#https://raw.githubusercontent.com/Whonix/apparmor-profile-virtualbox/master/etc/apparmor.d/usr.lib.virtualbox.VirtualBox
# Last Modified: Sat May 24 04:32:08 2014
#include <tunables/global>

/usr/lib/virtualbox/VirtualBox {
    #include <abstractions/base>
    #include <abstractions/gnome>
    #include <abstractions/kde>
    #include <abstractions/fonts>
    #include <abstractions/audio>
    #include <abstractions/user-download>

    capability net_raw,
    capability sys_ptrace,

    deny /etc/nsswitch.conf r,
    deny /etc/passwd r,
    #deny /etc/resolv.conf r,
    deny /etc/fstab r,
    deny /etc/drirc r,
    deny /etc/udev/udev.conf r,
    #deny @{PROC}/** r,
    @{PROC}/ r,
    @{PROC}/** r,
    deny /var/lib/dbus/machine-id r,
    #deny /sys/** r,
    /sys/** r,

    /dev/dri/card0 rw,
    /dev/vboxdrv rw,
    /dev/vboxdrvu rw,
    /dev/sr0 r,
    /dev/tty r,
    /dev/cpu r,
    /run/udev/data/** r,

    @{HOME}/.VirtualBox/* rw,
    "@{HOME}/VirtualBox VMs/" r,
    "@{HOME}/VirtualBox VMs/**" rw,
    @{HOME}/.config/VirtualBox/ r,
    @{HOME}/.config/VirtualBox/** rwkl,

    /mnt/virtual/wolfi/Progs/virtualbox/ rw,
    /mnt/virtual/wolfi/Progs/virtualbox/** rw,
    /mnt/virtual/wolfi/Downloads/ rw,
    /mnt/virtual/wolfi/Downloads/** rw,
    @{HOME}/ r,
    ## The .iso, .ova. or .ovf files should be there
    @{HOME}/Downloads/ r,
    @{HOME}/Downloads/** r,
    @{HOME}/MA/code/ rw,
    @{HOME}/MA/code/** rw,

    ## Shared folders. Replace with your own host share.
    @{HOME}/share/ r,
    @{HOME}/share/** rw,

    ## Should be in abstractions/audio? ##
    /usr/bin/pulseaudio rix,
    /usr/lib/pulse-2.0/** mrix,
    ######################################

    /usr/lib/virtualbox/** mrix,
    /bin/dash rix,

    /usr/share/virtualbox/nls/* r,
    /usr/share/icons/hicolor/index.theme rwk, # ??
}