remove unneeded user-tmp abstraction; tighten tmpdir perms

2015-06-06 21:31:38 +00:00
parent fb131a040c
commit f6f051cfa4
1 changed files with 3 additions and 3 deletions
--- a/debian/apparmor/i2p
+++ b/debian/apparmor/i2p
@@ -5,7 +5,6 @@
  #include <abstractions/fonts>
  #include <abstractions/nameservice>
  #include <abstractions/ssl_certs>
  #include <abstractions/user-tmp>
  network inet stream,
  network inet6 stream,
@@ -51,8 +50,9 @@
  /usr/share/java/wrapper*.jar                            r,
  # 'm' is needed by the I2P-Bote plugin
-  /{,var/}tmp/                                            rwm,
+  /{,lib/live/mount/overlay/}tmp/                         rwm,
-  owner /{,var/}tmp/**                                    rwklm,
+  owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/        rwm,
  owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/**      rwklm,
  # Prevent spamming the logs
  deny /dev/tty                                           rw,