AppArmor profile exchange

Find profiles by name | Find profiles by author | Find profiles by name and author | List all profiles | List all users | My profiles | New profile | Anonymous | Login

Aleksandr's profiles

Distribution Name Profile Created At Changelog View Count Username
opensuse11.0 /usr/sbin/sshd # $Id: usr.sbin.sshd 697 2007-05-25 03:09:30Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # will need to revalidate this profile once we finish re-architecting # the change_hat patch. # #include <tunables/global> /usr/sbin/sshd { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability fowner, capability kill, capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_tty_config, /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/environment r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/modules.conf r, /etc/motd r, /etc/ssh/* r, /etc/ssh/moduli r, /sbin/nologin Ux, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, /usr/sbin/sshd mrix, /var/run w, /var/run/sshd{,.init}.pid wl, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/fd/ r, @{PROC}/[0-9]*/loginuid w, @{PROC}/[0-9]*/mounts r, ^AUTHENTICATED { #include <abstractions/authentication> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/wutmp> capability setgid, capability setuid, capability sys_tty_config, /dev/log w, /dev/ptmx rw, /etc/default/passwd r, /etc/localtime r, /etc/login.defs r, /etc/motd r, /tmp/ssh-*/agent.[0-9]* rwl, /tmp/ssh-*[0-9]*/ w, } ^EXEC { #include <abstractions/base> /bin/ash Ux, /bin/bash Ux, /bin/bash2 Ux, /bin/bsh Ux, /bin/csh Ux, /bin/ksh Ux, /bin/sh Ux, /bin/tcsh Ux, /bin/zsh Ux, /sbin/nologin Ux, } ^PRIVSEP { #include <abstractions/base> #include <abstractions/nameservice> capability setgid, capability setuid, capability sys_chroot, } ^PRIVSEP_MONITOR { #include <abstractions/authentication> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/wutmp> capability chown, capability setgid, capability setuid, /dev/ptmx rw, /dev/pts/[0-9]* rw, /dev/urandom r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ssh/moduli r, @{HOME}/.ssh/authorized_keys{,2} r, @{PROC}/[0-9]*/mounts r, } } about 1 month ago 17 Aleksandr Edit History
opensuse11.0 /usr/lib/postfix/master # $Id: usr.lib.postfix.master 90 2006-08-04 19:13:59Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2006 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include <tunables/global> /usr/lib/postfix/master { #include <abstractions/base> #include <abstractions/kerberosclient> #include <abstractions/nameservice> #include <program-chunks/postfix-common> capability dac_override, capability kill, capability net_bind_service, capability sys_ptrace, /etc/postfix/master.cf r, owner /proc/sys/kernel/ngroups_max r, owner /usr/lib/** m, /usr/lib/** rPx, /usr/lib/postfix/master mrix, owner /var/lib/postfix/master.lock rwk, owner /var/run/nscd/services r, owner /var/spool/postfix/active/ r, owner /var/spool/postfix/deferred/ r, owner /var/spool/postfix/incoming/ r, owner /var/spool/postfix/maildrop/ r, owner /{var/spool/postfix/,}pid/master.pid k, /{var/spool/postfix/,}pid/master.pid rw, /{var/spool/postfix/,}private/* wl, /{var/spool/postfix/,}private/tlsmgr rwl, /{var/spool/postfix/,}public/{cleanup,flush,pickup,qmgr,showq,tlsmgr} rwl, } 19 days ago 7 Aleksandr Edit History
