Results 1 to 10 of 19

Thread: AppArmor Java Google Chrome FireFox profile question

Threaded View

  1. #1
    Join Date
    Aug 2012
    Beans
    47

    Question AppArmor Java Google Chrome FireFox profile question

    Hi everyone

    Today I finally was able to install last version of Java in Lubuntu

    I play online poker at partypoker. For linux, I need to run the poker room from my internet browser and I need to have Java Oracle 7 installed. Now, everything works fine and I am able to login to the poker room if I dont use an apparmor profile.

    But here is the thing and the catch, at party poker is always full of cheaters, could be hackers, crackers, blackhats, thiefs from all around the world, and cybercriminals. And cause their games are completely RIGGED. This is a fact, and no wonder since you are playing with real money. So this attract this kind of low life no moral values people, who are capable of stealing money from their own mother.

    That been said. I need to use apparmor profiles for firefox and google chrome, and Java in order to protect my self from these crooks, bulgars and thiefs.

    I am using the default Lubuntu firefox apparmor profile and I use Hungry Man Google Chrome and java apparmor profile.

    The problem is that all these profiles are so restricted that my poker room wont load in any of them if I enable apparmor web browsers profiles.

    The poker room needs the java plugin in order to run.

    I am wondering what do I need to change in the profiles in order to make them work? What line? The profiles are Lubuntu default firefox, insanitybit hungry man Google Chrome and Java profile.

    Do I have to put a W at the end to enable write at some line of code? I am so freaking noob when it comes to create profiles.


    Also Hungry Man I tried to load your Google Chrome apparmor profile at kernel with command:

    cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a


    But I get an error:


    Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
    AppArmor parser error, in stdin line 58: Found unexpected character: '�'










    Code:
    # Last Modified: Fri Sep 28 23:38:48 2012
    #include <tunables/global>
    
    /opt/google/chrome/chrome {
    capability sys_ptrace,
    
    network inet stream,
    network inet tcp,
    network inet6 stream,
    network inet6 tcp,
    
