aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/apparmor/apparmor.d/abstractions/private-files
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
commit83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch)
tree19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/apparmor/apparmor.d/abstractions/private-files
parent51d43498b07dc97d795947964534f0903cd05db5 (diff)
downloadbin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz
bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/apparmor/apparmor.d/abstractions/private-files')
-rw-r--r--straper/db/public/apparmor/apparmor.d/abstractions/private-files52
1 files changed, 0 insertions, 52 deletions
diff --git a/straper/db/public/apparmor/apparmor.d/abstractions/private-files b/straper/db/public/apparmor/apparmor.d/abstractions/private-files
deleted file mode 100644
index 00ad5f1..0000000
--- a/straper/db/public/apparmor/apparmor.d/abstractions/private-files
+++ /dev/null
@@ -1,52 +0,0 @@
-# vim:syntax=apparmor
-# privacy-violations contains rules for common files that you want to
-# explicitly deny access
-
- abi <abi/4.0>,
-
- # privacy violations (don't audit files under $HOME otherwise get a
- # lot of false positives when reading contents of directories)
- deny @{HOME}/.*history mrwkl,
- deny @{HOME}/.fetchmail* mrwkl,
- deny @{HOME}/.mutt** mrwkl,
- deny @{HOME}/.viminfo* mrwkl,
- deny @{HOME}/.*~ mrwkl,
- deny @{HOME}/.*.swp mrwkl,
- deny @{HOME}/.*~1~ mrwkl,
- deny @{HOME}/.*.bak mrwkl,
-
- # special attention to (potentially) executable files
- audit deny @{HOME}/bin/{,**} wl,
- audit deny @{HOME}/.config/ w,
- audit deny @{HOME}/.config/autostart/{,**} wl,
- audit deny @{HOME}/.config/upstart/{,**} wl,
- audit deny @{HOME}/.init/{,**} wl,
- audit deny @{HOME}/.kde{,4}/ w,
- audit deny @{HOME}/.kde{,4}/Autostart/{,**} wl,
- audit deny @{HOME}/.kde{,4}/env/{,**} wl,
- audit deny @{HOME}/.local/{,share/} w,
- audit deny @{HOME}/.local/share/thumbnailers/{,**} wl,
- audit deny @{HOME}/.pki/ w,
- audit deny @{HOME}/.pki/nssdb/{,*.so{,.[0-9]*}} wl,
-
- # don't allow reading/updating of run control files
- deny @{HOME}/.*rc mrk,
- audit deny @{HOME}/.*rc wl,
-
- # bash
- deny @{HOME}/.bash* mrk,
- audit deny @{HOME}/.bash* wl,
- deny @{HOME}/.inputrc mrk,
- audit deny @{HOME}/.inputrc wl,
-
- # sh/dash/csh/tcsh/pdksh/zsh
- deny @{HOME}/.{,z}profile* mrk,
- audit deny @{HOME}/.{,z}profile* wl,
- deny @{HOME}/.{,z}log{in,out} mrk,
- audit deny @{HOME}/.{,z}log{in,out} wl,
-
- deny @{HOME}/.zshenv mrk,
- audit deny @{HOME}/.zshenv wl,
-
- # Include additions to the abstraction
- include if exists <abstractions/private-files.d>