opensuse11.0 /usr/bin/ktorrent #include <tunables/global> /usr/bin/ktorrent { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> owner /DATA_SONY/** rw, /dev/shm/ r, owner /dev/shm/* rw, /etc/fonts/** r, /etc/kde4/share/config/oxygenrc r, /etc/kde4rc r, /etc/pulse/client.conf r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.config/Trolltech.conf rk, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.gstreamer-0.10/registry.i686.bin r, owner /home/*/.kde4/share/apps/ktorrent/ r, owner /home/*/.kde4/share/apps/ktorrent/** rw, owner /home/*/.kde4/share/config/ w, owner /home/*/.kde4/share/config/* rw, owner /home/*/.kde4/share/config/kdeglobals rk, /opt/gnome/share/icons/**/ r, /opt/kde3/share/icons/**/ r, owner /proc/*/mounts r, owner /proc/*/net/ r, /proc/*/net/unix r, owner /proc/*/status r, owner /tmp/.ktorrent_kde4_1000.lock rwk, /usr/X11R6/lib/lib*so* mr, /usr/bin/ktorrent r, /usr/lib/** mr, /usr/lib/kde4/libexec/drkonqi rix, /usr/share/** r, /var/** rw, } 6 days ago 4 Aleksandr Edit History
opensuse11.0 /usr/bin/wine-preloader #include <tunables/global> /usr/bin/wine-preloader { #include <abstractions/base> } about 1 month ago 10 Aleksandr Edit History
opensuse11.0 /sbin/rpcbind #include <tunables/global> /sbin/rpcbind { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/nis> capability net_bind_service, capability setgid, capability setuid, owner /etc/hosts.allow r, owner /etc/hosts.deny r, owner /etc/netconfig r, owner /var/run/rpcbind.lock ak, owner /var/run/rpcbind.sock w, } about 1 month ago 10 Aleksandr Edit History
opensuse11.0 /usr/sbin/cupsd #include <tunables/global> /usr/sbin/cupsd { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/dbus> #include <abstractions/nameservice> #include <abstractions/perl> capability chown, capability dac_override, capability fowner, capability fsetid, capability kill, capability net_bind_service, capability setgid, capability setuid, /bin/bash rix, /bin/cat rix, /bin/hostname rix, /dev/bus/usb/ r, /dev/bus/usb/** rw, /dev/lp0 rw, /dev/tty rw, /dev/ttyS? w, /etc/cups rw, /etc/cups/ r, owner /etc/cups/** w, /etc/cups/** r, /etc/cups/certs w, /etc/cups/certs/* w, /etc/cups/classes.conf rw, /etc/cups/cupsd.conf rw, /etc/cups/ppd rw, /etc/cups/printcap rw, /etc/cups/printers.conf rw, /etc/cups/ssl rw, /etc/fonts/** r, /etc/foomatic/filter.conf r, /etc/ghostscript/8.62/Fontmap r, /etc/ghostscript/8.62/Fontmap.X11-auto r, /etc/ghostscript/8.62/cidfmap r, /etc/ghostscript/8.62/xlatmap r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/hp/hplip.conf r, owner /etc/krb5.conf w, /etc/krb5.conf r, owner /etc/pam.d/* r, owner /etc/printcap w, /proc/bus/usb/ r, /proc/meminfo r, /proc/sys/dev/parport/** r, /sys/class/usb r, /usr/bin/foomatic-gswrapper rix, /usr/bin/foomatic-rip rix, /usr/bin/gs rix, /usr/bin/hpijs rix, /usr/bin/pdftops rix, /usr/bin/perl ix, /usr/bin/smbspool rix, /usr/lib/** mr, /usr/lib/cups/backend/* rix, /usr/lib/cups/daemon/cups-deviced rix, /usr/lib/cups/daemon/cups-driverd rix, /usr/lib/cups/filter/* rix, /usr/sbin/cupsd mr, /usr/share/** mr, /var/cache/** r, /var/log/cups/access_log rw, owner /var/log/cups/access_log.O w, /var/log/cups/error_log rw, owner /var/log/cups/page_log rw, owner /var/run/cups/** w, owner /var/run/nscd/services r, /var/spool/cups rw, owner /var/spool/cups/* w, /var/spool/cups/* r, owner /var/spool/cups/** r, /var/spool/cups/** w, /var/spool/cups/tmp/ r, } 28 days ago 8 Aleksandr Edit History
opensuse11.0 /usr/bin/python2.6 #include <tunables/global> /usr/bin/python2.6 { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> #include <abstractions/user-tmp> capability sys_ptrace, owner /DATA_SONY/ies4linux-2.99.0.1/ui/pygtk/ies4linux-gtk.py r, /bin/ r, /bin/bash rix, /bin/cat rix, /bin/grep rix, /bin/sleep rix, /bin/uname rix, /dev/bus/usb/ r, /dev/bus/usb/** rw, /dev/nvidia0 rw, /dev/nvidiactl rw, /dev/tty rw, /etc/X11/qtrc r, /etc/compizconfig/config rk, /etc/cups/ r, /etc/cups/client.conf r, /etc/cups/mime.convs r, /etc/cups/pstoraster.convs r, /etc/fonts/** r, /etc/gtk-2.0/gdk-pixbuf.loaders r, /etc/gtk-2.0/gtkrc r, /etc/hp/hplip.conf r, /etc/kde4/share/config/oxygenrc r, /etc/kde4rc r, /etc/mime.types r, /etc/pango/pango.modules