# vim:syntax=apparmor
abi <abi/3.0>,
# Allow read to all files user has DAC access to and write access to all
# files owned by the user in $HOME.
@{HOME}/ r,
@{HOME}/** r,
owner @{HOME}/** w,
# Do not allow read and/or write to particularly sensitive/problematic files
include <abstractions/private-files>
audit deny @{HOME}/.ssh/{,**} mrwkl,
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
# Comment this out if using gpg plugin/addons
audit deny @{HOME}/.gnupg/{,**} mrwkl,
# Allow read to all files user has DAC access to and write for files the user
# owns on removable media and filesystems.
/media/** r,
/mnt/** r,
/srv/** r,
/net/** r,
owner /media/** w,
owner /mnt/** w,
owner /srv/** w,
owner /net/** w,
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| chromium-browser | File | 1018 B | 0644 |
|
| java | File | 3.8 KB | 0644 |
|
| kde | File | 265 B | 0644 |
|
| mailto | File | 339 B | 0644 |
|
| multimedia | File | 1.38 KB | 0644 |
|
| plugins-common | File | 351 B | 0644 |
|
| productivity | File | 894 B | 0644 |
|
| text-editors | File | 672 B | 0644 |
|
| ubuntu-integration | File | 1.11 KB | 0644 |
|
| ubuntu-integration-xul | File | 185 B | 0644 |
|
| user-files | File | 935 B | 0644 |
|