madaidan
4 years ago
parent
8776fc15ba
commit
7f1644813c
@ -0,0 +1,89 @@
|
||||
# Git will most likely not work with this and I do not intend to add it as I have no use for it and it will just add a larger attack surface.
|
||||
|
||||
#include <tunables/global>
|
||||
|
||||
/usr/bin/atom {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/bash>
|
||||
#include <abstractions/gnome>
|
||||
#include <abstractions/mesa>
|
||||
#include <abstractions/ubuntu-browsers.d/plugins-common>
|
||||
#include <abstractions/enchant>
|
||||
|
||||
# Enable this to enable network access.
|
||||
# #include <abstractions/nameservice>
|
||||
|
||||
/etc/passwd r,
|
||||
|
||||
signal send set=term peer=/usr/bin/atom//null-/usr/lib/electron/electron,
|
||||
|
||||
ptrace read peer=/usr/bin/atom//null-/usr/lib/electron/electron,
|
||||
|
||||
/etc/ca-certificates/trust-source/ r,
|
||||
/etc/ca-certificates/trust-source/anchors/ r,
|
||||
/etc/ca-certificates/trust-source/blacklist/ r,
|
||||
/sys/bus/pci/devices/ r,
|
||||
|
||||
/sys/devices/system/cpu/ r,
|
||||
/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq r,
|
||||
/sys/devices/system/cpu/online r,
|
||||
/sys/devices/virtual/tty/tty0/active r,
|
||||
/usr/bin/atom r,
|
||||
/usr/bin/cat ix,
|
||||
/usr/bin/mkdir ix,
|
||||
/usr/bin/nohup ix,
|
||||
|
||||
/usr/lib/atom/ rw,
|
||||
/usr/lib/atom/* rw,
|
||||
/usr/lib/atom/atom ix,
|
||||
/usr/lib/atom/benchmarks/benchmark-runner.js rw,
|
||||
/usr/lib/atom/dot-atom/* rw,
|
||||
/usr/lib/atom/exports/* rw,
|
||||
/usr/lib/atom/less-compile-cache/*/content/* rw,
|
||||
/usr/lib/atom/less-compile-cache/*/imports.json rw,
|
||||
/usr/lib/atom/node_modules/** rw,
|
||||
/usr/lib/atom/node_modules/*/** rw,
|
||||
/usr/lib/atom/resources/* rw,
|
||||
/usr/lib/atom/spec/* rw,
|
||||
/usr/lib/atom/src/** rw,
|
||||
/usr/lib/atom/static/** rw,
|
||||
/usr/lib/atom/static/atom-ui/* rw,
|
||||
/usr/lib/atom/static/atom-ui/styles/** rw,
|
||||
/usr/lib/atom/static/core-ui/* rw,
|
||||
/usr/lib/atom/vendor/* rw,
|
||||
|
||||
owner @{HOME}/.atom/ r,
|
||||
owner @{HOME}/.atom/** rw,
|
||||
owner @{HOME}/.atom/compile-cache/js/babel/*/*.js rw,
|
||||
owner @{HOME}/.atom/compile-cache/less/** rw,
|
||||
owner @{HOME}/.atom/compile-cache/style-manager/* rw,
|
||||
|
||||
owner @{HOME}/.config/Atom/ r,
|
||||
owner @{HOME}/.config/Atom/** rw,
|
||||
owner @{HOME}/.config/Atom/IndexedDB/*/LOCK k,
|
||||
owner @{HOME}/.config/Atom/QuotaManager k,
|
||||
owner @{HOME}/.config/Atom/databases/Databases.db k,
|
||||
owner "@{HOME}/.config/Atom/Local Storage/leveldb/LOCK" k,
|
||||
|
||||
/usr/lib/electron/electron mrix,
|
||||
/usr/share/gtk-3.0/settings.ini r,
|
||||
|
||||
|
||||
@{PROC}/self/comm r,
|
||||
owner /dev/shm/.org.chromium.Chromium.* rw,
|
||||
|
||||
owner @{HOME}/.config/Electron/ w,
|
||||
|
||||
owner /usr/share/fonts/** rw,
|
||||
owner @{PROC}/@{pid}/comm w,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/oom_score_adj w,
|
||||
owner @{PROC}/@{pid}/status r,
|
||||
owner @{PROC}/@{pid}/task/ r,
|
||||
owner @{PROC}/@{pid}/task/*/status r,
|
||||
@{PROC} r,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
@{PROC}/cpuinfo r,
|
||||
@{PROC}/vmstat r,
|
||||
|
||||
}
|
||||
Loading…
Reference in new issue