r, /etc/rpm/ r, /etc/rpm/macros.gconf2 r, /etc/rpm/macros.jpackage r, /etc/rpm/macros.kde4 r, /etc/rpm/macros.mkinitrd r, /etc/rpm/macros.python r, /etc/rpm/macros.ruby r, /etc/rpm/macros.tcl r, /etc/zypp/repos.d/ r, /etc/zypp/repos.d/* r, /home/ r, owner /home/*/ rw, /home/*/* rw, owner /home/*/*/ rw, owner /home/*/.PlayOnLinux/** rw, owner /home/*/.config/Trolltech.conf rk, owner /home/*/.config/compiz/compizconfig/ r, owner /home/*/.config/compiz/compizconfig/Advanced.ini rak, owner /home/*/.config/compiz/compizconfig/config rak, owner /home/*/.config/compiz/fusion-icon r, owner /home/*/.config/qtcurve.gtk-colors rw, owner /home/*/.config/qtcurve.gtk-icons rw, owner /home/*/.cups/lpoptions r, owner /home/*/.emerald/settings.ini r, owner /home/*/.emerald/theme/buttons.above.png r, owner /home/*/.emerald/theme/buttons.close.png r, owner /home/*/.emerald/theme/buttons.max.png r, owner /home/*/.emerald/theme/buttons.menu.png r, owner /home/*/.emerald/theme/buttons.min.png r, owner /home/*/.emerald/theme/buttons.restore.png r, owner /home/*/.emerald/theme/buttons.shade.png r, owner /home/*/.emerald/theme/buttons.sticky.png r, owner /home/*/.emerald/theme/buttons.unabove.png r, owner /home/*/.emerald/theme/buttons.unshade.png r, owner /home/*/.emerald/theme/buttons.unsticky.png r, owner /home/*/.emerald/theme/theme.ini r, owner /home/*/.fontconfig/* r, owner /home/*/.gstreamer-0.10/* rw, owner /home/*/.hplip/hp-systray.lock wk, owner /home/*/.hplip/hp-toolbox.lock wk, owner /home/*/.hplip/hplip.conf rw, owner /home/*/.kde/share/config/kdeglobals r, owner /home/*/.kde4/share/config/ w, owner /home/*/.kde4/share/config/gtkrc-2.0 r, owner /home/*/.kde4/share/config/kdeglobals rk, owner /home/*/.local/share/icons/ r, owner /home/*/.local/share/mime/mime.cache r, owner /home/*/.moovida/moovida.conf ra, owner /home/*/.moovida/moovida.db rwk, owner /home/*/.qt/.qt_plugins_3.3rc.lock rwk, owner /home/*/.qt/.qtrc.lock rwk, owner /home/*/.qt/qt_plugins_3.3rc r, owner /home/*/.qt/qtrc r, /home/*/avtorizator/authcliw.conf r, /home/*/avtorizator/cxauth r, owner /home/*/ies4linux-2.99.0.1/ui/pygtk/ies4linux-gtk.py r, /home/aleksandr/.xinitrc.template rix, /opt/gnome/bin/ r, /opt/gnome/share/icons/ r, /opt/gnome/share/icons/** r, /opt/gnome/share/mime/* r, /opt/gnome/share/pixmaps/ r, /opt/kde3/bin/ r, /opt/kde3/lib/kde3/plugins/styles/ r, /opt/kde3/lib/kde3/plugins/styles/plastik.so mr, /opt/kde3/lib/lib*so* mr, /opt/kde3/share/icons/ r, /opt/kde3/share/icons/** r, /opt/kde3/share/pixmaps/ r, /proc/ r, /proc/*/cmdline r, owner /proc/*/mounts r, /proc/*/stat r, /proc/*/status r, /proc/cpuinfo r, /proc/interrupts r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, owner /root/.hplip/hplip.conf rw, /sbin/ r, /sbin/ldconfig rix, /usr/X11R6/bin/ r, /usr/X11R6/lib/lib*so* mr, /usr/bin/ r, /usr/bin/ccsm rix, /usr/bin/command-not-found r, /usr/bin/compiz rix, /usr/bin/elisa r, /usr/bin/emerald rix, /usr/bin/env rix, /usr/bin/fusion-icon r, /usr/bin/glxinfo rix, /usr/bin/killall rix, /usr/bin/lpr rix, /usr/bin/objdump rix, /usr/bin/pgrep rix, /usr/bin/python2.6 rix, /usr/bin/which rix, /usr/bin/xvinfo rix, /usr/games/ r, /usr/lib/** mr, /usr/local/bin/ r, /usr/local/sbin/ r, /usr/sbin/ r, /usr/share/** r, /usr/share/hplip/print.py rix, /usr/share/hplip/systray.py rix, /usr/share/hplip/toolbox.py rix, /var/cache/** r, owner /var/log/cxauth.log a, /var/run/cups/cups.sock w, /var/run/dbus/system_bus_socket w, /var/run/nscd/services r, } 6 days ago 1 Aleksandr Edit History
