marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
88d9f1d509a09e7375f17b8e085ed32d2ff6acd6
i2p.i2p/apps/apparmor/home.i2p.i2prouter
kytv 9ba5ad7bb1 Remove 'l' from example apparmor profile
2015-12-06 17:47:22 +00:00

100 lines
4.3 KiB
Plaintext
Raw Blame History

#Last Modified: Sun Dec 06 12:30:32 2015
# vim:syntax=apparmor et ts=8 sw=4
#include <tunables/global>
$INSTALL_PATH/{i2prouter,runplain.sh} flags=(complain) {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
capability sys_ptrace,
network inet stream,
network inet6 stream,
$INSTALL_PATH/ r,
$INSTALL_PATH/{i2psvc,wrapper} rmix,
owner $INSTALL_PATH/** rwkm,
# Needed for Java
owner @{PROC} r,
owner @{PROC}/[0-9]*/ r,
owner @{PROC}/[0-9]*/status r,
owner @{PROC}/[0-9]*/stat r,
owner @{PROC}/[0-9]*/cmdline r,
@{PROC}/uptime r,
@{PROC}/sys/kernel/pid_max r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/** r,
/dev/random r,
/dev/urandom r,
@{PROC}/1/comm r,
/etc/ssl/certs/java/** r,
/etc/timezone r,
/usr/share/javazi/** r,
# Debian
/etc/java-{6,7,8}-openjdk/** r,
/usr/lib/jvm/default-java/jre/bin/java rix,
# Debian, Ubuntu, openSUSE
/usr/lib{,32,64}/jvm/java-*-openjdk-*/jre/bin/java rix,
/usr/lib{,32,64}/jvm/java-*-openjdk-*/jre/bin/keytool rix,
# Raspbian
/usr/lib/jvm/jdk-*-oracle-*/jre/bin/java rix,
/usr/lib/jvm/jdk-*-oracle-*/jre/bin/keytool rix,
# Fonts are needed for I2P's graphs
/usr/share/java/java-atk-wrapper.jar r,
# Used by some plugins
/usr/share/java/eclipse-ecj-*.jar r,
/{,var/}tmp/ rwm,
owner /{,var/}tmp/** rwkm,
/{,usr/}bin/{,b,d}ash rix,
/{,usr/}bin/cat rix,
/{,usr/}bin/cut rix,
/{,usr/}bin/dirname rix,
/{,usr/}bin/expr rix,
/{,usr/}bin/{,g,m}awk rix,
/{,usr/}bin/grep rix,
/{,usr/}bin/id rix,
/{,usr/}bin/ldd rix,
/{,usr/}bin/ls rix,
/{,usr/}bin/mkdir rix,
/{,usr/}bin/nohup rix,
/{,usr/}bin/ps rix,
/{,usr/}bin/rm rix,
/{,usr/}bin/sed rix,
/{,usr/}bin/sleep rix,
/{,usr/}bin/tail rix,
/{,usr/}bin/tr rix,
/{,usr/}bin/uname rix,
/{,usr/}bin/which rix,
@{HOME}/.java/fonts/** r,
owner @{HOME}/.i2p/ rw,
owner @{HOME}/.i2p/** rwk,
# Prevent spamming the logs
deny owner @{HOME}/.java/ wk,
deny @{HOME}/.fontconfig/ wk,
deny @{HOME}/.java/fonts/** w,
deny /dev/tty rw,
deny /dev/pts/[0-9]* rw,
deny @{PROC}/[0-9]*/fd/ r,
deny /usr/local/share/fonts/ r,
deny /var/cache/fontconfig/ wk,
# Used by some versions of the Tanuki wrapper but never used by I2P
deny /usr/share/java/hamcrest*.jar r,
deny /usr/share/java/junit*.jar r,
}
Reference in New Issue View Git Blame Copy Permalink