Results 1 to 10 of 19

Thread: AppArmor Java Google Chrome FireFox profile question

Hybrid View

  1. #1
    Join Date
    Aug 2012
    Beans
    47

    Question AppArmor Java Google Chrome FireFox profile question

    Hi everyone

    Today I finally was able to install last version of Java in Lubuntu

    I play online poker at partypoker. For linux, I need to run the poker room from my internet browser and I need to have Java Oracle 7 installed. Now, everything works fine and I am able to login to the poker room if I dont use an apparmor profile.

    But here is the thing and the catch, at party poker is always full of cheaters, could be hackers, crackers, blackhats, thiefs from all around the world, and cybercriminals. And cause their games are completely RIGGED. This is a fact, and no wonder since you are playing with real money. So this attract this kind of low life no moral values people, who are capable of stealing money from their own mother.

    That been said. I need to use apparmor profiles for firefox and google chrome, and Java in order to protect my self from these crooks, bulgars and thiefs.

    I am using the default Lubuntu firefox apparmor profile and I use Hungry Man Google Chrome and java apparmor profile.

    The problem is that all these profiles are so restricted that my poker room wont load in any of them if I enable apparmor web browsers profiles.

    The poker room needs the java plugin in order to run.

    I am wondering what do I need to change in the profiles in order to make them work? What line? The profiles are Lubuntu default firefox, insanitybit hungry man Google Chrome and Java profile.

    Do I have to put a W at the end to enable write at some line of code? I am so freaking noob when it comes to create profiles.


    Also Hungry Man I tried to load your Google Chrome apparmor profile at kernel with command:

    cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a


    But I get an error:


    Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
    AppArmor parser error, in stdin line 58: Found unexpected character: '�'










    Code:
    # Last Modified: Fri Sep 28 23:38:48 2012
    #include <tunables/global>
    
    /opt/google/chrome/chrome {
    capability sys_ptrace,
    
    network inet stream,
    network inet tcp,
    network inet6 stream,
    network inet6 tcp,
    
