summaryrefslogtreecommitdiff
path: root/contrib/apparmor
diff options
context:
space:
mode:
authorJulien Morvan <julien.morvan@outlook.com>2015-08-24 14:37:21 +0000
committerJulien Morvan <julien.morvan@outlook.com>2015-08-24 14:37:21 +0000
commitca03fa02c18d01d2c479eb04652539a4d1480a0c (patch)
tree89d9633e56d75c7cf6ba552b33f80a37c9497df2 /contrib/apparmor
parent5475027f60525bcf22d75fb7f7ee721703e01cfd (diff)
Diffstat (limited to 'contrib/apparmor')
-rw-r--r--contrib/apparmor/usr.bin.extract60
1 files changed, 60 insertions, 0 deletions
diff --git a/contrib/apparmor/usr.bin.extract b/contrib/apparmor/usr.bin.extract
new file mode 100644
index 000000000..8b9604747
--- /dev/null
+++ b/contrib/apparmor/usr.bin.extract
@@ -0,0 +1,60 @@
+# Last Modified: Wed Jul 15 15:26:31 2015
+#include <tunables/global>
+
+/usr/bin/extract {
+ /dev/shm/LE-* rw,
+
+ /etc/ld.so.cache mr,
+
+ /usr/bin/extract mr,
+
+ /usr/lib/gconv/gconv-modules r,
+
+ /usr/lib/libFLAC.so.* mr,
+ /usr/lib/libacl.so.* mr,
+ /usr/lib/libarchive.so.* mr,
+ /usr/lib/libattr.so.* mr,
+ /usr/lib/libbz2.so.* mr,
+ /usr/lib/libc-*.so mr,
+ /usr/lib/libcrypto.so.* mr,
+ /usr/lib/libdl-*.so mr,
+ /usr/lib/libexiv2.so.* mr,
+ /usr/lib/libexpat.so.* mr,
+ /usr/lib/libextractor.so.* mr,
+
+ /usr/lib/libextractor/ r,
+ /usr/lib/libextractor/libextractor_*.so mr,
+
+ /usr/lib/libextractor_common.so.* mr,
+
+ /usr/lib/libgcc_s.so.* mr,
+ /usr/lib/libjpeg.so.* mr,
+ /usr/lib/libltdl.so.* mr,
+ /usr/lib/liblzma.so.* mr,
+ /usr/lib/liblzo2.so.* mr,
+ /usr/lib/libm-*.so mr,
+ /usr/lib/libmagic.so.* mr,
+ /usr/lib/libmpeg2.so.* mr,
+ /usr/lib/libogg.so.* mr,
+ /usr/lib/libpthread-*.so mr,
+ /usr/lib/librt-*.so mr,
+ /usr/lib/libstdc++.so.* mr,
+ /usr/lib/libtiff.so.* mr,
+ /usr/lib/libvorbis.so.* mr,
+ /usr/lib/libvorbisfile.so.* mr,
+ /usr/lib/libz.so.* mr,
+
+ /usr/lib/locale/locale-archive r,
+
+ /usr/share/file/misc/magic.mgc r,
+
+ /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+ /usr/share/locale/fr/LC_MESSAGES/libextractor.mo r,
+ /usr/share/locale/locale.alias r,
+
+ deny @{HOME}/.** mr,
+ owner @{HOME}/** r,
+ /media/** r,
+
+ @{PROC}/@{pid}/maps r,
+}