diff options
| author | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2015-10-17 15:02:48 +0200 |
|---|---|---|
| committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2015-10-17 15:16:00 +0200 |
| commit | 72abe1f66f9a9115717999de2bdff1017f897693 (patch) | |
| tree | f7bad81fe914beb9d1ccc92eb8174a707c96ae03 /apparmor-profiles/usr.bin.VBox | |
| download | config-72abe1f66f9a9115717999de2bdff1017f897693.zip config-72abe1f66f9a9115717999de2bdff1017f897693.tar.gz config-72abe1f66f9a9115717999de2bdff1017f897693.tar.bz2 | |
init with apparmor profiles for Virtualbox, Chromium and Iceweasel
Diffstat (limited to 'apparmor-profiles/usr.bin.VBox')
| -rw-r--r-- | apparmor-profiles/usr.bin.VBox | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/apparmor-profiles/usr.bin.VBox b/apparmor-profiles/usr.bin.VBox new file mode 100644 index 0000000..68ac718 --- /dev/null +++ b/apparmor-profiles/usr.bin.VBox @@ -0,0 +1,69 @@ +#https://raw.githubusercontent.com/Whonix/apparmor-profile-virtualbox/master/etc/apparmor.d/usr.lib.virtualbox.VirtualBox +# Last Modified: Sat May 24 04:32:08 2014 +#include <tunables/global> + +/usr/lib/virtualbox/VirtualBox { + #include <abstractions/base> + #include <abstractions/gnome> + #include <abstractions/kde> + #include <abstractions/fonts> + #include <abstractions/audio> + #include <abstractions/user-download> + + capability net_raw, + capability sys_ptrace, + + deny /etc/nsswitch.conf r, + deny /etc/passwd r, + #deny /etc/resolv.conf r, + deny /etc/fstab r, + deny /etc/drirc r, + deny /etc/udev/udev.conf r, + #deny @{PROC}/** r, + @{PROC}/ r, + @{PROC}/** r, + deny /var/lib/dbus/machine-id r, + #deny /sys/** r, + /sys/** r, + + /dev/dri/card0 rw, + /dev/vboxdrv rw, + /dev/vboxdrvu rw, + /dev/sr0 r, + /dev/tty r, + /dev/cpu r, + /run/udev/data/** r, + + @{HOME}/.VirtualBox/* rw, + "@{HOME}/VirtualBox VMs/" r, + "@{HOME}/VirtualBox VMs/**" rw, + @{HOME}/.config/VirtualBox/ r, + @{HOME}/.config/VirtualBox/** rwkl, + + /mnt/virtual/wolfi/Progs/virtualbox/ rw, + /mnt/virtual/wolfi/Progs/virtualbox/** rw, + /mnt/virtual/wolfi/Downloads/ rw, + /mnt/virtual/wolfi/Downloads/** rw, + @{HOME}/ r, + ## The .iso, .ova. or .ovf files should be there + @{HOME}/Downloads/ r, + @{HOME}/Downloads/** r, + @{HOME}/MA/code/ rw, + @{HOME}/MA/code/** rw, + + ## Shared folders. Replace with your own host share. + @{HOME}/share/ r, + @{HOME}/share/** rw, + + ## Should be in abstractions/audio? ## + /usr/bin/pulseaudio rix, + /usr/lib/pulse-2.0/** mrix, + ###################################### + + /usr/lib/virtualbox/** mrix, + /bin/dash rix, + + /usr/share/virtualbox/nls/* r, + /usr/share/icons/hicolor/index.theme rwk, # ?? +} + |