/apparmor.d/abstractions/private-files
#! | 26 lines | 20 code | 6 blank | 0 comment | 0 complexity | 34402a519ed478c23d523b02905b00df MD5 | raw file
1# vim:syntax=apparmor 2# privacy-violations contains rules for common files that you want to explicity 3# deny access 4 5 # privacy violations (don't audit files under $HOME otherwise get a 6 # lot of false positives when reading contents of directories) 7 deny @{HOME}/.*history mrwkl, 8 deny @{HOME}/.fetchmail* mrwkl, 9 deny @{HOME}/.viminfo* mrwkl, 10 deny @{HOME}/.*~ mrwkl, 11 deny @{HOME}/.*.swp mrwkl, 12 deny @{HOME}/.*~1~ mrwkl, 13 deny @{HOME}/.*.bak mrwkl, 14 15 # special attention to (potentially) executable files 16 audit deny @{HOME}/bin/** wl, 17 18 deny @{HOME}/.bash* mrk, 19 audit deny @{HOME}/.bash* wl, 20 21 deny @{HOME}/.profile* mrk, 22 audit deny @{HOME}/.profile* wl, 23 24 deny @{HOME}/.*rc mrk, 25 audit deny @{HOME}/.*rc wl, 26