usr.bin.i2prouter
1 # SPDX-License-Identifier: CC-PDM-1.0 2 # Originally sourced from: https://github.com/i2p/i2p.i2p/blob/master/debian/apparmor/usr.bin.i2prouter 3 # AppArmor profile for i2prouter 4 5 # Last Modified: Sun Dec 06 12:30:32 2015 6 # vim:syntax=apparmor et ts=8 sw=4 7 8 #include <tunables/global> 9 10 /opt/i2p/i2prouter { 11 #include <abstractions/i2p> 12 13 capability sys_ptrace, 14 15 /usr/bin/i2prouter r, 16 17 @{PROC}/1/comm r, 18 owner @{PROC}/[0-9]*/ r, 19 owner @{PROC}/[0-9]*/stat r, 20 owner @{PROC}/[0-9]*/cmdline r, 21 @{PROC}/uptime r, 22 @{PROC}/sys/kernel/pid_max r, 23 24 /{usr/,}bin/{,b,d}ash rix, 25 /{usr/,}bin/cat rix, 26 /{usr/,}bin/grep rix, 27 /{usr/,}bin/mkdir rix, 28 /{usr/,}bin/ps rUx, 29 /{usr/,}bin/rm rix, 30 /{usr/,}bin/sed rix, 31 /{usr/,}bin/sleep rix, 32 /{usr/,}bin/uname rix, 33 /{usr/,}bin/which rix, 34 /etc/default/i2p r, 35 /etc/lsb-release r, 36 37 /usr/bin/{,g,m}awk rix, 38 /usr/bin/cut rix, 39 /usr/bin/dirname rix, 40 /usr/bin/expr rix, 41 /usr/bin/id rix, 42 # should replace this in i2prouter with something safer 43 /usr/bin/ldd rUx, 44 /usr/bin/tail rix, 45 /usr/bin/tr rix, 46 47 @{HOME}/.java/fonts/** r, 48 owner @{HOME}/.i2p/ rw, 49 owner @{HOME}/.i2p/** rwk, 50 owner @{HOME}/.i2p/eepsite/cgi-bin/** rix, 51 52 # Prevent spamming the logs 53 deny owner @{HOME}/.java/ wk, 54 deny @{HOME}/.fontconfig/ wk, 55 deny @{HOME}/.java/fonts/** wk, 56 57 # Site-specific additions and overrides. See local/README for details. 58 #include <local/usr.bin.i2prouter> 59 }