    deny /anon_hugepage//deleted r,
    
    /bin/readlink rCx,
    /bin/which rCx,
    /dev/ r,
    /dev/dri/card* rw,
    /dev/null rw,
    /dev/ptmx rw,
    /dev/random r,
    /dev/snd/controlC* rw,
    /dev/snd/pcm* rw,
    /dev/snd/timer r,
    /dev/tty rw,
    /dev/urandom r,
    /dev/video* r,
    /etc/fonts/** r,
    /etc/fstab r,
    /etc/gai.conf r,
    /etc/group r,
    /etc/host.conf r,
    /etc/hosts mr,
    /etc/ld.so.cache mr,
    /etc/locale.alias r,
    /etc/localtime r,
    /etc/lsb-release r,
    /etc/mtab r,
    /etc/nss_mdns.conf r,
    /etc/nsswitch.conf r,
    /etc/opt/chrome/policies/managed/ r,
    /etc/opt/chrome/policies/managed/*.json r,
    /etc/opt/chrome/policies/recommended/ r,
    /etc/opt/chrome/policies/recommended/*.json r,
    /etc/passwd mr,
    /etc/protocols r,
    /etc/pulse/client.conf r,
    /etc/python*/sitecustomize.py r,
    /etc/resolvconf/run/resolv.conf r,
    /etc/samba/lmhosts r,
    /etc/services r,
    /etc/udev/udev.conf r,
    /home/*/.Xauthority r,
    owner /home/*/.cache/dconf/user mrw,
    /home/*/.config/dconf/user r,
    /home/*/.config/google-chrome/ r,
    owner /home/*/.config/google-chrome/*.txt rw,
    owner /home/*/.config/google-chrome/.com.* rw,
    owner “/home/*/.config/google-chrome/Certificate Revocation Lists” rw,
    owner “/home/*/.config/google-chrome/Consent To Send Stats” rw,
    /home/*/.config/google-chrome/Default/ r,
    owner /home/*/.config/google-chrome/Default/* rw,
    owner /home/*/.config/google-chrome/Default/*.bak rw,
    owner /home/*/.config/google-chrome/Default/*.txt rw,
    owner “/home/*/.config/google-chrome/Default/Application Cache/” rw,
    owner “/home/*/.config/google-chrome/Default/Application Cache/Index” mrwk,
    owner “/home/*/.config/google-chrome/Default/Application Cache/Index-journal” mrw,
    owner “/home/*/.config/google-chrome/Default/Archived History” rwk,
    owner “/home/*/.config/google-chrome/Default/Archived History-journal” rw,
    owner /home/*/.config/google-chrome/Default/Bookmarks rw,
    owner /home/*/.config/google-chrome/Default/Cookies rwk,
    owner /home/*/.config/google-chrome/Default/Cookies-journal rw,
    owner “/home/*/.config/google-chrome/Default/Current Session” rw,
    owner “/home/*/.config/google-chrome/Default/Current Tabs” rw,
    owner “/home/*/.config/google-chrome/Default/Extension Cookies” rwk,
    owner “/home/*/.config/google-chrome/Default/Extension Cookies-journal” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/” r,
    owner “/home/*/.config/google-chrome/Default/Extension State/*.dbtmp” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/*.log” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/*.sst” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/CURRENT” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/LOCK” rw,
    owner “/home/*/.config/google-chrome/Default/Extension State/MANIFEST-*” rw,
    /home/*/.config/google-chrome/Default/Extensions/ r,
    owner /home/*/.config/google-chrome/Default/Extensions/** rw,
    owner /home/*/.config/google-chrome/Default/Extensions/*/*/*/*.so mrw,
    owner /home/*/.config/google-chrome/Default/Favicons rwk,
    owner /home/*/.config/google-chrome/Default/Favicons-journal rw,
    owner “/home/*/.config/google-chrome/Default/File System/*/*/.usage” rw,
    owner “/home/*/.config/google-chrome/Default/File System/Origins/LOCK” rw,
    owner “/home/*/.config/google-chrome/Default/File System/Origins/MANIFEST-*” rw,
    owner /home/*/.config/google-chrome/Default/History* rwk,
    owner /home/*/.config/google-chrome/Default/IndexedDB/ r,
    owner /home/*/.config/google-chrome/Default/IndexedDB/*.leveldb/ mrw,
    owner /home/*/.config/google-chrome/Default/IndexedDB/*/LOCK rw,
