1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#https://raw.githubusercontent.com/Whonix/apparmor-profile-virtualbox/master/etc/apparmor.d/usr.lib.virtualbox.VirtualBox
# Last Modified: Sat May 24 04:32:08 2014
#include <tunables/global>
/usr/lib/virtualbox/VirtualBox {
#include <abstractions/base>
#include <abstractions/gnome>
#include <abstractions/kde>
#include <abstractions/fonts>
#include <abstractions/audio>
#include <abstractions/user-download>
capability net_raw,
capability sys_ptrace,
deny /etc/nsswitch.conf r,
deny /etc/passwd r,
#deny /etc/resolv.conf r,
deny /etc/fstab r,
deny /etc/drirc r,
deny /etc/udev/udev.conf r,
#deny @{PROC}/** r,
@{PROC}/ r,
@{PROC}/** r,
deny /var/lib/dbus/machine-id r,
#deny /sys/** r,
/sys/** r,
/dev/dri/card0 rw,
/dev/vboxdrv rw,
/dev/vboxdrvu rw,
/dev/sr0 r,
/dev/tty r,
/dev/cpu r,
/run/udev/data/** r,
@{HOME}/.VirtualBox/* rw,
"@{HOME}/VirtualBox VMs/" r,
"@{HOME}/VirtualBox VMs/**" rw,
@{HOME}/.config/VirtualBox/ r,
@{HOME}/.config/VirtualBox/** rwkl,
/mnt/virtual/wolfi/Progs/virtualbox/ rw,
/mnt/virtual/wolfi/Progs/virtualbox/** rw,
/mnt/virtual/wolfi/Downloads/ rw,
/mnt/virtual/wolfi/Downloads/** rw,
@{HOME}/ r,
## The .iso, .ova. or .ovf files should be there
@{HOME}/Downloads/ r,
@{HOME}/Downloads/** r,
@{HOME}/MA/code/ rw,
@{HOME}/MA/code/** rw,
## Shared folders. Replace with your own host share.
@{HOME}/share/ r,
@{HOME}/share/** rw,
## Should be in abstractions/audio? ##
/usr/bin/pulseaudio rix,
/usr/lib/pulse-2.0/** mrix,
######################################
/usr/lib/virtualbox/** mrix,
/bin/dash rix,
/usr/share/virtualbox/nls/* r,
/usr/share/icons/hicolor/index.theme rwk, # ??
}
|
