diff options
Diffstat (limited to 'apparmor-profiles/usr.bin.VBox')
-rw-r--r-- | apparmor-profiles/usr.bin.VBox | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/apparmor-profiles/usr.bin.VBox b/apparmor-profiles/usr.bin.VBox new file mode 100644 index 0000000..68ac718 --- /dev/null +++ b/apparmor-profiles/usr.bin.VBox @@ -0,0 +1,69 @@ +#https://raw.githubusercontent.com/Whonix/apparmor-profile-virtualbox/master/etc/apparmor.d/usr.lib.virtualbox.VirtualBox +# Last Modified: Sat May 24 04:32:08 2014 +#include <tunables/global> + +/usr/lib/virtualbox/VirtualBox { + #include <abstractions/base> + #include <abstractions/gnome> + #include <abstractions/kde> + #include <abstractions/fonts> + #include <abstractions/audio> + #include <abstractions/user-download> + + capability net_raw, + capability sys_ptrace, + + deny /etc/nsswitch.conf r, + deny /etc/passwd r, + #deny /etc/resolv.conf r, + deny /etc/fstab r, + deny /etc/drirc r, + deny /etc/udev/udev.conf r, + #deny @{PROC}/** r, + @{PROC}/ r, + @{PROC}/** r, + deny /var/lib/dbus/machine-id r, + #deny /sys/** r, + /sys/** r, + + /dev/dri/card0 rw, + /dev/vboxdrv rw, + /dev/vboxdrvu rw, + /dev/sr0 r, + /dev/tty r, + /dev/cpu r, + /run/udev/data/** r, + + @{HOME}/.VirtualBox/* rw, + "@{HOME}/VirtualBox VMs/" r, + "@{HOME}/VirtualBox VMs/**" rw, + @{HOME}/.config/VirtualBox/ r, + @{HOME}/.config/VirtualBox/** rwkl, + + /mnt/virtual/wolfi/Progs/virtualbox/ rw, + /mnt/virtual/wolfi/Progs/virtualbox/** rw, + /mnt/virtual/wolfi/Downloads/ rw, + /mnt/virtual/wolfi/Downloads/** rw, + @{HOME}/ r, + ## The .iso, .ova. or .ovf files should be there + @{HOME}/Downloads/ r, + @{HOME}/Downloads/** r, + @{HOME}/MA/code/ rw, + @{HOME}/MA/code/** rw, + + ## Shared folders. Replace with your own host share. + @{HOME}/share/ r, + @{HOME}/share/** rw, + + ## Should be in abstractions/audio? ## + /usr/bin/pulseaudio rix, + /usr/lib/pulse-2.0/** mrix, + ###################################### + + /usr/lib/virtualbox/** mrix, + /bin/dash rix, + + /usr/share/virtualbox/nls/* r, + /usr/share/icons/hicolor/index.theme rwk, # ?? +} + |