logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

usr.bin.gpg (1403B)

    

  1. # Copyright 2020 Haelwenn (lanodan) Monnier <contact+apparmor.d@hacktivis.me>
  2. # Distributed under the terms of the GNU General Public License v2
  4. #include <tunables/global>
  6. profile /usr/bin/gpg{,2} flags=(complain) {
  7. 	#include <abstractions/base>
  8. 	#include <abstractions/consoles>
  10. 	/{,**} rw,
  12. 	/usr/bin/gpg{,2} mr,
  13. 	/dev/tty rw,
  15. 	/usr/bin/gpg-agent mrix,
  16. 	/usr/libexec/scdaemon mrcx,
  17. 	/usr/bin/pinentry-qt mrcx,
  19. 	@{HOME}/.gnupg/{,**} mrwkl,
  21. 	audit deny @{HOME}/.ssh/{,**} mrwkl,
  22. 	audit deny @{HOME}/.mozilla/{,**} mrwkl,
  23. 	audit deny @{HOME}/.config/{,**} mrwkl,
  24. 	audit deny @{HOME}/.mutt** mrwkl,
  25. 	audit deny @{HOME}/.viminfo** mrwkl,
  27. 	signal receive peer=/usr/bin/gpg{,2}///usr/libexec/scdaemon,
  29. 	network,
  31. 	profile /usr/libexec/scdaemon {
  32. 		#include <abstractions/base>
  34. 		/usr/libexec/scdaemon mr,
  36. 		@{HOME}/.gnupg/S.scdaemon mrwk,
  37. 		@{HOME}/.gnupg/reader_*.status mrwk,
  39. 		signal send peer=/usr/bin/gpg{,2},
  41. 		@{PROC}/@{pid}/task/** rw,
  42. 		@{PROC}/@{pid}/mountinfo rw,
  44. 		/dev/ r,
  45. 		/dev/bus/usb/{,**} rw,
  46. 		/sys/bus/ r,
  47. 		/sys/bus/usb/{,**} rw,
  48. 		/sys/devices/{,**} r,
  49. 		/etc/udev/udev.conf r,
  50. 		/run/udev/data/** r,
  51. 		/sys/class/ r,
  52. 	}
  54. 	profile /usr/bin/pinentry-qt {
  55. 		#include <abstractions/base>
  56. 		#include <abstractions/X>
  57. 		#include <abstractions/wayland>
  58. 		#include <abstractions/fonts>
  59. 		#include <abstractions/mesa>
  60. 		#include <abstractions/qt5>
  62. 		/usr/bin/pinentry-qt mr,
  63. 	}
  64. }