forked from I2P_Developers/i2p.i2p
apparmor: tweaks to TMPDIR rules
This commit is contained in:
kytv
5
debian/apparmor/i2p
vendored
5
debian/apparmor/i2p
vendored
@@ -51,11 +51,16 @@
|
|||||||
|
|
||||||
# 'm' is needed by the I2P-Bote plugin
|
# 'm' is needed by the I2P-Bote plugin
|
||||||
/{,lib/live/mount/overlay/}tmp/ rwm,
|
/{,lib/live/mount/overlay/}tmp/ rwm,
|
||||||
|
owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/ rwk,
|
||||||
|
owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/** rw,
|
||||||
|
owner /{,lib/live/mount/overlay/}tmp/wrapper[0-9]*.tmp rwk,
|
||||||
|
owner /{,lib/live/mount/overlay/}tmp/wrapper[0-9]*.tmp/** rw,
|
||||||
owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/ rwm,
|
owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/ rwm,
|
||||||
owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/** rwklm,
|
owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/** rwklm,
|
||||||
|
|
||||||
# Prevent spamming the logs
|
# Prevent spamming the logs
|
||||||
deny /dev/tty rw,
|
deny /dev/tty rw,
|
||||||
|
deny /{,lib/live/mount/overlay/}var/tmp/ r,
|
||||||
deny @{PROC}/[0-9]*/fd/ r,
|
deny @{PROC}/[0-9]*/fd/ r,
|
||||||
deny /usr/sbin/ r,
|
deny /usr/sbin/ r,
|
||||||
deny /var/cache/fontconfig/ wk,
|
deny /var/cache/fontconfig/ wk,
|
||||||
|
|||||||
Reference in New Issue
Block a user