Personal Computer World 2009 February

home *** CD-ROM | disk | FTP | other *** search

/ Personal Computer World 2009 February / PCWFEB09.iso / Software / Linux / Kubuntu 8.10 / kubuntu-8.10-desktop-i386.iso / casper / filesystem.squashfs / etc / apparmor.d / abstractions / base < prev next >

Wrap

Text File | 2008-10-08 | 4KB | 106 lines

# vim:syntax=apparmor # $Id: base 949 2007-08-28 00:49:51Z seth_arnold $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # (Note that the ldd profile has inlined this file; if you make # modifications here, please consider including them in the ldd # profile as well.) # The __canary_death_handler function writes a time-stamped log # message to /dev/log for logging by syslogd. So, /dev/log, timezones, # and localisations of date should be available EVERYWHERE, so # StackGuard, FormatGuard, etc., alerts can be properly logged. /dev/log w, /dev/random r, /dev/urandom r, /etc/locale/** r, /etc/locale.alias r, /etc/localtime r, /usr/share/locale/** r, /usr/share/zoneinfo/** r, /usr/share/X11/locale/** r, /usr/lib64/locale/** mr, /usr/lib32/gconv/*.so mr, /usr/lib32/gconv/gconv-modules* mr, /usr/lib64/gconv/*.so mr, /usr/lib64/gconv/gconv-modules* mr, /usr/lib/locale/** mr, /usr/lib/gconv/*.so mr, /usr/lib/gconv/gconv-modules* mr, # used by glibc when binding to ephemeral ports /etc/bindresvport.blacklist r, # ld.so.cache and ld are used to load shared libraries; they are best # available everywhere /etc/ld.so.cache mr, /lib/ld-*.so mrix, /lib32/ld-*.so mrix, /lib64/ld-*.so mrix, /lib/ld32-*.so mrix, /lib/ld64-*.so mrix, /lib32/ld32-*.so mrix, /lib64/ld64-*.so mrix, /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix, /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix, # we might as well allow everything to use common libraries /lib/lib*.so* mr, /lib32/lib*.so* mr, /lib64/lib*.so* mr, /lib/*/lib*.so* mr, /lib32/*/lib*.so* mr, /lib64/*/lib*.so* mr, /usr/lib/** r, /usr/lib/*.so* mr, /usr/lib/**/lib*.so* mr, /usr/lib32/** r, /usr/lib32/*.so* mr, /usr/lib32/**/lib*.so* mr, /usr/lib64/** r, /usr/lib64/*.so* mr, /usr/lib64/**/lib*.so* mr, /usr/lib/sasl2/*.so* mr, /usr/lib32/sasl2/*.so* mr, /usr/lib64/sasl2/*.so* mr, /lib/tls/i686/{cmov,nosegneg}/lib*.so* mr, # /dev/null is pretty harmless and frequently used /dev/null rw, # as is /dev/zero /dev/zero rw, # recent glibc uses /dev/full in preference to /dev/null for programs # that don't have open fds at exec() /dev/full rw, # Sometimes used to determine kernel/user interfaces to use @{PROC}/sys/kernel/version r, # Depending on which glibc routine uses this file, base may not be the # best place -- but many profiles require it, and it is quite harmless. @{PROC}/sys/kernel/ngroups_max r, # glibc's sysconf(3) routine to determine free memory, etc @{PROC}/meminfo r, @{PROC}/stat r, @{PROC}/cpuinfo r, # some applications will display license information /usr/share/common-licenses/** r,