    deny /anon_hugepage//deleted r,
    
    /bin/readlink rCx,
    /bin/which rCx,
    /dev/ r,
    /dev/dri/card* rw,
    /dev/null rw,
    /dev/ptmx rw,
    /dev/random r,
    /dev/snd/controlC* rw,
    /dev/snd/pcm* rw,
    /dev/snd/timer r,
    /dev/tty rw,
    /dev/urandom r,
    /dev/video* r,
    /etc/fonts/** r,
    /etc/fstab r,
    /etc/gai.conf r,
    /etc/group r,
    /etc/host.conf r,
    /etc/hosts mr,
    /etc/ld.so.cache mr,
    /etc/locale.alias r,
    /etc/localtime r,
    /etc/lsb-release r,
    /etc/mtab r,
    /etc/nss_mdns.conf r,
    /etc/nsswitch.conf r,
    /etc/opt/chrome/policies/managed/ r,
    /etc/opt/chrome/policies/managed/*.json r,
    /etc/opt/chrome/policies/recommended/ r,
    /etc/opt/chrome/policies/recommended/*.json r,
    /etc/passwd mr,
    /etc/protocols r,
    /etc/pulse/client.conf r,
    /etc/python*/sitecustomize.py r,
    /etc/resolvconf/run/resolv.conf r,
    /etc/samba/lmhosts r,
    /etc/services r,
    /etc/udev/udev.conf r,
    /home/*/.Xauthority r,
    owner /home/*/.cache/dconf/user mrw,
    /home/*/.config/dconf/user r,
    /home/*/.config/google-chrome/ r,
    owner /home/*/.config/google-chrome/*.txt rw,
    owner /home/*/.config/google-chrome/.com.* rw,
    owner “/home/*/.config/google-chrome/Certificate Revocation Lists” rw,
    owner “/home/*/.config/google-chrome/Consent To Send Stats” rw,
    /home/*/.config/google-chrome/Default/ r,
    owner /home/*/.config/google-chrome/Default/* rw,
    owner /home/*/.config/google-chrome/Default/*.bak rw,
    owner /home/*/.config/google-chrome/Default/*.txt rw,
    owner “/home/*/.config/google-chrome/Default/Application Cache/” rw,
    owner “/home/*/.config/google-chrome/Default/Application Cache/Index” mrwk,
    owner “/home/*/.config/google-chrome/Default/Application Cache/Index-journal” mrw,
    owner “/home/*/.config/google-chrome/Default/Archived History” rwk,
    owner “/home/*/.config/google-chrome/Default/Archived History-journal” rw,
    owner /home/*/.config/google-chrome/Default/Bookmarks rw,
    owner /home/*/.config/google-chrome/Default/Cookies rwk,
    owner /home/*/.config/google-chrome/Default/Cookies-journal rw,
    owner “/home/*/.config/google-chrome/Default/Current Session” rw,
    owner “/home/*/.config/google-chrome/Default/Current Tabs” rw,
    owner “/home/*/.config/google-chrome/Default/Extension Cookies” rwk,
    owner “/home/*/.config/google-chrome/Default/Extension Cookies-journal” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/” r,
    owner “/home/*/.config/google-chrome/Default/Extension State/*.dbtmp” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/*.log” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/*.sst” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/CURRENT” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/LOCK” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/MANIFEST-*” rw,
    /home/*/.config/google-chrome/Default/Extensions/ r,
    owner /home/*/.config/google-chrome/Default/Extensions/** rw,
    owner /home/*/.config/google-chrome/Default/Extensions/*/*/*/*.so mrw,
    owner /home/*/.config/google-chrome/Default/Favicons rwk,
    owner /home/*/.config/google-chrome/Default/Favicons-journal rw,
    owner “/home/*/.config/google-chrome/Default/File System/*/*/.usage” rw,
    owner “/home/*/.config/google-chrome/Default/File System/Origins/LOCK” rw,
    owner “/home/*/.config/google-chrome/Default/File System/Origins/MANIFEST-*” rw,
    owner /home/*/.config/google-chrome/Default/History* rwk,
    owner /home/*/.config/google-chrome/Default/IndexedDB/ r,
    owner /home/*/.config/google-chrome/Default/IndexedDB/*.leveldb/ mrw,
    owner /home/*/.config/google-chrome/Default/IndexedDB/*/LOCK rw,
