/apparmor.d/abstractions/private-files

http://github.com/brinkman83/bashrc · #! · 26 lines · 20 code · 6 blank · 0 comment · 0 complexity · 34402a519ed478c23d523b02905b00df MD5 · raw file 

    

  1. # vim:syntax=apparmor
    2. 

  2. # privacy-violations contains rules for common files that you want to explicity
    3. 

  3. # deny access
    4. 

  4. 

  5.   # privacy violations (don't audit files under $HOME otherwise get a
    6. 

  6.   # lot of false positives when reading contents of directories)
    7. 

  7.   deny @{HOME}/.*history mrwkl,
    8. 

  8.   deny @{HOME}/.fetchmail* mrwkl,
    9. 

  9.   deny @{HOME}/.viminfo* mrwkl,
    10. 

  10.   deny @{HOME}/.*~ mrwkl,
    11. 

  11.   deny @{HOME}/.*.swp mrwkl,
    12. 

  12.   deny @{HOME}/.*~1~ mrwkl,
    13. 

  13.   deny @{HOME}/.*.bak mrwkl,
    14. 

  14. 

  15.   # special attention to (potentially) executable files
    16. 

  16.   audit deny @{HOME}/bin/** wl,
    17. 

    18. 

  18.   deny @{HOME}/.bash* mrk,
    19. 

  19.   audit deny @{HOME}/.bash* wl,
    20. 

    21. 

  21.   deny @{HOME}/.profile* mrk,
    22. 

  22.   audit deny @{HOME}/.profile* wl,
    23. 

    24. 

  24.   deny @{HOME}/.*rc mrk,
    25. 

  25.   audit deny @{HOME}/.*rc wl,
    26.