Hi,
I prepared a profile for weechat IRC client, you can find a patch
attached. Could you include it in apparmor-profiles?
Note-1: Tested on Debian.
Note-2: The permissions within .weechat directory are not exactly
fine-grained, mostly because I wanted to support the case when weechat
is run for the first time and creates all the directories and files within.
Thanks,
--
Tomasz
>From f98f2c71e34b895ec96f7379c0a88c88971caf8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <[email protected]>
Date: Thu, 8 Sep 2016 12:05:00 +0200
Subject: [PATCH] usr.bin.weechat new profile
---
ubuntu/16.10/usr.bin.weechat | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
create mode 100644 ubuntu/16.10/usr.bin.weechat
diff --git a/ubuntu/16.10/usr.bin.weechat b/ubuntu/16.10/usr.bin.weechat
new file mode 100644
index 0000000..3b17c20
--- /dev/null
+++ b/ubuntu/16.10/usr.bin.weechat
@@ -0,0 +1,28 @@
+#include <tunables/global>
+
+/usr/bin/weechat {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/aspell>
+ #include <abstractions/perl>
+ #include <abstractions/python>
+ #include <abstractions/ssl_certs>
+
+ network inet stream,
+ network inet6 stream,
+
+ @{PROC}/@{pid}/statm r,
+
+ # Plugins and scripts
+ /usr/lib/weechat/plugins/** rm,
+ /usr/share/weechat/** r,
+
+ # Configuration files and logs
+ owner @{HOME}/.weechat/ rw,
+ owner @{HOME}/.weechat/** rw,
+ owner @{HOME}/.weechat/weechat.log rwk,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.weechat>
+}
+
--
2.9.3
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