    owner “/home/*/.config/google-chrome/Default/Last Session” rw,
    owner “/home/*/.config/google-chrome/Default/Last Tabs” rw,
    owner “/home/*/.config/google-chrome/Default/Local Storage/” r,
    owner “/home/*/.config/google-chrome/Default/Local Storage/*” rwk,
    owner “/home/*/.config/google-chrome/Default/Login Data” rwk,
    owner “/home/*/.config/google-chrome/Default/Login Data-journal” rw,
    owner “/home/*/.config/google-chrome/Default/Managed Mode Settings” rw,
    owner “/home/*/.config/google-chrome/Default/Network Action Predictor” rwk,
    owner “/home/*/.config/google-chrome/Default/Network Action Predictor-journal” rw,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/*” rw,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/” r,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/**” mrw,
    “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/” r,
    “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/**” rw,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/macromedia.com/support/flashplayer/sys/**” rw,
    owner /home/*/.config/google-chrome/Default/Preferences rw,
    owner /home/*/.config/google-chrome/Default/QuotaManager rwk,
    owner /home/*/.config/google-chrome/Default/QuotaManager-journal rw,
    owner /home/*/.config/google-chrome/Default/Shortcuts rwk,
    owner /home/*/.config/google-chrome/Default/Shortcuts-journal rw,
    “/home/*/.config/google-chrome/Default/Sync Data/” rwk,
    owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3″ rwk,
    owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3-journal” rw,
    “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/” r,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.dbtmp” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.log” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.sst” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/CURRENT” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/LOCK” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/MANIFEST-*” rw,
    owner “/home/*/.config/google-chrome/Default/Top Sites” rwk,
    owner “/home/*/.config/google-chrome/Default/Top Sites-journal” rw,
    owner /home/*/.config/google-chrome/Default/TransportSecurity rw,
    owner “/home/*/.config/google-chrome/Default/User StyleSheets/*.css” rw,
    owner “/home/*/.config/google-chrome/Default/Visited Links” rw,
    owner “/home/*/.config/google-chrome/Default/Web Data” rwk,
    owner “/home/*/.config/google-chrome/Default/Web Data-journal” rw,
    owner /home/*/.config/google-chrome/Default/databases/ rw,
    owner /home/*/.config/google-chrome/Default/databases/*.com*/* rwk,
    owner /home/*/.config/google-chrome/Default/databases/*.db rwk,
    owner /home/*/.config/google-chrome/Default/databases/*.db-journal rwk,
    owner /home/*/.config/google-chrome/Default/databases/chrome-extension*/* rwk,
    owner /home/*/.config/google-chrome/Dictionaries/*.bdic rw,
    owner “/home/*/.config/google-chrome/Local State” rw,
    /home/*/.config/google-chrome/PepperFlash/ r,
    owner “/home/*/.config/google-chrome/Safe Browsing Bloom” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Bloom Filter 2″ rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Bloom_new” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Cookies” rwk,
    owner “/home/*/.config/google-chrome/Safe Browsing Cookies-journal” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist_new” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist_new” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download_new” rw,
    owner /home/*/.config/google-chrome/SingletonCookie rw,
    owner /home/*/.config/google-chrome/SingletonLock rw,
    owner /home/*/.config/google-chrome/SingletonSocket rw,
    owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/ r,
    owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/*.png rw,
    owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/_locales/ rw,
    /home/*/.gtk-bookmarks r,
    /home/*/.java/deployment/deployment.properties rwk,
    /home/*/.local/share/icons/ r,
    /home/*/.local/share/icons/*/*/apps/ r,
    /home/*/.local/share/mime/* mr,
    /home/*/.local/share/recently-used.xbel rw,
    /home/*/.local/share/recently-used.xbel.* rw,
    /home/*/.pki/nssdb/cert9.db rwk,
    /home/*/.pki/nssdb/key4.db rwk,
    /home/*/.pki/nssdb/pkcs11.txt rw,
    /home/*/.pulse-cookie rwk,
    /home/*/.pulse/ r,
    /home/*/.thumbnails/normal/* r,
    /home/*/Downloads/ r,
    /home/*/Downloads/** rw,
    /home/*/Pictures/ r,
    /home/*/Pictures/** rw,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libbz2.so.* mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /lib/x86_64-linux-gnu/libcom_err.so.* mr,
    /lib/x86_64-linux-gnu/libdbus-*.so.* mr,
    /lib/x86_64-linux-gnu/libdl-*.so mr,
    /lib/x86_64-linux-gnu/libexpat.so.* mr,
    /lib/x86_64-linux-gnu/libgcc_s.so.* mr,
    /lib/x86_64-linux-gnu/libgcrypt.so.* mr,
    /lib/x86_64-linux-gnu/libglib-*.so.* mr,
    /lib/x86_64-linux-gnu/libgpg-error.so.* mr,
    /lib/x86_64-linux-gnu/libkeyutils.so.* mr,
    /lib/x86_64-linux-gnu/libm-*.so mr,
    /lib/x86_64-linux-gnu/libnsl-*.so mr,
    /lib/x86_64-linux-gnu/libnss_dns-*.so mr,
    /lib/x86_64-linux-gnu/libnss_files-*.so mr,
    /lib/x86_64-linux-gnu/libpci.so.* mr,
    /lib/x86_64-linux-gnu/libpcre.so.* mr,
    /lib/x86_64-linux-gnu/libpng*.so.* mr,
    /lib/x86_64-linux-gnu/libpthread-*.so mr,
    /lib/x86_64-linux-gnu/libresolv-*.so mr,
    /lib/x86_64-linux-gnu/librt-*.so mr,
    /lib/x86_64-linux-gnu/libselinux.so.* mr,
    /lib/x86_64-linux-gnu/libtinfo.so.* mr,
    /lib/x86_64-linux-gnu/libudev.so.* mr,
    /lib/x86_64-linux-gnu/libwrap.so.* mr,
    /lib/x86_64-linux-gnu/libz.so.* mr,
    /opt/google/chrome/*.png r,
    /opt/google/chrome/PepperFlash/libpepflashplayer.so mr,
    /opt/google/chrome/chrome mrix,
    /opt/google/chrome/chrome-sandbox mrPx,
    /opt/google/chrome/chrome.pak r,
    /opt/google/chrome/default_apps/ r,
    /opt/google/chrome/default_apps/*.json rw,
    /opt/google/chrome/extensions/ rw,
    /opt/google/chrome/google-chrome rix,
    /opt/google/chrome/libffmpegsumo.so mr,
    /opt/google/chrome/libpdf.so mr,
    /opt/google/chrome/libppGoogleNaClPluginChrome.so mr,
    /opt/google/chrome/locales/en-US.pak r,
    /opt/google/chrome/nacl_helper_bootstrap Px,
    /opt/google/chrome/nacl_irt_x86_64.nexe r,
    /opt/google/chrome/resources.pak r,
    /opt/google/chrome/theme_resources_*_percent.pak r,
    /opt/google/chrome/ui_resources_*_percent.pak r,
    /proc/*/mounts r,
    /run/shm/ r,
    /run/shm/.com.google.Chrome.* rw,
    /run/shm/pulse-shm-* rw,
    /selinux/ r,
    /sys/bus/pci/devices/ r,
    /sys/devices/*/*/resource r,
    /sys/devices/pci*/*/*/class r,
    /sys/devices/pci*/*/*/device r,
    /sys/devices/pci*/*/*/irq r,
    /sys/devices/pci*/*/*/resource r,
    /sys/devices/pci*/*/*/vendor r,
    /sys/devices/pci*/*:*/class r,
    /sys/devices/pci*/*:*/device r,
    /sys/devices/pci*/*:*/irq r,
    /sys/devices/pci*/*:*/vendor r,
    /sys/devices/system/cpu/ r,
    /sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_*_freq r,
    /sys/devices/system/cpu/online r,
    /tmp/ r,
    /tmp/** rw,
    owner /tmp/chrome/** mrwk,
    /usr/bin/dirname rCx,
    /usr/bin/lsb_release rCx,
    /usr/bin/xdg-open rCx,
    /usr/bin/xdg-settings rCx,
    /usr/include/python*/pyconfig.h r,
    /usr/lib/gtk-*/*/menuproxies/libappmenu.so mr,
    /usr/lib/jvm/java-*-oracle/jre/bin/java mrPx,