    owner “/home/*/.config/google-chrome/Default/Last Session” rw,
    owner “/home/*/.config/google-chrome/Default/Last Tabs” rw,
    owner “/home/*/.config/google-chrome/Default/Local Storage/” r,
    owner “/home/*/.config/google-chrome/Default/Local Storage/*” rwk,
    owner “/home/*/.config/google-chrome/Default/Login Data” rwk,
    owner “/home/*/.config/google-chrome/Default/Login Data-journal” rw,
    owner “/home/*/.config/google-chrome/Default/Managed Mode Settings” rw,
    owner “/home/*/.config/google-chrome/Default/Network Action Predictor” rwk,
    owner “/home/*/.config/google-chrome/Default/Network Action Predictor-journal” rw,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/*” rw,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/” r,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/**” mrw,
    “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/” r,
    “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/**” rw,
    owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/macromedia.com/support/flashplayer/sys/**” rw,
    owner /home/*/.config/google-chrome/Default/Preferences rw,
    owner /home/*/.config/google-chrome/Default/QuotaManager rwk,
    owner /home/*/.config/google-chrome/Default/QuotaManager-journal rw,
    owner /home/*/.config/google-chrome/Default/Shortcuts rwk,
    owner /home/*/.config/google-chrome/Default/Shortcuts-journal rw,
    “/home/*/.config/google-chrome/Default/Sync Data/” rwk,
    owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3″ rwk,
    owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3-journal” rw,
    “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/” r,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.dbtmp” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.log” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.sst” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/CURRENT” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/LOCK” rw,
    owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/MANIFEST-*” rw,
    owner “/home/*/.config/google-chrome/Default/Top Sites” rwk,
    owner “/home/*/.config/google-chrome/Default/Top Sites-journal” rw,
    owner /home/*/.config/google-chrome/Default/TransportSecurity rw,
    owner “/home/*/.config/google-chrome/Default/User StyleSheets/*.css” rw,
    owner “/home/*/.config/google-chrome/Default/Visited Links” rw,
    owner “/home/*/.config/google-chrome/Default/Web Data” rwk,
    owner “/home/*/.config/google-chrome/Default/Web Data-journal” rw,
    owner /home/*/.config/google-chrome/Default/databases/ rw,
    owner /home/*/.config/google-chrome/Default/databases/*.com*/* rwk,
    owner /home/*/.config/google-chrome/Default/databases/*.db rwk,
    owner /home/*/.config/google-chrome/Default/databases/*.db-journal rwk,
    owner /home/*/.config/google-chrome/Default/databases/chrome-extension*/* rwk,
    owner /home/*/.config/google-chrome/Dictionaries/*.bdic rw,
    owner “/home/*/.config/google-chrome/Local State” rw,
    /home/*/.config/google-chrome/PepperFlash/ r,
    owner “/home/*/.config/google-chrome/Safe Browsing Bloom” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Bloom Filter 2″ rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Bloom_new” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Cookies” rwk,
    owner “/home/*/.config/google-chrome/Safe Browsing Cookies-journal” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist_new” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist_new” rw,
    owner “/home/*/.config/google-chrome/Safe Browsing Download_new” rw,
    owner /home/*/.config/google-chrome/SingletonCookie rw,
    owner /home/*/.config/google-chrome/SingletonLock rw,
    owner /home/*/.config/google-chrome/SingletonSocket rw,
    owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/ r,
    owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/*.png rw,
    owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/_locales/ rw,
    /home/*/.gtk-bookmarks r,
    /home/*/.java/deployment/deployment.properties rwk,
    /home/*/.local/share/icons/ r,
    /home/*/.local/share/icons/*/*/apps/ r,
    /home/*/.local/share/mime/* mr,
    /home/*/.local/share/recently-used.xbel rw,
    /home/*/.local/share/recently-used.xbel.* rw,
    /home/*/.pki/nssdb/cert9.db rwk,
    /home/*/.pki/nssdb/key4.db rwk,
    /home/*/.pki/nssdb/pkcs11.txt rw,
    /home/*/.pulse-cookie rwk,
    /home/*/.pulse/ r,
    /home/*/.thumbnails/normal/* r,
    /home/*/Downloads/ r,
    /home/*/Downloads/** rw,
    /home/*/Pictures/ r,
    /home/*/Pictures/** rw,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libbz2.so.* mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /lib/x86_64-linux-gnu/libcom_err.so.* mr,
    /lib/x86_64-linux-gnu/libdbus-*.so.* mr,
    /lib/x86_64-linux-gnu/libdl-*.so mr,
    /lib/x86_64-linux-gnu/libexpat.so.* mr,
    /lib/x86_64-linux-gnu/libgcc_s.so.* mr,
    /lib/x86_64-linux-gnu/libgcrypt.so.* mr,
    /lib/x86_64-linux-gnu/libglib-*.so.* mr,
    /lib/x86_64-linux-gnu/libgpg-error.so.* mr,
    /lib/x86_64-linux-gnu/libkeyutils.so.* mr,
    /lib/x86_64-linux-gnu/libm-*.so mr,
    /lib/x86_64-linux-gnu/libnsl-*.so mr,
    /lib/x86_64-linux-gnu/libnss_dns-*.so mr,
    /lib/x86_64-linux-gnu/libnss_files-*.so mr,
    /lib/x86_64-linux-gnu/libpci.so.* mr,
    /lib/x86_64-linux-gnu/libpcre.so.* mr,
    /lib/x86_64-linux-gnu/libpng*.so.* mr,
    /lib/x86_64-linux-gnu/libpthread-*.so mr,
    /lib/x86_64-linux-gnu/libresolv-*.so mr,
    /lib/x86_64-linux-gnu/librt-*.so mr,
    /lib/x86_64-linux-gnu/libselinux.so.* mr,
    /lib/x86_64-linux-gnu/libtinfo.so.* mr,
    /lib/x86_64-linux-gnu/libudev.so.* mr,
    /lib/x86_64-linux-gnu/libwrap.so.* mr,
    /lib/x86_64-linux-gnu/libz.so.* mr,
    /opt/google/chrome/*.png r,
    /opt/google/chrome/PepperFlash/libpepflashplayer.so mr,
    /opt/google/chrome/chrome mrix,
    /opt/google/chrome/chrome-sandbox mrPx,
    /opt/google/chrome/chrome.pak r,
    /opt/google/chrome/default_apps/ r,
    /opt/google/chrome/default_apps/*.json rw,
    /opt/google/chrome/extensions/ rw,
    /opt/google/chrome/google-chrome rix,
    /opt/google/chrome/libffmpegsumo.so mr,
    /opt/google/chrome/libpdf.so mr,
    /opt/google/chrome/libppGoogleNaClPluginChrome.so mr,
    /opt/google/chrome/locales/en-US.pak r,
    /opt/google/chrome/nacl_helper_bootstrap Px,
    /opt/google/chrome/nacl_irt_x86_64.nexe r,
    /opt/google/chrome/resources.pak r,
    /opt/google/chrome/theme_resources_*_percent.pak r,
    /opt/google/chrome/ui_resources_*_percent.pak r,
    /proc/*/mounts r,
    /run/shm/ r,
    /run/shm/.com.google.Chrome.* rw,
    /run/shm/pulse-shm-* rw,
    /selinux/ r,
    /sys/bus/pci/devices/ r,
    /sys/devices/*/*/resource r,
    /sys/devices/pci*/*/*/class r,
    /sys/devices/pci*/*/*/device r,
    /sys/devices/pci*/*/*/irq r,
    /sys/devices/pci*/*/*/resource r,
    /sys/devices/pci*/*/*/vendor r,
    /sys/devices/pci*/*:*/class r,
    /sys/devices/pci*/*:*/device r,
    /sys/devices/pci*/*:*/irq r,
    /sys/devices/pci*/*:*/vendor r,
    /sys/devices/system/cpu/ r,
    /sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_*_freq r,
    /sys/devices/system/cpu/online r,
    /tmp/ r,
    /tmp/** rw,
    owner /tmp/chrome/** mrwk,
    /usr/bin/dirname rCx,
    /usr/bin/lsb_release rCx,
    /usr/bin/xdg-open rCx,
    /usr/bin/xdg-settings rCx,
    /usr/include/python*/pyconfig.h r,
    /usr/lib/gtk-*/*/menuproxies/libappmenu.so mr,
    /usr/lib/jvm/java-*-oracle/jre/bin/java mrPx,
