You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 lines
822 B
Plaintext
28 lines
822 B
Plaintext
# vim:syntax=apparmor
|
|
# Profile for restricting lightdm guest session
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/lib/arm-linux-gnueabihf/lightdm/lightdm-guest-session {
|
|
# Most applications are confined via the main abstraction
|
|
#include <abstractions/lightdm>
|
|
|
|
# chromium-browser needs special confinement due to its sandboxing
|
|
#include <abstractions/lightdm_chromium-browser>
|
|
|
|
# fcitx and friends needs special treatment due to C/S design
|
|
/usr/bin/fcitx ix,
|
|
/tmp/fcitx-socket-* rwl,
|
|
/dev/shm/* rwl,
|
|
/usr/bin/fcitx-qimpanel ix,
|
|
/usr/bin/sogou-qimpanel-watchdog ix,
|
|
/usr/bin/sogou-sys-notify ix,
|
|
/tmp/sogou-qimpanel:* rwl,
|
|
|
|
# Allow ibus
|
|
unix (bind, listen) type=stream addr="@tmp/ibus/*",
|
|
|
|
# mozc_server needs special treatment due to C/S design
|
|
unix (bind, listen) type=stream addr="@tmp/.mozc.*",
|
|
}
|