    /usr/lib/jvm/java-*-oracle/jre/lib/** mr,
    /usr/lib/libdee-*.so.* mr,
    /usr/lib/libicudata.so.* mr,
    /usr/lib/libicui18n.so.* mr,
    /usr/lib/libicuuc.so.* mr,
    /usr/lib/liboverlay-scrollbar*.so.* mr,
    /usr/lib/libunity.so.* mr,
    /usr/lib/locale/** mr,
    /usr/lib/mozilla/plugins/ r,
    /usr/lib/x86_64-linux-gnu/*/*/*modules/*.so mr,
    /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_conf_pulse.so mr,
    /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so mr,
    /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_rate_speexrate.so mr,
    /usr/lib/x86_64-linux-gnu/dri/libdricore.so mr,
    /usr/lib/x86_64-linux-gnu/dri/libgallium.so mr,
    /usr/lib/x86_64-linux-gnu/dri/libglsl.so mr,
    /usr/lib/x86_64-linux-gnu/dri/r*_dri.so mr,
    /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so mr,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
    /usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders.cache mr,
    /usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-png.so mr,
    /usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-svg.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/ r,
    /usr/lib/x86_64-linux-gnu/gio/modules/giomodule.cache mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgiolibproxy.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgioremote-volume-monitor.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgvfsdbus.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-*/*/engines/libmurrine.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-*/*/gtk.immodules mr,
    /usr/lib/x86_64-linux-gnu/gtk-*/modules/libcanberra-gtk-module.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-cups.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-file.so mr,
    /usr/lib/x86_64-linux-gnu/gvfs/libgvfscommon.so mr,
    /usr/lib/x86_64-linux-gnu/libFLAC.so.* mr,
    /usr/lib/x86_64-linux-gnu/libLLVM-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libX11-xcb.so.* mr,
    /usr/lib/x86_64-linux-gnu/libX11.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXau.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXcomposite.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXcursor.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXdamage.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXdmcp.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXext.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXfixes.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXinerama.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXrandr.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXrender.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXss.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXxf86vm.so.* mr,
    /usr/lib/x86_64-linux-gnu/libasound.so.* mr,
    /usr/lib/x86_64-linux-gnu/libasyncns.so.* mr,
    /usr/lib/x86_64-linux-gnu/libatk-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libavahi-client.so.* mr,
    /usr/lib/x86_64-linux-gnu/libavahi-common.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcairo.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-alsa.so r,
    /usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-pulse.so r,
    /usr/lib/x86_64-linux-gnu/libcanberra-gtk.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcanberra.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcroco-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcups.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdbus-glib-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdbusmenu-gtk.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdrm.so.* mr,
    /usr/lib/x86_64-linux-gnu/libffi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libfontconfig.so.* mr,
