From 72abe1f66f9a9115717999de2bdff1017f897693 Mon Sep 17 00:00:00 2001
From: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Date: Sat, 17 Oct 2015 15:02:48 +0200
Subject: init with apparmor profiles for Virtualbox, Chromium and Iceweasel

---
 apparmor-profiles/usr.bin.VBox | 69 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 apparmor-profiles/usr.bin.VBox

(limited to 'apparmor-profiles/usr.bin.VBox')

diff --git a/apparmor-profiles/usr.bin.VBox b/apparmor-profiles/usr.bin.VBox
new file mode 100644
index 0000000..68ac718
--- /dev/null
+++ b/apparmor-profiles/usr.bin.VBox
@@ -0,0 +1,69 @@
+#https://raw.githubusercontent.com/Whonix/apparmor-profile-virtualbox/master/etc/apparmor.d/usr.lib.virtualbox.VirtualBox
+# Last Modified: Sat May 24 04:32:08 2014
+#include <tunables/global>
+
+/usr/lib/virtualbox/VirtualBox {
+    #include <abstractions/base>
+    #include <abstractions/gnome>
+    #include <abstractions/kde>
+    #include <abstractions/fonts>
+    #include <abstractions/audio>
+    #include <abstractions/user-download>
+
+    capability net_raw,
+    capability sys_ptrace,
+
+    deny /etc/nsswitch.conf r,
+    deny /etc/passwd r,
+    #deny /etc/resolv.conf r,
+    deny /etc/fstab r,
+    deny /etc/drirc r,
+    deny /etc/udev/udev.conf r,
+    #deny @{PROC}/** r,
+    @{PROC}/ r,
+    @{PROC}/** r,
+    deny /var/lib/dbus/machine-id r,
+    #deny /sys/** r,
+    /sys/** r,
+
+    /dev/dri/card0 rw,
+    /dev/vboxdrv rw,
+    /dev/vboxdrvu rw,
+    /dev/sr0 r,
+    /dev/tty r,
+    /dev/cpu r,
+    /run/udev/data/** r,
+
+    @{HOME}/.VirtualBox/* rw,
+    "@{HOME}/VirtualBox VMs/" r,
+    "@{HOME}/VirtualBox VMs/**" rw,
+    @{HOME}/.config/VirtualBox/ r,
+    @{HOME}/.config/VirtualBox/** rwkl,
+
+    /mnt/virtual/wolfi/Progs/virtualbox/ rw,
+    /mnt/virtual/wolfi/Progs/virtualbox/** rw,
+    /mnt/virtual/wolfi/Downloads/ rw,
+    /mnt/virtual/wolfi/Downloads/** rw,
+    @{HOME}/ r,
+    ## The .iso, .ova. or .ovf files should be there
+    @{HOME}/Downloads/ r,
+    @{HOME}/Downloads/** r,
+    @{HOME}/MA/code/ rw,
+    @{HOME}/MA/code/** rw,
+
+    ## Shared folders. Replace with your own host share.
+    @{HOME}/share/ r,
+    @{HOME}/share/** rw,
+
+    ## Should be in abstractions/audio? ##
+    /usr/bin/pulseaudio rix,
+    /usr/lib/pulse-2.0/** mrix,
+    ######################################
+
+    /usr/lib/virtualbox/** mrix,
+    /bin/dash rix,
+
+    /usr/share/virtualbox/nls/* r,
+    /usr/share/icons/hicolor/index.theme rwk, # ??
+}
+
-- 
cgit v1.1