Context Navigation

i2p @ d1b2a4e

Visit:

Last change on this file since d1b2a4e was d1b2a4e, checked in by zzz <zzz@…>, 2 years ago
apparmor update
Property mode set to `100644`
File size: 4.5 KB

Line
1	# Last Modified: Sun Dec 06 12:30:32 2015
2	# vim:syntax=apparmor et ts=4 sw=4
3
4	#include <abstractions/base>
5	#include <abstractions/fonts>
6	#include <abstractions/nameservice>
7	#include <abstractions/ssl_certs>
8
9	network inet stream,
10	network inet dgram,
11	network inet6 stream,
12	network inet6 dgram,
13
14	# Needed by Java
15	@{PROC} r,
16	owner @{PROC}/[0-9]*/ r,
17	owner @{PROC}/[0-9]*/status r,
18	@{PROC}/[0-9]*/net/ipv6_route r,
19	@{PROC}/[0-9]*/net/if_inet6 r,
20	/sys/devices/system/cpu/ r,
21	/sys/devices/system/cpu/** r,
22
23	/etc/ssl/certs/java/** r,
24	/etc/timezone r,
25	/usr/share/javazi/** r,
26
27	/etc/java--openjdk/* r,
28	/usr/lib/jvm/default-java/jre/bin/java rix,
29	/usr/lib/jvm/java--openjdk-/jre/bin/java rix,
30	/usr/lib/jvm/java--openjdk-/jre/bin/keytool rix,
31
32	# Oracle Java is needed on the Raspberry Pi and is included in Raspbian's repositories
33	/usr/lib/jvm/jdk--oracle-/jre/bin/java rix,
34	/usr/lib/jvm/jdk--oracle-/jre/bin/keytool rix,
35
36	# */client/classes.jsa is only found (and needed) in 32-bit JVMs.
37	/usr/lib/jvm/java--openjdk-/jre/lib/i386/client/classes.jsa m,
38	/usr/lib/jvm/java--oracle-/jre/lib/i386/client/classes.jsa m,
39
40	# needed for I2P's graphs
41	/usr/share/java/java-atk-wrapper.jar r,
42
43	# I2P specific
44	/usr/share/i2p/** r,
45
46	# Used by some plugins
47	/usr/share/java/eclipse-ecj-*.jar r,
48
49	# Tanuki java wrapper
50	/etc/i2p/wrapper.config r,
51	/usr/sbin/wrapper rix,
52	/usr/share/java/wrapper*.jar r,
53
54	# Dependent packages
55	/usr/share/java/libintl.jar r,
56	/usr/share/java/glassfish-appserv-jstl.jar r,
57	/usr/share/maven-repo/jstl/jstl/1.2/jstl-1.2.jar r,
58	/usr/share/java/gnu-getopt.jar r,
59	/usr/share/java/gnu-getopt-*.jar r,
60	/usr/share/java/jetty9-*.jar r,
61	/usr/share/java/jsp-api-*.jar r,
62	/usr/share/java/servlet-api-*.jar r,
63	/usr/share/java/standard.jar r,
64	/usr/share/java/standard-*.jar r,
65	/usr/share/java/tomcat8-*.jar r,
66	/usr/share/java/taglibs-standard-*.jar r,
67	/usr/share/flags/countries/16x11/* r,
68
69	# GeoIP data
70	/usr/share/GeoIP/* r,
71
72	# Other /proc
73	@{PROC}/cpuinfo r,
74	@{PROC}/net/if_inet6 r,
75
76	# 'm' is needed by the I2P-Bote plugin
77	/{,lib/live/mount/overlay/}tmp/ rwm,
78	owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/ rwk,
79	owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/** rw,
80	owner /{,lib/live/mount/overlay/}tmp/wrapper* rwk,
81	owner /{,lib/live/mount/overlay/}tmp/wrapper/* rw,
82	# Scrypt used by I2P-Bote
83	owner /{,lib/live/mount/overlay/}tmp/scrypt* rwk,
84	owner /{,lib/live/mount/overlay/}tmp/scrypt/* rw,
85
86	# temp dir (service)
87	owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/ rwm,
88	owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/** rwkm,
89	# temp dir (non-service)
90	owner /{,lib/live/mount/overlay/}tmp/i2p-*.tmp/ rwm,
91	owner /{,lib/live/mount/overlay/}tmp/i2p-.tmp/* rwkm,
92
93	# /graphs in the router console
94	owner /{,lib/live/mount/overlay/}tmp/imageio[0-9]*.tmp rwk,
95
96	# Prevent spamming the logs
97	deny /dev/tty rw,
98	deny /{,lib/live/mount/overlay/}var/tmp/ r,
99	deny @{PROC}/[0-9]*/fd/ r,
100	deny /usr/sbin/ r,
101	deny /var/cache/fontconfig/ wk,
102
103	# Some versions of the Tanuki wrapper package will try to load these jars but
104	# they are not needed by I2P. The deny rule here will prevent the logs from
105	# being spammed.
106	deny /usr/share/java/hamcrest*.jar r,
107	deny /usr/share/java/junit*.jar r,

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format