JTL jtl999
gdahlm
/ usr.bin.run_keybase
Last active
May 22, 2019 05:57
Apparmor profile for Keybase.io to prevent insecure and multi-user unfriendly use of /keybase; will prevent start unless run_keybase is modified.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <tunables/global> | |
| # At the time of writing requires changing /usr/bin/run_keybase | |
| # Partial diff, which may or may not work for your needs. | |
| # | |
| # - if fusermount -uz /keybase &> /dev/null ; then | |
| # + if fusermount -uz $HOME/Keybase &> /dev/null ; then | |
| # | |
| # - kbfsfuse -debug -log-to-file /keybase &>> "$logdir/keybase.start.log" & | |
| # + kbfsfuse -debug -log-to-file $HOME/Keybase &>> "$logdir/keybase.start.log" & |