    /usr/lib/jvm/java-*-oracle/jre/lib/** mr,
    /usr/lib/libdee-*.so.* mr,
    /usr/lib/libicudata.so.* mr,
    /usr/lib/libicui18n.so.* mr,
    /usr/lib/libicuuc.so.* mr,
    /usr/lib/liboverlay-scrollbar*.so.* mr,
    /usr/lib/libunity.so.* mr,
    /usr/lib/locale/** mr,
    /usr/lib/mozilla/plugins/ r,
    /usr/lib/x86_64-linux-gnu/*/*/*modules/*.so mr,
    /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_conf_pulse.so mr,
    /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so mr,
    /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_rate_speexrate.so mr,
    /usr/lib/x86_64-linux-gnu/dri/libdricore.so mr,
    /usr/lib/x86_64-linux-gnu/dri/libgallium.so mr,
    /usr/lib/x86_64-linux-gnu/dri/libglsl.so mr,
    /usr/lib/x86_64-linux-gnu/dri/r*_dri.so mr,
    /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so mr,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
    /usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders.cache mr,
    /usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-png.so mr,
    /usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-svg.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/ r,
    /usr/lib/x86_64-linux-gnu/gio/modules/giomodule.cache mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgiolibproxy.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgioremote-volume-monitor.so mr,
    /usr/lib/x86_64-linux-gnu/gio/modules/libgvfsdbus.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-*/*/engines/libmurrine.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-*/*/gtk.immodules mr,
    /usr/lib/x86_64-linux-gnu/gtk-*/modules/libcanberra-gtk-module.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-cups.so mr,
    /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-file.so mr,
    /usr/lib/x86_64-linux-gnu/gvfs/libgvfscommon.so mr,
    /usr/lib/x86_64-linux-gnu/libFLAC.so.* mr,
    /usr/lib/x86_64-linux-gnu/libLLVM-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libX11-xcb.so.* mr,
    /usr/lib/x86_64-linux-gnu/libX11.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXau.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXcomposite.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXcursor.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXdamage.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXdmcp.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXext.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXfixes.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXinerama.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXrandr.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXrender.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXss.so.* mr,
    /usr/lib/x86_64-linux-gnu/libXxf86vm.so.* mr,
    /usr/lib/x86_64-linux-gnu/libasound.so.* mr,
    /usr/lib/x86_64-linux-gnu/libasyncns.so.* mr,
    /usr/lib/x86_64-linux-gnu/libatk-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libavahi-client.so.* mr,
    /usr/lib/x86_64-linux-gnu/libavahi-common.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcairo.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-alsa.so r,
    /usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-pulse.so r,
    /usr/lib/x86_64-linux-gnu/libcanberra-gtk.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcanberra.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcroco-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libcups.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdbus-glib-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdbusmenu-gtk.so.* mr,
    /usr/lib/x86_64-linux-gnu/libdrm.so.* mr,
    /usr/lib/x86_64-linux-gnu/libffi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libfontconfig.so.* mr,
