Created
January 20, 2014 14:15
-
-
Save dmy3k/8520584 to your computer and use it in GitHub Desktop.
AppArmour Skype profile [openSuse 13.1, dynamic skype at /opt]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim:syntax=apparmor | |
| # | |
| # Copyright (C) 2012 Lekensteyn <lekensteyn@gmail.com> | |
| #include <tunables/global> | |
| /opt/skype/skype { | |
| #include <abstractions/kde> | |
| #include <abstractions/nameservice> | |
| #include <abstractions/video> | |
| #include <abstractions/audio> | |
| #include <abstractions/dbus-session> | |
| /opt/skype/** krmw, | |
| #/usr/lib32/skype/skype mrix, | |
| #/usr/share/skype/** r, | |
| #/usr/share/skype/lang/skype_*.qm rm, | |
| /etc/ssl/openssl.cnf r, | |
| # should get into abstractions/dbus-session, necessary if | |
| # /var/lib/dbus/machine-id is absent | |
| /etc/machine-id r, | |
| # sound - assume pulseaudio | |
| owner /dev/shm/pulse-shm-* m, | |
| # if there is a search for the below, pulseaudio is not working | |
| #/etc/asound.conf r, | |
| #/dev/snd/* mr, | |
| # video | |
| /dev/video[0-9]* rwm, | |
| # preloaded | |
| /usr/lib32/libv4l/v4l2convert.so m, | |
| # here be dragons | |
| owner @{HOME}/.Skype/ rw, | |
| owner @{HOME}/.Skype/** rwk, | |
| owner @{HOME}/.config/Skype/ rw, | |
| owner @{HOME}/.config/Skype/** rwk, | |
| # fonts | |
| /usr/share/fonts/** m, | |
| @{HOME}/.config/fontconfig/** r, | |
| @{HOME}/.cache/fontconfig/** rm, | |
| deny /var/cache/fontconfig/ w, | |
| deny @{HOME}/.cache/fontconfig/** w, | |
| # system info | |
| /dev/ r, | |
| @{PROC}/sys/kernel/ostype r, | |
| @{PROC}/sys/kernel/osrelease r, | |
| /sys/devices/system/cpu/ r, | |
| /sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_{cur,max}_freq r, | |
| /sys/devices/**/power_supply/*/online r, | |
| deny /sys/devices/**/video4linux/video[0-9]*/dev r, | |
| deny /sys/devices/**/usb[0-9]*/**/idVendor r, | |
| # spam | |
| #deny @{PROC}/[0-9]*/net/route r, | |
| deny @{PROC}/[0-9]*/{fd,task}/ r, | |
| deny /dev/pts/** rw, | |
| deny /dev/tty rw, | |
| deny @{HOME}/.kde4/share/config/kdeglobals k, | |
| deny @{HOME}/.mozilla/ r, | |
| # optional speedup trick | |
| deny @{HOME}/.compose-cache/* w, | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello. Could you do this profile for normal skype? (Leap, Tumbleweed)? I don't use dynamic version. Thank you.