache2/access_log w, } ^null-887 { /proc/*/attr/current w, /var/log/apache2/access_log w, } } about 1 month ago 14 ehv80 Edit History
opensuse11.0 /usr/bin/amule #include <tunables/global> /usr/bin/amule flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> #include <abstractions/nameservice> /bin/bash rix, /bin/uname rix, /etc/fonts/** r, /etc/gnome-vfs-2.0/modules/ r, /etc/gnome-vfs-2.0/modules/default-modules.conf r, /etc/gnome-vfs-2.0/modules/smb-module.conf r, /etc/gnome-vfs-2.0/modules/ssl-modules.conf r, /etc/gtk-2.0/gdk-pixbuf.loaders r, /etc/gtk-2.0/gtk.immodules r, /etc/gtk-2.0/gtkrc r, /etc/pango/pango.modules r, owner /home/*/.aMule/ rw, owner /home/*/.aMule/Incoming/ rw, owner /home/*/.aMule/Temp/ rw, owner /home/*/.aMule/amule.conf r, owner /home/*/.aMule/clients.met r, owner /home/*/.aMule/clients.met.BAK rw, owner /home/*/.aMule/cryptkey.dat r, owner /home/*/.aMule/emfriends.met r, owner /home/*/.aMule/ipfilter.dat r, owner /home/*/.aMule/ipfilter_static.dat r, owner /home/*/.aMule/key_index.dat r, owner /home/*/.aMule/known.met r, owner /home/*/.aMule/known2_64.met rw, owner /home/*/.aMule/last_version_check rw, owner /home/*/.aMule/lastversion rw, owner /home/*/.aMule/lastversionPRVTLx rw, owner /home/*/.aMule/load_index.dat r, owner /home/*/.aMule/logfile rw, owner /home/*/.aMule/logfile.bak rw, owner /home/*/.aMule/muleLock wk, owner /home/*/.aMule/preferences.dat r, owner /home/*/.aMule/preferencesKad.dat r, owner /home/*/.aMule/server.met r, owner /home/*/.aMule/shareddir.dat r, owner /home/*/.aMule/src_index.dat r, owner /home/*/.fontconfig/1dcd7b36f6952e39f954ec8cb987da68-x86.cache-2 r, /opt/kde3/share/icons/ r, /opt/kde3/share/icons/crystalsvg/icon-theme.cache r, /opt/kde3/share/icons/crystalsvg/index.theme r, /opt/kde3/share/icons/hicolor/icon-theme.cache r, owner /proc/*/mounts r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /usr/bin/amule r, /usr/bin/bug-buddy rix, /usr/lib/** mr, /usr/share/GeoIP/GeoIP.dat r, /usr/share/fonts/** r, /usr/share/gvfs/remote-volume-monitors/ r, /usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r, /usr/share/gvfs/remote-volume-monitors/hal.monitor r, /usr/share/icons/ r, /usr/share/icons/DMZ/cursors/left_ptr r, /usr/share/icons/DMZ/cursors/sb_h_double_arrow r, /usr/share/icons/DMZ/cursors/sb_v_double_arrow r, /usr/share/icons/DMZ/cursors/xterm r, /usr/share/icons/Gilouche/icon-theme.cache r, /usr/share/icons/Gilouche/index.theme r, /usr/share/icons/Tango/icon-theme.cache r, /usr/share/icons/Tango/index.theme r, /usr/share/icons/gnome/icon-theme.cache r, /usr/share/icons/gnome/index.theme r, /usr/share/icons/hicolor/icon-theme.cache r, /usr/share/icons/hicolor/index.theme r, /usr/share/mime/mime.cache r, /usr/share/pixmaps/ r, /usr/share/themes/Default/gtk-2.0-key/gtkrc r, /usr/share/themes/Gilouche/gtk-2.0/gtkrc r, /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86.cache-2 r, /var/cache/fontconfig/2d31a572ce6667f6a0da9c8dc611898b-x86.cache-2 r, /var/cache/fontconfig/30786aca7a961ef9f9799e540455831d-x86.cache-2 r, /var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2 r, /var/cache/fontconfig/4b172ca7f111e3cffadc3636415fead9-x86.cache-2 r, /var/cache/fontconfig/5ca8086aeacc9c68e81a71e7ef846b3b-x86.cache-2 r, /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86.cache-2 r, /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 r, /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-x86.cache-2 r, /var/cache/fontconfig/a1c95d6dfc9a7b34f44445cf81166004-x86.cache-2 r, /var/cache/fontconfig/c16af864172909159ced9a806109b5c1-x86.cache-2 r, /var/cache/fontconfig/c36a5ca5419b5200dcfc86d54b5d311a-x86.cache-2 r, /var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-x86.cache-2 r, /var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-x86.cache-2 r, owner /var/run/gdm/auth-for-dholton-Z4wiNm/database r, } 9 months ago initial amule profile 73 dholton Edit History
opensuse11.0 /usr/bin/truecrypt # Last Modified: Mon Dec 9 10:06:09 2008 # ------------------------------------------------------------------ # #include <tunables/global> /usr/bin/truecrypt flags=(complain){ #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/bash> #include <abstractions/gnome> #include <abstractions/kde> #include <abstractions/nameservice> capability chown, capability mknod, capability setgid, capability setuid, capability sys_admin, capability sys_resource, /bin/mount mrUx, /bin/umount mrUx, owner /dev/* rwk, owner /dev/mapper/* w, /etc/sudoers r, /media/ r, /media/.hal-mtab r, /proc/meminfo r, /proc/partitions rwk, /proc/stat r, /sbin/dmsetup rix, /sbin/modprobe rix, /tmp/* rwlk, owner /usr/bin/fusermount mrUx, /usr/bin/sudo rix, /usr/bin/truecrypt rix, owner /var/run/sudo/* w, } about 1 year ago Finally built one that works 105 rhughes Edit History
opensuse10.3 /usr/sbin/mysqld # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/sbin/mysqld flags=(complain) { #include <