/apparmor.d/abstractions/private-files
http://github.com/brinkman83/bashrc · #! · 26 lines · 20 code · 6 blank · 0 comment · 0 complexity · 34402a519ed478c23d523b02905b00df MD5 · raw file
- # vim:syntax=apparmor
- # privacy-violations contains rules for common files that you want to explicity
- # deny access
- # privacy violations (don't audit files under $HOME otherwise get a
- # lot of false positives when reading contents of directories)
- deny @{HOME}/.*history mrwkl,
- deny @{HOME}/.fetchmail* mrwkl,
- deny @{HOME}/.viminfo* mrwkl,
- deny @{HOME}/.*~ mrwkl,
- deny @{HOME}/.*.swp mrwkl,
- deny @{HOME}/.*~1~ mrwkl,
- deny @{HOME}/.*.bak mrwkl,
- # special attention to (potentially) executable files
- audit deny @{HOME}/bin/** wl,
- deny @{HOME}/.bash* mrk,
- audit deny @{HOME}/.bash* wl,
- deny @{HOME}/.profile* mrk,
- audit deny @{HOME}/.profile* wl,
- deny @{HOME}/.*rc mrk,
- audit deny @{HOME}/.*rc wl,