    /usr/lib/x86_64-linux-gnu/libfreetype.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgdk-x11-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgee.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libglapi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgnome-keyring.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgnutls.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgssapi_krb*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgtk-x*-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libibus-*.*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libjson.so.* mr,
    /usr/lib/x86_64-linux-gnu/libk5crypto.so.* mr,
    /usr/lib/x86_64-linux-gnu/libkrb5.so.* mr,
    /usr/lib/x86_64-linux-gnu/libkrb5support.so.* mr,
    /usr/lib/x86_64-linux-gnu/libltdl.so.* mr,
    /usr/lib/x86_64-linux-gnu/libnspr*.so mr,
    /usr/lib/x86_64-linux-gnu/libnss*.so mr,
    /usr/lib/x86_64-linux-gnu/libogg.so.* mr,
    /usr/lib/x86_64-linux-gnu/libp*-kit.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpango-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpangocairo-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpangoft*-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpixman-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libplc*.so mr,
    /usr/lib/x86_64-linux-gnu/libplds*.so mr,
    /usr/lib/x86_64-linux-gnu/libpulse.so.* mr,
    /usr/lib/x86_64-linux-gnu/libpulsecommon-*.so mr,
    /usr/lib/x86_64-linux-gnu/librsvg-2.*o.* mr,
    /usr/lib/x86_64-linux-gnu/libsmime*.so mr,
    /usr/lib/x86_64-linux-gnu/libsndfile.so.* mr,
    /usr/lib/x86_64-linux-gnu/libspeexdsp.so.* mr,
    /usr/lib/x86_64-linux-gnu/libsqlite*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libstdc*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libtasn1.so.* mr,
    /usr/lib/x86_64-linux-gnu/libtdb.so.* mr,
    /usr/lib/x86_64-linux-gnu/libvorbis.so.* mr,
    /usr/lib/x86_64-linux-gnu/libvorbisenc.so.* mr,
    /usr/lib/x86_64-linux-gnu/libvorbisfile.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb-glx.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb-render.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb-shm.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxcb.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxml2.so.* mr,
    /usr/lib/x86_64-linux-gnu/mesa/libGL.so.* mr,
    /usr/lib/x86_64-linux-gnu/nss/libfreebl*.so mr,
    /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so mr,
    /usr/lib/x86_64-linux-gnu/nss/libsoftokn*.so mr,
    /usr/lib/x86_64-linux-gnu/pango/*/module-files.d/ r,
    /usr/lib/x86_64-linux-gnu/pango/*/module-files.d/libpango*.*.modules mr,
    /usr/local/lib/python*/dist-packages/ r,
    /usr/local/share/icons/ r,
    /usr/local/share/icons/hicolor/*/apps/ r,
    /usr/local/share/icons/hicolor/*/apps/*chrome.png r,
    /usr/local/share/icons/hicolor/scalable/apps/ r,
    /usr/share/** r,
    /var/cache/*/*.cache-* mr,
    /var/cache/nscd/group r,
    /var/cache/nscd/passwd r,
    /var/lib/dbus/machine-id r,
    /var/tmp/ r,
    owner /var/tmp/** w,
    /var/tmp/** r,
    /{,var/}run/.nscd_socket rw,
    /{,var/}run/mdnsd rw,
    /{,var/}run/nscd/socket rw,
    /{,var/}run/resolvconf/resolv.conf r,
    /{,var/}run/utmp r,
    owner @{HOME}/.cache/** mrw,
    owner @{HOME}/.config/** mrw,
    @{PROC}/ r,
    @{PROC}/*/auxv r,
    @{PROC}/*/coredump_filter rw,
    @{PROC}/*/maps r,
    @{PROC}/[0-9]*/cmdline r,
    @{PROC}/[0-9]*/fd/ r,
    @{PROC}/[0-9]*/io r,
    @{PROC}/[0-9]*/oom_score_adj w,
    @{PROC}/[0-9]*/stat r,
    @{PROC}/[0-9]*/statm r,
    @{PROC}/[0-9]*/status r,
    @{PROC}/[0-9]*/task/ r,
    @{PROC}/[0-9]*/task/*/stat r,
    @{PROC}/cpuinfo r,
    @{PROC}/filesystems r,
    @{PROC}/meminfo r,
    @{PROC}/sys/kernel/shmmax r,
    profile /bin/mkdir {
    
    /bin/mkdir r,
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld*.so mr,
    /lib/x86_64-linux-gnu/libc*.so mr,
    /lib/x86_64-linux-gnu/libdl*.so mr,
    /lib/x86_64-linux-gnu/libselinux.so* mr,
    /proc/filesystems r,
    /usr/lib/locale/locale-archive r,
    
    }
    
    profile /bin/readlink {
    
    /bin/readlink r,
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /usr/lib/locale/locale-archive r,
    
    }
    
    profile /bin/which {
    
    /bin/dash r,
    /bin/which r,
    /dev/null rw,
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    
    }
    
    profile /usr/bin/dirname {
    
    /etc/ld.so.cache r,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /usr/bin/dirname r,
    /usr/lib/locale/locale-archive r,
    
    }
    
    profile /usr/bin/lsb_release {
    /dev/null rw,
    /etc/ld.so.cache mr,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /lib/x86_64-linux-gnu/libcrypto.so.* mr,
    /lib/x86_64-linux-gnu/libdl-*.so mr,
    /lib/x86_64-linux-gnu/libgcc_s.so.* mr,
    /lib/x86_64-linux-gnu/libm-*.so mr,
    /lib/x86_64-linux-gnu/libpthread-*.so mr,
    /lib/x86_64-linux-gnu/libssl.so.* mr,
    /lib/x86_64-linux-gnu/libutil-*.so mr,
    /lib/x86_64-linux-gnu/libz.so.* mr,
    /proc/meminfo r,
    /usr/bin/python* r,
    /usr/include/python2.7/pyconfig.h r,
    /usr/lib/python*/UserDict.py r,
    /usr/lib/python*/UserDict.pyc r,
    /usr/lib/python*/_abcoll.py r,
    /usr/lib/python*/_abcoll.pyc r,
    /usr/lib/python*/abc.py r,
    /usr/lib/python*/abc.pyc r,
    /usr/lib/python*/genericpath.py r,
    /usr/lib/python*/genericpath.pyc r,
    /usr/lib/python*/linecache.py r,
    /usr/lib/python*/linecache.pyc r,
    /usr/lib/python*/os.py r,
    /usr/lib/python*/os.pyc r,
    /usr/lib/python*/posixpath.py r,
    /usr/lib/python*/posixpath.pyc r,
    /usr/lib/python*/site.py r,
    /usr/lib/python*/site.pyc r,
    /usr/lib/python*/stat.py r,
    /usr/lib/python*/stat.pyc r,
    /usr/lib/python*/types.py r,
    /usr/lib/python*/types.pyc r,
    /usr/lib/python*/warnings.py r,
    /usr/lib/python*/warnings.pyc r,
    /usr/lib/python2.7/_weakrefset.py r,
    /usr/lib/python2.7/_weakrefset.pyc r,
    /usr/lib/python2.7/config/Makefile r,
    /usr/lib/python2.7/copy_reg.py r,
    /usr/lib/python2.7/copy_reg.pyc r,
    /usr/lib/python2.7/re.py r,
    /usr/lib/python2.7/re.pyc r,
    /usr/lib/python2.7/sre_compile.py r,
    /usr/lib/python2.7/sre_compile.pyc r,
    /usr/lib/python2.7/sre_constants.py r,
    /usr/lib/python2.7/sre_constants.pyc r,
    /usr/lib/python2.7/sre_parse.py r,
    /usr/lib/python2.7/sre_parse.pyc r,
    /usr/lib/python2.7/sysconfig.py r,
    /usr/lib/python2.7/sysconfig.pyc r,
    /usr/lib/python2.7/traceback.py r,
    /usr/lib/python2.7/traceback.pyc r,
    
    }
    
    profile /usr/bin/xdg-open {
    
    /bin/dash r,
    /etc/ld.so.cache mr,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    
    }
    
    profile /usr/bin/xdg-settings {
    
    /bin/dash r,
    /bin/grep rix,
    /bin/mkdir rix,
    /bin/readlink rix,
    /bin/sed rix,
    /bin/touch rix,
    /bin/which rix,
    /dev/null rw,
    /etc/gnome/defaults.list r,
    /etc/ld.so.cache mr,
    /etc/locale.alias r,
    /home/*/.local/share/applications/ rw,
    /home/*/.local/share/applications/mimeapps.list r,
    /lib/x86_64-linux-gnu/ld-*.so mr,
    /lib/x86_64-linux-gnu/libc-*.so mr,
    /lib/x86_64-linux-gnu/libdbus-*.so.* mr,
    /lib/x86_64-linux-gnu/libdl-*.so mr,
    /lib/x86_64-linux-gnu/libglib-*.so.* mr,
    /lib/x86_64-linux-gnu/libm-*.so mr,
    /lib/x86_64-linux-gnu/libpcre.so.* mr,
    /lib/x86_64-linux-gnu/libpthread-*.so mr,
    /lib/x86_64-linux-gnu/libresolv-*.so mr,
    /lib/x86_64-linux-gnu/librt-*.so mr,
    /lib/x86_64-linux-gnu/libselinux.so.* mr,
    /lib/x86_64-linux-gnu/libz.so.* mr,
    /proc/*/maps r,
    /proc/filesystems r,
    /usr/bin/basename rix,
    /usr/bin/cut rix,
    /usr/bin/dirname rix,
    /usr/bin/gawk rix,
    /usr/bin/gconftool-2 rix,
    /usr/bin/xdg-mime rix,
    /usr/bin/xdg-settings r,
    /usr/lib/libsigsegv.so.* mr,
    /usr/lib/locale/** r,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
    /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
    /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.* mr,
    /usr/lib/x86_64-linux-gnu/libffi.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
    /usr/lib/x86_64-linux-gnu/libxml*.so.* mr,
    /usr/local/share/applications/google-chrome.desktop r,
    