    /usr/lib/x86_64-linux-gnu/libfreetype.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgdk-x11-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgee.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libglapi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgnome-keyring.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgnutls.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgssapi_krb*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgtk-x*-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libibus-*.*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libjson.so.* mr,
    /usr/lib/x86_64-linux-gnu/libk5crypto.so.* mr,
    /usr/lib/x86_64-linux-gnu/libkrb5.so.* mr,
    /usr/lib/x86_64-linux-gnu/libkrb5support.so.* mr,
    /usr/lib/x86_64-linux-gnu/libltdl.so.* mr,
    /usr/lib/x86_64-linux-gnu/libnspr*.so mr,
    /usr/lib/x86_64-linux-gnu/libnss*.so mr,
    /usr/lib/x86_64-linux-gnu/libogg.so.* mr,
    /usr/lib/x86_64-linux-gnu/libp*-kit.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpango-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpangocairo-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpangoft*-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpixman-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libplc*.so mr,
    /usr/lib/x86_64-linux-gnu/libplds*.so mr,
    /usr/lib/x86_64-linux-gnu/libpulse.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpulsecommon-*.so mr,
    /usr/lib/x86_64-linux-gnu/librsvg-2.*o.* mr,
    /usr/lib/x86_64-linux-gnu/libsmime*.so mr,
    /usr/lib/x86_64-linux-gnu/libsndfile.so.* mr,
    /usr/lib/x86_64-linux-gnu/libspeexdsp.so.* mr,
    /usr/lib/x86_64-linux-gnu/libsqlite*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libstdc*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libtasn1.so.* mr,
    /usr/lib/x86_64-linux-gnu/libtdb.so.* mr,
    /usr/lib/x86_64-linux-gnu/libvorbis.so.* mr,
    /usr/lib/x86_64-linux-gnu/libvorbisenc.so.* mr,
    /usr/lib/x86_64-linux-gnu/libvorbisfile.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb-glx.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb-render.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb-shm.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxml2.so.* mr,
    /usr/lib/x86_64-linux-gnu/mesa/libGL.so.* mr,
    /usr/lib/x86_64-linux-gnu/nss/libfreebl*.so mr,
    /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so mr,
    /usr/lib/x86_64-linux-gnu/nss/libsoftokn*.so mr,
    /usr/lib/x86_64-linux-gnu/pango/*/module-files.d/ r,
    /usr/lib/x86_64-linux-gnu/pango/*/module-files.d/libpango*.*.modules mr,
    /usr/local/lib/python*/dist-packages/ r,
    /usr/local/share/icons/ r,
    /usr/local/share/icons/hicolor/*/apps/ r,
    /usr/local/share/icons/hicolor/*/apps/*chrome.png r,
    /usr/local/share/icons/hicolor/scalable/apps/ r,
    /usr/share/** r,
    /var/cache/*/*.cache-* mr,
    /var/cache/nscd/group r,
    /var/cache/nscd/passwd r,
    /var/lib/dbus/machine-id r,
    /var/tmp/ r,
    owner /var/tmp/** w,
    /var/tmp/** r,
    /{,var/}run/.nscd_socket rw,
    /{,var/}run/mdnsd rw,
    /{,var/}run/nscd/socket rw,
    /{,var/}run/resolvconf/resolv.conf r,
    /{,var/}run/utmp r,
    owner @{HOME}/.cache/** mrw,
    owner @{HOME}/.config/** mrw,
    @{PROC}/ r,
    @{PROC}/*/auxv r,
    @{PROC}/*/coredump_filter rw,
    @{PROC}/*/maps r,
    @{PROC}/[0-9]*/cmdline r,
    @{PROC}/[0-9]*/fd/ r,
    @{PROC}/[0-9]*/io r,
    @{PROC}/[0-9]*/oom_score_adj w,
    @{PROC}/[0-9]*/stat r,
    @{PROC}/[0-9]*/statm r,
    @{PROC}/[0-9]*/status r,
    @{PROC}/[0-9]*/task/ r,
    @{PROC}/[0-9]*/task/*/stat r,
    @{PROC}/cpuinfo r,
    @{PROC}/filesystems r,
    @{PROC}/meminfo r,
    @{PROC}/sys/kernel/shmmax r,
    profile /bin/mkdir {
    
