/apparmor.d/abstractions/private-files

http://github.com/brinkman83/bashrc · #! · 26 lines · 20 code · 6 blank · 0 comment · 0 complexity · 34402a519ed478c23d523b02905b00df MD5 · raw file

  1. # vim:syntax=apparmor
  2. # privacy-violations contains rules for common files that you want to explicity
  3. # deny access
  4. # privacy violations (don't audit files under $HOME otherwise get a
  5. # lot of false positives when reading contents of directories)
  6. deny @{HOME}/.*history mrwkl,
  7. deny @{HOME}/.fetchmail* mrwkl,
  8. deny @{HOME}/.viminfo* mrwkl,
  9. deny @{HOME}/.*~ mrwkl,
  10. deny @{HOME}/.*.swp mrwkl,
  11. deny @{HOME}/.*~1~ mrwkl,
  12. deny @{HOME}/.*.bak mrwkl,
  13. # special attention to (potentially) executable files
  14. audit deny @{HOME}/bin/** wl,
  15. deny @{HOME}/.bash* mrk,
  16. audit deny @{HOME}/.bash* wl,
  17. deny @{HOME}/.profile* mrk,
  18. audit deny @{HOME}/.profile* wl,
  19. deny @{HOME}/.*rc mrk,
  20. audit deny @{HOME}/.*rc wl,