    }
    }



    Thanks guys for any help on this.
    Last edited by overdrank; September 30th, 2012 at 11:46 PM. Reason: added code tags

  2. #2
    Join Date
    Mar 2011
    Beans
    680

    Re: AppArmor Java Google Chrome FireFox profile question

    Hey, about my Chrome profile it look slike there's a character there that shouldn't be or isn't recognized (both in this case). Try deleting and rewriting just the first few lines by hand. When copy/pasting from my blog the characters must have gotten screwed up. It's a wordpress issue and I can't really solve it unfortunately.

    What I would suggest is that you set the profiles to complain mode, use the poker site for a minute, and then use 'aa-logprof' (in the terminal, no quotes) to see what they need access to. You can then just allow what's necessary.
    sig

  3. #3
    Join Date
    Aug 2012
    Beans
    47

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by Hungry Man View Post
    Hey, about my Chrome profile it look slike there's a character there that shouldn't be or isn't recognized (both in this case). Try deleting and rewriting just the first few lines by hand. When copy/pasting from my blog the characters must have gotten screwed up. It's a wordpress issue and I can't really solve it unfortunately.

    What I would suggest is that you set the profiles to complain mode, use the poker site for a minute, and then use 'aa-logprof' (in the terminal, no quotes) to see what they need access to. You can then just allow what's necessary.






    Ok, I try yesterday but I was not able to figure out this one.




    Ok I put the profile in complain mode,then I enter the poker room for a minute, then I put aa-logprof in the terminal, I get somemthing like, reading logs, and profiles in /etc/apparmor.d/ has been updated.

    So far so good.



    But then I have absolutely no idea what to do. Whats the next step. I mean the profile has been modified automatically and I should use it now?
    Or do I have to go to the logs folder to see what rulez has been denied. And then make the right changes in the apparmor profile.

    I am kinda lost on this one.

  4. #4
    Join Date
    Mar 2011
    Beans
    680

    Re: AppArmor Java Google Chrome FireFox profile question

    If you can enforce the profile and it works then all is well and you can just leave it like that.
    sig

  5. #5
    Join Date
    Aug 2012
    Beans
    47

    Re: AppArmor Java Google Chrome FireFox profile question

    Quote Originally Posted by Hungry Man View Post
    If you can enforce the profile and it works then all is well and you can just leave it like that.

    OOOOhhhhhh ok now I get it.




    Regarding your profile look the error I get when I use aa-logprof in the terminal:




    Reading log entries from /var/log/syslog.
    Updating AppArmor profiles in /etc/apparmor.d.

    /etc/apparmor.d/GoogleChromeHungry contains syntax errors. Line [owner “/home/*/.config/google-chrome/Certificate Revocation Lists” rw,]


    Aparently there is something wrong with line 58, It must be my computer or something I did, damn it. I am going to write it by hand and see what happends.


    Thanks

  6. #6
    Join Date
    Mar 2011
    Beans
    680

    Re: AppArmor Java Google Chrome FireFox profile question

    Delete the quotes and rewrite them in manually. It's a wordpress issue.

    You can just do a find and replace. Copy the quotes from the broken line and then put that in the 'find' box. In the replace just type an actual quote from the keyboard.
    sig

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •