You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
89 lines
2.6 KiB
89 lines
2.6 KiB
# Git will most likely not work with this and I do not intend to add it as I have no use for it and it will just add a larger attack surface.
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/bin/atom {
|
|
#include <abstractions/base>
|
|
#include <abstractions/bash>
|
|
#include <abstractions/gnome>
|
|
#include <abstractions/mesa>
|
|
#include <abstractions/ubuntu-browsers.d/plugins-common>
|
|
#include <abstractions/enchant>
|
|
|
|
# Enable this to enable network access.
|
|
# #include <abstractions/nameservice>
|
|
|
|
/etc/passwd r,
|
|
|
|
signal send set=term peer=/usr/bin/atom//null-/usr/lib/electron/electron,
|
|
|
|
ptrace read peer=/usr/bin/atom//null-/usr/lib/electron/electron,
|
|
|
|
/etc/ca-certificates/trust-source/ r,
|
|
/etc/ca-certificates/trust-source/anchors/ r,
|
|
/etc/ca-certificates/trust-source/blacklist/ r,
|
|
/sys/bus/pci/devices/ r,
|
|
|
|
/sys/devices/system/cpu/ r,
|
|
/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq r,
|
|
/sys/devices/system/cpu/online r,
|
|
/sys/devices/virtual/tty/tty0/active r,
|
|
/usr/bin/atom r,
|
|
/usr/bin/cat ix,
|
|
/usr/bin/mkdir ix,
|
|
/usr/bin/nohup ix,
|
|
|
|
/usr/lib/atom/ rw,
|
|
/usr/lib/atom/* rw,
|
|
/usr/lib/atom/atom ix,
|
|
/usr/lib/atom/benchmarks/benchmark-runner.js rw,
|
|
/usr/lib/atom/dot-atom/* rw,
|
|
/usr/lib/atom/exports/* rw,
|
|
/usr/lib/atom/less-compile-cache/*/content/* rw,
|
|
/usr/lib/atom/less-compile-cache/*/imports.json rw,
|
|
/usr/lib/atom/node_modules/** rw,
|
|
/usr/lib/atom/node_modules/*/** rw,
|
|
/usr/lib/atom/resources/* rw,
|
|
/usr/lib/atom/spec/* rw,
|
|
/usr/lib/atom/src/** rw,
|
|
/usr/lib/atom/static/** rw,
|
|
/usr/lib/atom/static/atom-ui/* rw,
|
|
/usr/lib/atom/static/atom-ui/styles/** rw,
|
|
/usr/lib/atom/static/core-ui/* rw,
|
|
/usr/lib/atom/vendor/* rw,
|
|
|
|
owner @{HOME}/.atom/ r,
|
|
owner @{HOME}/.atom/** rw,
|
|
owner @{HOME}/.atom/compile-cache/js/babel/*/*.js rw,
|
|
owner @{HOME}/.atom/compile-cache/less/** rw,
|
|
owner @{HOME}/.atom/compile-cache/style-manager/* rw,
|
|
|
|
owner @{HOME}/.config/Atom/ r,
|
|
owner @{HOME}/.config/Atom/** rw,
|
|
owner @{HOME}/.config/Atom/IndexedDB/*/LOCK k,
|
|
owner @{HOME}/.config/Atom/QuotaManager k,
|
|
owner @{HOME}/.config/Atom/databases/Databases.db k,
|
|
owner "@{HOME}/.config/Atom/Local Storage/leveldb/LOCK" k,
|
|
|
|
/usr/lib/electron/electron mrix,
|
|
/usr/share/gtk-3.0/settings.ini r,
|
|
|
|
|
|
@{PROC}/self/comm r,
|
|
owner /dev/shm/.org.chromium.Chromium.* rw,
|
|
|
|
owner @{HOME}/.config/Electron/ w,
|
|
|
|
owner /usr/share/fonts/** rw,
|
|
owner @{PROC}/@{pid}/comm w,
|
|
owner @{PROC}/@{pid}/fd/ r,
|
|
owner @{PROC}/@{pid}/oom_score_adj w,
|
|
owner @{PROC}/@{pid}/status r,
|
|
owner @{PROC}/@{pid}/task/ r,
|
|
owner @{PROC}/@{pid}/task/*/status r,
|
|
@{PROC} r,
|
|
@{PROC}/@{pid}/stat r,
|
|
@{PROC}/cpuinfo r,
|
|
@{PROC}/vmstat r,
|
|
|
|
} |