    /bin/mkdir r,
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld*.so mr,
    /lib/x86_64-linux-gnu/libc*.so mr,
    /lib/x86_64-linux-gnu/libdl*.so mr,
    /lib/x86_64-linux-gnu/libselinux.so* mr,
    /proc/filesystems r,
    /usr/lib/locale/locale-archive r,
    
    }
    
    profile /bin/readlink {
    
    /bin/readlink r,
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /usr/lib/locale/locale-archive r,
    
    }
    
    profile /bin/which {
    
    /bin/dash r,
    /bin/which r,
    /dev/null rw,
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    
    }
    
    profile /usr/bin/dirname {
    
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /usr/bin/dirname r,
    /usr/lib/locale/locale-archive r,
    
    }
    
    profile /usr/bin/lsb_release {
    /dev/null rw,
    /etc/ld.so.cache mr,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /lib/x86_64-linux-gnu/libcrypto.so.* mr,
    /lib/x86_64-linux-gnu/libdl-*.so mr,
    /lib/x86_64-linux-gnu/libgcc_s.so.* mr,
    /lib/x86_64-linux-gnu/libm-*.so mr,
    /lib/x86_64-linux-gnu/libpthread-*.so mr,
    /lib/x86_64-linux-gnu/libssl.so.* mr,
    /lib/x86_64-linux-gnu/libutil-*.so mr,
    /lib/x86_64-linux-gnu/libz.so.* mr,
    /proc/meminfo r,
    /usr/bin/python* r,
    /usr/include/python2.7/pyconfig.h r,
    /usr/lib/python*/UserDict.py r,
    /usr/lib/python*/UserDict.pyc r,
    /usr/lib/python*/_abcoll.py r,
    /usr/lib/python*/_abcoll.pyc r,
    /usr/lib/python*/abc.py r,
    /usr/lib/python*/abc.pyc r,
    /usr/lib/python*/genericpath.py r,
    /usr/lib/python*/genericpath.pyc r,
    /usr/lib/python*/linecache.py r,
    /usr/lib/python*/linecache.pyc r,
    /usr/lib/python*/os.py r,
    /usr/lib/python*/os.pyc r,
    /usr/lib/python*/posixpath.py r,
    /usr/lib/python*/posixpath.pyc r,
    /usr/lib/python*/site.py r,
    /usr/lib/python*/site.pyc r,
    /usr/lib/python*/stat.py r,
    /usr/lib/python*/stat.pyc r,
    /usr/lib/python*/types.py r,
    /usr/lib/python*/types.pyc r,
    /usr/lib/python*/warnings.py r,
    /usr/lib/python*/warnings.pyc r,
    /usr/lib/python2.7/_weakrefset.py r,
    /usr/lib/python2.7/_weakrefset.pyc r,
    /usr/lib/python2.7/config/Makefile r,
    /usr/lib/python2.7/copy_reg.py r,
    /usr/lib/python2.7/copy_reg.pyc r,
    /usr/lib/python2.7/re.py r,
    /usr/lib/python2.7/re.pyc r,
    /usr/lib/python2.7/sre_compile.py r,
    /usr/lib/python2.7/sre_compile.pyc r,
    /usr/lib/python2.7/sre_constants.py r,
    /usr/lib/python2.7/sre_constants.pyc r,
    /usr/lib/python2.7/sre_parse.py r,
    /usr/lib/python2.7/sre_parse.pyc r,
    /usr/lib/python2.7/sysconfig.py r,
    /usr/lib/python2.7/sysconfig.pyc r,
    /usr/lib/python2.7/traceback.py r,
    /usr/lib/python2.7/traceback.pyc r,
    
    }
    
    profile /usr/bin/xdg-open {
    
    /bin/dash r,
    /etc/ld.so.cache mr,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    
    }
    
    profile /usr/bin/xdg-settings {
    
    /bin/dash r,
    /bin/grep rix,
    /bin/mkdir rix,
    /bin/readlink rix,
    /bin/sed rix,
    /bin/touch rix,
    /bin/which rix,
    /dev/null rw,
    /etc/gnome/defaults.list r,
    /etc/ld.so.cache mr,
    /etc/locale.alias r,
    /home/*/.local/share/applications/ rw,
    /home/*/.local/share/applications/mimeapps.list r,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /lib/x86_64-linux-gnu/libdbus-*.so.* mr,
    /lib/x86_64-linux-gnu/libdl-*.so mr,
    /lib/x86_64-linux-gnu/libglib-*.so.* mr,
    /lib/x86_64-linux-gnu/libm-*.so mr,
    /lib/x86_64-linux-gnu/libpcre.so.* mr,
    /lib/x86_64-linux-gnu/libpthread-*.so mr,
    /lib/x86_64-linux-gnu/libresolv-*.so mr,
    /lib/x86_64-linux-gnu/librt-*.so mr,
    /lib/x86_64-linux-gnu/libselinux.so.* mr,
    /lib/x86_64-linux-gnu/libz.so.* mr,
    /proc/*/maps r,
    /proc/filesystems r,
    /usr/bin/basename rix,
    /usr/bin/cut rix,
    /usr/bin/dirname rix,
    /usr/bin/gawk rix,
    /usr/bin/gconftool-2 rix,
    /usr/bin/xdg-mime rix,
    /usr/bin/xdg-settings r,
    /usr/lib/libsigsegv.so.* mr,
    /usr/lib/locale/** r,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
    /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.* mr,
    /usr/lib/x86_64-linux-gnu/libffi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxml*.so.* mr,
    /usr/local/share/applications/google-chrome.desktop r,
    
    }
    }



    Thanks guys for any help on this.
    Last edited by overdrank; September 30th, 2012 at 11:46 PM. Reason: added code tags

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •