Code:
# Last Modified: Fri Sep 28 23:38:48 2012
#include <tunables/global>
/opt/google/chrome/chrome {
capability sys_ptrace,
network inet stream,
network inet tcp,
network inet6 stream,
network inet6 tcp,
deny /anon_hugepage//deleted r,
/bin/readlink rCx,
/bin/which rCx,
/dev/ r,
/dev/dri/card* rw,
/dev/null rw,
/dev/ptmx rw,
/dev/random r,
/dev/snd/controlC* rw,
/dev/snd/pcm* rw,
/dev/snd/timer r,
/dev/tty rw,
/dev/urandom r,
/dev/video* r,
/etc/fonts/** r,
/etc/fstab r,
/etc/gai.conf r,
/etc/group r,
/etc/host.conf r,
/etc/hosts mr,
/etc/ld.so.cache mr,
/etc/locale.alias r,
/etc/localtime r,
/etc/lsb-release r,
/etc/mtab r,
/etc/nss_mdns.conf r,
/etc/nsswitch.conf r,
/etc/opt/chrome/policies/managed/ r,
/etc/opt/chrome/policies/managed/*.json r,
/etc/opt/chrome/policies/recommended/ r,
/etc/opt/chrome/policies/recommended/*.json r,
/etc/passwd mr,
/etc/protocols r,
/etc/pulse/client.conf r,
/etc/python*/sitecustomize.py r,
/etc/resolvconf/run/resolv.conf r,
/etc/samba/lmhosts r,
/etc/services r,
/etc/udev/udev.conf r,
/home/*/.Xauthority r,
owner /home/*/.cache/dconf/user mrw,
/home/*/.config/dconf/user r,
/home/*/.config/google-chrome/ r,
owner /home/*/.config/google-chrome/*.txt rw,
owner /home/*/.config/google-chrome/.com.* rw,
owner “/home/*/.config/google-chrome/Certificate Revocation Lists” rw,
owner “/home/*/.config/google-chrome/Consent To Send Stats” rw,
/home/*/.config/google-chrome/Default/ r,
owner /home/*/.config/google-chrome/Default/* rw,
owner /home/*/.config/google-chrome/Default/*.bak rw,
owner /home/*/.config/google-chrome/Default/*.txt rw,
owner “/home/*/.config/google-chrome/Default/Application Cache/” rw,
owner “/home/*/.config/google-chrome/Default/Application Cache/Index” mrwk,
owner “/home/*/.config/google-chrome/Default/Application Cache/Index-journal” mrw,
owner “/home/*/.config/google-chrome/Default/Archived History” rwk,
owner “/home/*/.config/google-chrome/Default/Archived History-journal” rw,
owner /home/*/.config/google-chrome/Default/Bookmarks rw,
owner /home/*/.config/google-chrome/Default/Cookies rwk,
owner /home/*/.config/google-chrome/Default/Cookies-journal rw,
owner “/home/*/.config/google-chrome/Default/Current Session” rw,
owner “/home/*/.config/google-chrome/Default/Current Tabs” rw,
owner “/home/*/.config/google-chrome/Default/Extension Cookies” rwk,
owner “/home/*/.config/google-chrome/Default/Extension Cookies-journal” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/” r,
owner “/home/*/.config/google-chrome/Default/Extension State/*.dbtmp” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/*.log” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/*.sst” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/CURRENT” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/LOCK” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/MANIFEST-*” rw,
/home/*/.config/google-chrome/Default/Extensions/ r,
owner /home/*/.config/google-chrome/Default/Extensions/** rw,
owner /home/*/.config/google-chrome/Default/Extensions/*/*/*/*.so mrw,
owner /home/*/.config/google-chrome/Default/Favicons rwk,
owner /home/*/.config/google-chrome/Default/Favicons-journal rw,
owner “/home/*/.config/google-chrome/Default/File System/*/*/.usage” rw,
owner “/home/*/.config/google-chrome/Default/File System/Origins/LOCK” rw,
owner “/home/*/.config/google-chrome/Default/File System/Origins/MANIFEST-*” rw,
owner /home/*/.config/google-chrome/Default/History* rwk,
owner /home/*/.config/google-chrome/Default/IndexedDB/ r,
owner /home/*/.config/google-chrome/Default/IndexedDB/*.leveldb/ mrw,
owner /home/*/.config/google-chrome/Default/IndexedDB/*/LOCK rw,
owner “/home/*/.config/google-chrome/Default/Last Session” rw,
owner “/home/*/.config/google-chrome/Default/Last Tabs” rw,
owner “/home/*/.config/google-chrome/Default/Local Storage/” r,
owner “/home/*/.config/google-chrome/Default/Local Storage/*” rwk,
owner “/home/*/.config/google-chrome/Default/Login Data” rwk,
owner “/home/*/.config/google-chrome/Default/Login Data-journal” rw,
owner “/home/*/.config/google-chrome/Default/Managed Mode Settings” rw,
owner “/home/*/.config/google-chrome/Default/Network Action Predictor” rwk,
owner “/home/*/.config/google-chrome/Default/Network Action Predictor-journal” rw,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/*” rw,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/” r,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/**” mrw,
“/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/” r,
“/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/**” rw,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/macromedia.com/support/flashplayer/sys/**” rw,
owner /home/*/.config/google-chrome/Default/Preferences rw,
owner /home/*/.config/google-chrome/Default/QuotaManager rwk,
owner /home/*/.config/google-chrome/Default/QuotaManager-journal rw,
owner /home/*/.config/google-chrome/Default/Shortcuts rwk,
owner /home/*/.config/google-chrome/Default/Shortcuts-journal rw,
“/home/*/.config/google-chrome/Default/Sync Data/” rwk,
owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3″ rwk,
owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3-journal” rw,
“/home/*/.config/google-chrome/Default/Sync Extension Settings/*/” r,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.dbtmp” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.log” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.sst” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/CURRENT” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/LOCK” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/MANIFEST-*” rw,
owner “/home/*/.config/google-chrome/Default/Top Sites” rwk,
owner “/home/*/.config/google-chrome/Default/Top Sites-journal” rw,
owner /home/*/.config/google-chrome/Default/TransportSecurity rw,
owner “/home/*/.config/google-chrome/Default/User StyleSheets/*.css” rw,
owner “/home/*/.config/google-chrome/Default/Visited Links” rw,
owner “/home/*/.config/google-chrome/Default/Web Data” rwk,
owner “/home/*/.config/google-chrome/Default/Web Data-journal” rw,
owner /home/*/.config/google-chrome/Default/databases/ rw,
owner /home/*/.config/google-chrome/Default/databases/*.com*/* rwk,
owner /home/*/.config/google-chrome/Default/databases/*.db rwk,
owner /home/*/.config/google-chrome/Default/databases/*.db-journal rwk,
owner /home/*/.config/google-chrome/Default/databases/chrome-extension*/* rwk,
owner /home/*/.config/google-chrome/Dictionaries/*.bdic rw,
owner “/home/*/.config/google-chrome/Local State” rw,
/home/*/.config/google-chrome/PepperFlash/ r,
owner “/home/*/.config/google-chrome/Safe Browsing Bloom” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Bloom Filter 2″ rw,
owner “/home/*/.config/google-chrome/Safe Browsing Bloom_new” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Cookies” rwk,
owner “/home/*/.config/google-chrome/Safe Browsing Cookies-journal” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist_new” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist_new” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download_new” rw,
owner /home/*/.config/google-chrome/SingletonCookie rw,
owner /home/*/.config/google-chrome/SingletonLock rw,
owner /home/*/.config/google-chrome/SingletonSocket rw,
owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/ r,
owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/*.png rw,
owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/_locales/ rw,
/home/*/.gtk-bookmarks r,
/home/*/.java/deployment/deployment.properties rwk,
/home/*/.local/share/icons/ r,
/home/*/.local/share/icons/*/*/apps/ r,
/home/*/.local/share/mime/* mr,
/home/*/.local/share/recently-used.xbel rw,
/home/*/.local/share/recently-used.xbel.* rw,
/home/*/.pki/nssdb/cert9.db rwk,
/home/*/.pki/nssdb/key4.db rwk,
/home/*/.pki/nssdb/pkcs11.txt rw,
/home/*/.pulse-cookie rwk,
/home/*/.pulse/ r,
/home/*/.thumbnails/normal/* r,
/home/*/Downloads/ r,
/home/*/Downloads/** rw,
/home/*/Pictures/ r,
/home/*/Pictures/** rw,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libbz2.so.* mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libcom_err.so.* mr,
/lib/x86_64-linux-gnu/libdbus-*.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libexpat.so.* mr,
/lib/x86_64-linux-gnu/libgcc_s.so.* mr,
/lib/x86_64-linux-gnu/libgcrypt.so.* mr,
/lib/x86_64-linux-gnu/libglib-*.so.* mr,
/lib/x86_64-linux-gnu/libgpg-error.so.* mr,
/lib/x86_64-linux-gnu/libkeyutils.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libnsl-*.so mr,
/lib/x86_64-linux-gnu/libnss_dns-*.so mr,
/lib/x86_64-linux-gnu/libnss_files-*.so mr,
/lib/x86_64-linux-gnu/libpci.so.* mr,
/lib/x86_64-linux-gnu/libpcre.so.* mr,
/lib/x86_64-linux-gnu/libpng*.so.* mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libresolv-*.so mr,
/lib/x86_64-linux-gnu/librt-*.so mr,
/lib/x86_64-linux-gnu/libselinux.so.* mr,
/lib/x86_64-linux-gnu/libtinfo.so.* mr,
/lib/x86_64-linux-gnu/libudev.so.* mr,
/lib/x86_64-linux-gnu/libwrap.so.* mr,
/lib/x86_64-linux-gnu/libz.so.* mr,
/opt/google/chrome/*.png r,
/opt/google/chrome/PepperFlash/libpepflashplayer.so mr,
/opt/google/chrome/chrome mrix,
/opt/google/chrome/chrome-sandbox mrPx,
/opt/google/chrome/chrome.pak r,
/opt/google/chrome/default_apps/ r,
/opt/google/chrome/default_apps/*.json rw,
/opt/google/chrome/extensions/ rw,
/opt/google/chrome/google-chrome rix,
/opt/google/chrome/libffmpegsumo.so mr,
/opt/google/chrome/libpdf.so mr,
/opt/google/chrome/libppGoogleNaClPluginChrome.so mr,
/opt/google/chrome/locales/en-US.pak r,
/opt/google/chrome/nacl_helper_bootstrap Px,
/opt/google/chrome/nacl_irt_x86_64.nexe r,
/opt/google/chrome/resources.pak r,
/opt/google/chrome/theme_resources_*_percent.pak r,
/opt/google/chrome/ui_resources_*_percent.pak r,
/proc/*/mounts r,
/run/shm/ r,
/run/shm/.com.google.Chrome.* rw,
/run/shm/pulse-shm-* rw,
/selinux/ r,
/sys/bus/pci/devices/ r,
/sys/devices/*/*/resource r,
/sys/devices/pci*/*/*/class r,
/sys/devices/pci*/*/*/device r,
/sys/devices/pci*/*/*/irq r,
/sys/devices/pci*/*/*/resource r,
/sys/devices/pci*/*/*/vendor r,
/sys/devices/pci*/*:*/class r,
/sys/devices/pci*/*:*/device r,
/sys/devices/pci*/*:*/irq r,
/sys/devices/pci*/*:*/vendor r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_*_freq r,
/sys/devices/system/cpu/online r,
/tmp/ r,
/tmp/** rw,
owner /tmp/chrome/** mrwk,
/usr/bin/dirname rCx,
/usr/bin/lsb_release rCx,
/usr/bin/xdg-open rCx,
/usr/bin/xdg-settings rCx,
/usr/include/python*/pyconfig.h r,
/usr/lib/gtk-*/*/menuproxies/libappmenu.so mr,
/usr/lib/jvm/java-*-oracle/jre/bin/java mrPx,
/usr/lib/jvm/java-*-oracle/jre/lib/** mr,
/usr/lib/libdee-*.so.* mr,
/usr/lib/libicudata.so.* mr,
/usr/lib/libicui18n.so.* mr,
/usr/lib/libicuuc.so.* mr,
/usr/lib/liboverlay-scrollbar*.so.* mr,
/usr/lib/libunity.so.* mr,
/usr/lib/locale/** mr,
/usr/lib/mozilla/plugins/ r,
/usr/lib/x86_64-linux-gnu/*/*/*modules/*.so mr,
/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_conf_pulse.so mr,
/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so mr,
/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_rate_speexrate.so mr,
/usr/lib/x86_64-linux-gnu/dri/libdricore.so mr,
/usr/lib/x86_64-linux-gnu/dri/libgallium.so mr,
/usr/lib/x86_64-linux-gnu/dri/libglsl.so mr,
/usr/lib/x86_64-linux-gnu/dri/r*_dri.so mr,
/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders.cache mr,
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-png.so mr,
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-svg.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/ r,
/usr/lib/x86_64-linux-gnu/gio/modules/giomodule.cache mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgiolibproxy.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgioremote-volume-monitor.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgvfsdbus.so mr,
/usr/lib/x86_64-linux-gnu/gtk-*/*/engines/libmurrine.so mr,
/usr/lib/x86_64-linux-gnu/gtk-*/*/gtk.immodules mr,
/usr/lib/x86_64-linux-gnu/gtk-*/modules/libcanberra-gtk-module.so mr,
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-cups.so mr,
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-file.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/libFLAC.so.* mr,
/usr/lib/x86_64-linux-gnu/libLLVM-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libX11-xcb.so.* mr,
/usr/lib/x86_64-linux-gnu/libX11.so.* mr,
/usr/lib/x86_64-linux-gnu/libXau.so.* mr,
/usr/lib/x86_64-linux-gnu/libXcomposite.so.* mr,
/usr/lib/x86_64-linux-gnu/libXcursor.so.* mr,
/usr/lib/x86_64-linux-gnu/libXdamage.so.* mr,
/usr/lib/x86_64-linux-gnu/libXdmcp.so.* mr,
/usr/lib/x86_64-linux-gnu/libXext.so.* mr,
/usr/lib/x86_64-linux-gnu/libXfixes.so.* mr,
/usr/lib/x86_64-linux-gnu/libXi.so.* mr,
/usr/lib/x86_64-linux-gnu/libXinerama.so.* mr,
/usr/lib/x86_64-linux-gnu/libXrandr.so.* mr,
/usr/lib/x86_64-linux-gnu/libXrender.so.* mr,
/usr/lib/x86_64-linux-gnu/libXss.so.* mr,
/usr/lib/x86_64-linux-gnu/libXxf86vm.so.* mr,
/usr/lib/x86_64-linux-gnu/libasound.so.* mr,
/usr/lib/x86_64-linux-gnu/libasyncns.so.* mr,
/usr/lib/x86_64-linux-gnu/libatk-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libavahi-client.so.* mr,
/usr/lib/x86_64-linux-gnu/libavahi-common.so.* mr,
/usr/lib/x86_64-linux-gnu/libcairo.so.* mr,
/usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-alsa.so r,
/usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-pulse.so r,
/usr/lib/x86_64-linux-gnu/libcanberra-gtk.so.* mr,
/usr/lib/x86_64-linux-gnu/libcanberra.so.* mr,
/usr/lib/x86_64-linux-gnu/libcroco-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libcups.so.* mr,
/usr/lib/x86_64-linux-gnu/libdbus-glib-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.* mr,
/usr/lib/x86_64-linux-gnu/libdbusmenu-gtk.so.* mr,
/usr/lib/x86_64-linux-gnu/libdrm.so.* mr,
/usr/lib/x86_64-linux-gnu/libffi.so.* mr,
/usr/lib/x86_64-linux-gnu/libfontconfig.so.* mr,
/usr/lib/x86_64-linux-gnu/libfreetype.so.* mr,
/usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgdk-x11-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgee.so.* mr,
/usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libglapi.so.* mr,
/usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgnome-keyring.so.* mr,
/usr/lib/x86_64-linux-gnu/libgnutls.so.* mr,
/usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgssapi_krb*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgtk-x*-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libibus-*.*.so.* mr,
/usr/lib/x86_64-linux-gnu/libjson.so.* mr,
/usr/lib/x86_64-linux-gnu/libk5crypto.so.* mr,
/usr/lib/x86_64-linux-gnu/libkrb5.so.* mr,
/usr/lib/x86_64-linux-gnu/libkrb5support.so.* mr,
/usr/lib/x86_64-linux-gnu/libltdl.so.* mr,
/usr/lib/x86_64-linux-gnu/libnspr*.so mr,
/usr/lib/x86_64-linux-gnu/libnss*.so mr,
/usr/lib/x86_64-linux-gnu/libogg.so.* mr,
/usr/lib/x86_64-linux-gnu/libp*-kit.so.* mr,
/usr/lib/x86_64-linux-gnu/libpango-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpangocairo-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpangoft*-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpixman-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libplc*.so mr,
/usr/lib/x86_64-linux-gnu/libplds*.so mr,
/usr/lib/x86_64-linux-gnu/libpulse.so.* mr,
/usr/lib/x86_64-linux-gnu/libpulsecommon-*.so mr,
/usr/lib/x86_64-linux-gnu/librsvg-2.*o.* mr,
/usr/lib/x86_64-linux-gnu/libsmime*.so mr,
/usr/lib/x86_64-linux-gnu/libsndfile.so.* mr,
/usr/lib/x86_64-linux-gnu/libspeexdsp.so.* mr,
/usr/lib/x86_64-linux-gnu/libsqlite*.so.* mr,
/usr/lib/x86_64-linux-gnu/libstdc*.so.* mr,
/usr/lib/x86_64-linux-gnu/libtasn1.so.* mr,
/usr/lib/x86_64-linux-gnu/libtdb.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbis.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbisenc.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbisfile.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb-glx.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb-render.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb-shm.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb.so.* mr,
/usr/lib/x86_64-linux-gnu/libxml2.so.* mr,
/usr/lib/x86_64-linux-gnu/mesa/libGL.so.* mr,
/usr/lib/x86_64-linux-gnu/nss/libfreebl*.so mr,
/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so mr,
/usr/lib/x86_64-linux-gnu/nss/libsoftokn*.so mr,
/usr/lib/x86_64-linux-gnu/pango/*/module-files.d/ r,
/usr/lib/x86_64-linux-gnu/pango/*/module-files.d/libpango*.*.modules mr,
/usr/local/lib/python*/dist-packages/ r,
/usr/local/share/icons/ r,
/usr/local/share/icons/hicolor/*/apps/ r,
/usr/local/share/icons/hicolor/*/apps/*chrome.png r,
/usr/local/share/icons/hicolor/scalable/apps/ r,
/usr/share/** r,
/var/cache/*/*.cache-* mr,
/var/cache/nscd/group r,
/var/cache/nscd/passwd r,
/var/lib/dbus/machine-id r,
/var/tmp/ r,
owner /var/tmp/** w,
/var/tmp/** r,
/{,var/}run/.nscd_socket rw,
/{,var/}run/mdnsd rw,
/{,var/}run/nscd/socket rw,
/{,var/}run/resolvconf/resolv.conf r,
/{,var/}run/utmp r,
owner @{HOME}/.cache/** mrw,
owner @{HOME}/.config/** mrw,
@{PROC}/ r,
@{PROC}/*/auxv r,
@{PROC}/*/coredump_filter rw,
@{PROC}/*/maps r,
@{PROC}/[0-9]*/cmdline r,
@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/io r,
@{PROC}/[0-9]*/oom_score_adj w,
@{PROC}/[0-9]*/stat r,
@{PROC}/[0-9]*/statm r,
@{PROC}/[0-9]*/status r,
@{PROC}/[0-9]*/task/ r,
@{PROC}/[0-9]*/task/*/stat r,
@{PROC}/cpuinfo r,
@{PROC}/filesystems r,
@{PROC}/meminfo r,
@{PROC}/sys/kernel/shmmax r,
profile /bin/mkdir {
/bin/mkdir r,
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld*.so mr,
/lib/x86_64-linux-gnu/libc*.so mr,
/lib/x86_64-linux-gnu/libdl*.so mr,
/lib/x86_64-linux-gnu/libselinux.so* mr,