opensuse11.0 /usr/bin/qutim #include <tunables/global> /usr/bin/qutim { #include <abstractions/base> #include <abstractions/nameservice> /etc/fonts/** r, /etc/kde4/share/config/oxygenrc r, /etc/kde4rc r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.config/Trolltech.conf rk, owner /home/*/.config/qutim/** rwk, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.fonts/ r, owner /home/*/.kde4/share/config/ w, owner /home/*/.kde4/share/config/kdeglobals rk, owner /proc/*/maps r, owner /tmp/* rwk, /tmp/.X11-unix/X0 w, /usr/bin/qutim r, /usr/lib/** mr, /usr/share/fonts/ r, /usr/share/fonts/** r, /usr/share/ghostscript/fonts/** r, /usr/share/icons/** r, /usr/share/qutim/** r, /var/cache/fontconfig/* r, /var/cache/libx11/compose/* r, } about 1 month ago 9 Aleksandr Edit History
opensuse11.0 /usr/bin/kopete #include <tunables/global> /usr/bin/kopete { #include <abstractions/audio> #include <abstractions/base> #include <abstractions/dbus> #include <abstractions/kde> #include <abstractions/nameservice> deny owner /home/aleksandr/.isomaster r, deny owner /home/aleksandr/.windows-serial r, deny /home/aleksandr/1 r, deny owner /home/aleksandr/avtorizator/.directory r, deny /home/aleksandr/index.html.1 r, owner /DATA_SONY/** rw, /etc/exports r, /etc/fstab r, /etc/kde4/share/config/oxygenrc r, /etc/kde4rc r, /etc/mtab r, /etc/rpc r, /etc/security/fileshare.conf r, /home/ r, owner /home/*/ r, owner /home/*/.DCOPserver_linux-3gqq__0 r, owner /home/*/.FuriusIsoMount/ r, owner /home/*/.ICEauthority r, owner /home/*/.Wammu r, owner /home/*/.Xauthority r, owner /home/*/.bash_history r, owner /home/*/.bashrc r, owner /home/*/.config/.directory rw, owner /home/*/.config/Trolltech.conf rwk, owner /home/*/.config/enchant/ r, owner /home/*/.config/enchant/ru.dic rk, owner /home/*/.config/enchant/ru.exc rk, owner /home/*/.devede r, owner /home/*/.directory rw, owner /home/*/.dmrc r, owner /home/*/.emacs r, owner /home/*/.esd_auth r, owner /home/*/.fontconfig/* r, owner /home/*/.fonts.conf r, owner /home/*/.gtk-bookmarks r, owner /home/*/.inputrc r, owner /home/*/.kde/share/config/kdeglobals rk, owner /home/*/.kde4/share/ w, owner /home/*/.kde4/share/apps/** rw, owner /home/*/.kde4/share/config/ w, owner /home/*/.kde4/share/config/* rw, owner /home/*/.kde4/share/config/kdeglobals rwk, owner /home/*/.kde4/share/config/kresources/contact/* rw, owner /home/*/.kde4/share/emoticons/ r, owner /home/*/.kde4/share/emoticons/** r, owner /home/*/.lircrc r, owner /home/*/.local/.directory rw, owner /home/*/.local/share/mime/generic-icons r, owner /home/*/.local/share/mime/magic r, owner /home/*/.local/share/user-places.xbel r, owner /home/*/.mtab.fuseiso r, owner /home/*/.nvidia-settings-rc r, owner /home/*/.opera/.directory r, owner /home/*/.part r, owner /home/*/.profile r, owner /home/*/.pulse-cookie r, owner /home/*/.recently-used r, owner /home/*/.thumbnails/normal/* ra, owner /home/*/.wine/.directory r, owner /home/*/.xim.template r, owner /home/*/.xinitrc.template r, owner /home/*/.xsession-errors r, owner /home/*/.y2log r, owner /home/*/.y2usersettings r, owner /home/*/Desktop/.directory rw, owner /home/*/bin/.directory rw, /media/ r, /opt/gnome/share/icons/hicolor/ r, /opt/gnome/share/icons/hicolor/**/ r, /opt/gnome/share/mime/generic-icons r, /opt/gnome/share/mime/magic r, /opt/kde3/bin/kdialog rix, owner /proc/*/net/ r, /proc/*/net/if_inet6 r, /proc/*/net/ipv6_route r, /proc/*/net/route r, /proc/*/net/unix r, /usr/bin/kdialog rix, /usr/bin/kopete r, /usr/lib/** mr, /usr/lib/kde4/libexec/drkonqi rix, /usr/share/emoticons/ r, /usr/share/enchant/enchant.ordering r, /usr/share/kde4/apps/** r, /usr/share/kde4/config/* r, /usr/share/kde4/config/ui/ui_standards.rc r, /usr/share/locale-bundle/en_US/LC_MESSAGES/kde4-openSUSE.mo r, /usr/share/locale-bundle/ru/** r, /usr/share/locale-langpack/ru/LC_MESSAGES/kde4-openSUSE.mo r, /usr/share/qca/certs/rootcerts.pem r, /var/cache/libx11/compose/l4_024_313cb605_00280cc0 r, } 13 days ago 6 Aleksandr Edit History