commit eeaffdd8b6621028619bab20d6f1ec8af3a05369
parent 02e9c8b2d508593ea9fb6bd7a568bf261ea5eb2f
Author: Julien Morvan <julien.morvan@inria.fr>
Date: Mon, 24 Aug 2015 16:08:07 +0000
change extract apparmor profile directory
Diffstat:
1 file changed, 62 insertions(+), 0 deletions(-)
diff --git a/contrib/apparmor/usr.bin.extract b/contrib/apparmor/usr.bin.extract
@@ -0,0 +1,62 @@
+# Last Modified: Wed Jul 15 15:26:31 2015
+#include <tunables/global>
+
+/usr/bin/extract {
+ /dev/shm/LE-* rw,
+
+ /etc/ld.so.cache mr,
+
+ /usr/bin/extract mr,
+
+ /usr/lib/gconv/gconv-modules r,
+
+ /usr/lib/libFLAC.so.* mr,
+ /usr/lib/libacl.so.* mr,
+ /usr/lib/libarchive.so.* mr,
+ /usr/lib/libattr.so.* mr,
+ /usr/lib/libbz2.so.* mr,
+ /usr/lib/libc-*.so mr,
+ /usr/lib/libcrypto.so.* mr,
+ /usr/lib/libdl-*.so mr,
+ /usr/lib/libexiv2.so.* mr,
+ /usr/lib/libexpat.so.* mr,
+ /usr/lib/libextractor.so.* mr,
+
+ /usr/lib/libextractor/ r,
+ /usr/lib/libextractor/libextractor_*.so mr,
+
+ /usr/lib/libextractor_common.so.* mr,
+
+ /usr/lib/libgcc_s.so.* mr,
+ /usr/lib/libjpeg.so.* mr,
+ /usr/lib/libltdl.so.* mr,
+ /usr/lib/liblzma.so.* mr,
+ /usr/lib/liblzo2.so.* mr,
+ /usr/lib/libm-*.so mr,
+ /usr/lib/libmagic.so.* mr,
+ /usr/lib/libmpeg2.so.* mr,
+ /usr/lib/libogg.so.* mr,
+ /usr/lib/libpthread-*.so mr,
+ /usr/lib/librt-*.so mr,
+ /usr/lib/libstdc++.so.* mr,
+ /usr/lib/libtiff.so.* mr,
+ /usr/lib/libvorbis.so.* mr,
+ /usr/lib/libvorbisfile.so.* mr,
+ /usr/lib/libz.so.* mr,
+
+ /usr/lib/locale/locale-archive r,
+
+ /usr/share/file/misc/magic.mgc r,
+
+ /usr/share/locale/fr/LC_MESSAGES/libc.mo r,
+ /usr/share/locale/fr/LC_MESSAGES/libextractor.mo r,
+ /usr/share/locale/locale.alias r,
+
+ deny @{HOME}/.* r,
+ deny @{HOME}/.*/** r,
+ #files where extract can be used
+ owner @{HOME}/** r,
+ /media/** r,
+
+ @{PROC}/@{pid}/maps r,
+}