/proc/filesystems r,
/usr/lib/locale/locale-archive r,
}
profile /bin/readlink {
/bin/readlink r,
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/usr/lib/locale/locale-archive r,
}
profile /bin/which {
/bin/dash r,
/bin/which r,
/dev/null rw,
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
}
profile /usr/bin/dirname {
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/usr/bin/dirname r,
/usr/lib/locale/locale-archive r,
}
profile /usr/bin/lsb_release {
/dev/null rw,
/etc/ld.so.cache mr,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libcrypto.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libgcc_s.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libssl.so.* mr,
/lib/x86_64-linux-gnu/libutil-*.so mr,
/lib/x86_64-linux-gnu/libz.so.* mr,
/proc/meminfo r,
/usr/bin/python* r,
/usr/include/python2.7/pyconfig.h r,
/usr/lib/python*/UserDict.py r,
/usr/lib/python*/UserDict.pyc r,
/usr/lib/python*/_abcoll.py r,
/usr/lib/python*/_abcoll.pyc r,
/usr/lib/python*/abc.py r,
/usr/lib/python*/abc.pyc r,
/usr/lib/python*/genericpath.py r,
/usr/lib/python*/genericpath.pyc r,
/usr/lib/python*/linecache.py r,
/usr/lib/python*/linecache.pyc r,
/usr/lib/python*/os.py r,
/usr/lib/python*/os.pyc r,
/usr/lib/python*/posixpath.py r,
/usr/lib/python*/posixpath.pyc r,
/usr/lib/python*/site.py r,
/usr/lib/python*/site.pyc r,
/usr/lib/python*/stat.py r,
/usr/lib/python*/stat.pyc r,
/usr/lib/python*/types.py r,
/usr/lib/python*/types.pyc r,
/usr/lib/python*/warnings.py r,
/usr/lib/python*/warnings.pyc r,
/usr/lib/python2.7/_weakrefset.py r,
/usr/lib/python2.7/_weakrefset.pyc r,
/usr/lib/python2.7/config/Makefile r,
/usr/lib/python2.7/copy_reg.py r,
/usr/lib/python2.7/copy_reg.pyc r,
/usr/lib/python2.7/re.py r,
/usr/lib/python2.7/re.pyc r,
/usr/lib/python2.7/sre_compile.py r,
/usr/lib/python2.7/sre_compile.pyc r,
/usr/lib/python2.7/sre_constants.py r,
/usr/lib/python2.7/sre_constants.pyc r,
/usr/lib/python2.7/sre_parse.py r,
/usr/lib/python2.7/sre_parse.pyc r,
/usr/lib/python2.7/sysconfig.py r,
/usr/lib/python2.7/sysconfig.pyc r,
/usr/lib/python2.7/traceback.py r,
/usr/lib/python2.7/traceback.pyc r,
}
profile /usr/bin/xdg-open {
/bin/dash r,
/etc/ld.so.cache mr,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
}
profile /usr/bin/xdg-settings {
/bin/dash r,
/bin/grep rix,
/bin/mkdir rix,
/bin/readlink rix,
/bin/sed rix,
/bin/touch rix,
/bin/which rix,
/dev/null rw,
/etc/gnome/defaults.list r,
/etc/ld.so.cache mr,
/etc/locale.alias r,
/home/*/.local/share/applications/ rw,
/home/*/.local/share/applications/mimeapps.list r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libdbus-*.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libglib-*.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libpcre.so.* mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libresolv-*.so mr,
/lib/x86_64-linux-gnu/librt-*.so mr,
/lib/x86_64-linux-gnu/libselinux.so.* mr,
/lib/x86_64-linux-gnu/libz.so.* mr,
/proc/*/maps r,
/proc/filesystems r,
/usr/bin/basename rix,
/usr/bin/cut rix,
/usr/bin/dirname rix,
/usr/bin/gawk rix,
/usr/bin/gconftool-2 rix,
/usr/bin/xdg-mime rix,
/usr/bin/xdg-settings r,
/usr/lib/libsigsegv.so.* mr,
/usr/lib/locale/** r,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
/usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.* mr,
/usr/lib/x86_64-linux-gnu/libffi.so.* mr,
/usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libxml*.so.* mr,
/usr/local/share/applications/google-chrome.desktop r,
}
}
Bookmarks