shell (806B)
- # Copyright 2020 Haelwenn (lanodan) Monnier <contact+apparmor.d@hacktivis.me>
- # Distributed under the terms of the GNU General Public License v2
- #include <tunables/global>
- profile shell /{,usr/}bin/*sh flags=(complain) {
- / rwlk,
- /** rwlkmpux,
- audit deny network,
- audit deny @{HOME}/.gnupg/{,**} mrwkl,
- audit deny @{HOME}/.ssh/{,**} mrwkl,
- audit deny @{HOME}/.mozilla/{,**} mrwkl,
- audit deny @{HOME}/.config/{,**} mrwkl,
- audit deny @{HOME}/.mutt** mrwkl,
- audit deny @{HOME}/.viminfo** mrwkl,
- allow @{HOME}/.ssh/agent.pid r,
- allow @{HOME}/.*shrc rwlkmpux,
- allow @{HOME}/.*profile rwlkmpux,
- allow @{HOME}/.*log{in,out} rwlkmpux,
- allow @{HOME}/.*history rwlkmpux,
- # bash
- allow @{HOME}/.inputrc mrk,
- allow @{HOME}/.bash* mrk,
- # zsh
- allow @{HOME}/.zshenv rwlkmpux,
- signal receive,
- }