marcus67/little_brother

View on GitHub
etc/little-brother.apparmor

Summary

Maintainability
Test Coverage
# Last Modified: Fri Jun 26 22:28:58 2020
#include <tunables/global>

/usr/local/bin/run_little_brother.py {
  #include <abstractions/base>
  #include <abstractions/lightdm>
  #include <abstractions/postfix-common>
  #include <abstractions/python>
  #include <abstractions/ubuntu-konsole>

  capability audit_write,
  capability chown,
  capability dac_override,
  capability dac_read_search,
  capability net_raw,
  capability sys_resource,

  ptrace read peer=/usr/local/bin/run_little_brother.py//null-/usr/bin/ping,
  ptrace read peer=unconfined,

  /proc/*/stat r,
  /var/** mrwk,
  owner /proc/ r,
  owner /proc/*/fd/ r,
  owner /proc/*/limits r,
  owner /proc/filesystems r,
  owner /proc/sys/kernel/ngroups_max r,
  owner /{,var/}run/** mrwk,
}