Gecko [ www.jdcpatala.org ]

Name	Size	Permission
apparmor_api	[ DIR ]	drwxr-xr-x
ubuntu-browsers.d	[ DIR ]	drwxr-xr-x
X	1.86 KB	-rw-r--r--
apache2-common	869 B	-rw-r--r--
aspell	308 B	-rw-r--r--
audio	1.72 KB	-rw-r--r--
authentication	1.55 KB	-rw-r--r--
base	6.21 KB	-rw-r--r--
bash	1.48 KB	-rw-r--r--
consoles	798 B	-rw-r--r--
cups-client	714 B	-rw-r--r--
dbus	593 B	-rw-r--r--
dbus-accessibility	630 B	-rw-r--r--
dbus-accessibility-strict	637 B	-rw-r--r--
dbus-session	638 B	-rw-r--r--
dbus-session-strict	919 B	-rw-r--r--
dbus-strict	677 B	-rw-r--r--
dconf	246 B	-rw-r--r--
dovecot-common	572 B	-rw-r--r--
enchant	1.96 KB	-rw-r--r--
fcitx	456 B	-rw-r--r--
fcitx-strict	712 B	-rw-r--r--
fonts	1.93 KB	-rw-r--r--
freedesktop.org	2.37 KB	-rw-r--r--
gnome	3.3 KB	-rw-r--r--
gnupg	356 B	-rw-r--r--
ibus	640 B	-rw-r--r--
kde	2.01 KB	-rw-r--r--
kerberosclient	1.08 KB	-rw-r--r--
launchpad-integration	824 B	-rw-r--r--
ldapclient	686 B	-rw-r--r--
libpam-systemd	659 B	-rw-r--r--
likewise	489 B	-rw-r--r--
mdns	436 B	-rw-r--r--
mir	593 B	-rw-r--r--
mozc	471 B	-rw-r--r--
mysql	641 B	-rw-r--r--
nameservice	3.75 KB	-rw-r--r--
nis	524 B	-rw-r--r--
nvidia	519 B	-rw-r--r--
openssl	470 B	-rw-r--r--
orbit2	93 B	-rw-r--r--
p11-kit	899 B	-rw-r--r--
perl	872 B	-rw-r--r--
php	974 B	-rw-r--r--
php5	105 B	-rw-r--r--
postfix-common	1.08 KB	-rw-r--r--
private-files	1.48 KB	-rw-r--r--
private-files-strict	1006 B	-rw-r--r--
python	1.5 KB	-rw-r--r--
ruby	906 B	-rw-r--r--
samba	834 B	-rw-r--r--
smbpass	476 B	-rw-r--r--
ssl_certs	924 B	-rw-r--r--
ssl_keys	650 B	-rw-r--r--
svn-repositories	1.61 KB	-rw-r--r--
ubuntu-bittorrent-clients	698 B	-rw-r--r--
ubuntu-browsers	1.62 KB	-rw-r--r--
ubuntu-console-browsers	611 B	-rw-r--r--
ubuntu-console-email	601 B	-rw-r--r--
ubuntu-email	902 B	-rw-r--r--
ubuntu-feed-readers	339 B	-rw-r--r--
ubuntu-gnome-terminal	182 B	-rw-r--r--
ubuntu-helpers	3.35 KB	-rw-r--r--
ubuntu-konsole	343 B	-rw-r--r--
ubuntu-media-players	2.18 KB	-rw-r--r--
ubuntu-unity7-base	2.39 KB	-rw-r--r--
ubuntu-unity7-launcher	191 B	-rw-r--r--
ubuntu-unity7-messaging	192 B	-rw-r--r--
ubuntu-xterm	237 B	-rw-r--r--
user-download	876 B	-rw-r--r--
user-mail	837 B	-rw-r--r--
user-manpages	889 B	-rw-r--r--
user-tmp	654 B	-rw-r--r--
user-write	864 B	-rw-r--r--
video	123 B	-rw-r--r--
wayland	580 B	-rw-r--r--
web-data	705 B	-rw-r--r--
winbind	739 B	-rw-r--r--
wutmp	585 B	-rw-r--r--
xad	883 B	-rw-r--r--
xdg-desktop	673 B	-rw-r--r--

Code Editor : ubuntu-helpers

# Lenient profile that is intended to be used when 'Ux' is desired but
# does not provide enough environment sanitizing. This effectively is an
# open profile that blacklists certain known dangerous files and also
# does not allow any capabilities. For example, it will not allow 'm' on files
# owned be the user invoking the program. While this provides some additional
# protection, please use with care as applications running under this profile
# are effectively running without any AppArmor protection. Use this profile
# only if the process absolutely must be run (effectively) unconfined.
#
# Usage:
# Because this abstraction defines the sanitized_helper profile, it must only
# be #included once. Therefore this abstraction should typically not be
# included in other abstractions so as to avoid parser errors regarding
# multiple definitions.
#
# Limitations:
# 1. This does not work for root owned processes, because of the way we use
#    owner matching in the sanitized helper. We could do a better job with
#    this to support root, but it would make the policy harder to understand
#    and going unconfined as root is not desirable any way.
#
# 2. For this sanitized_helper to work, the program running in the sanitized
#    environment must open symlinks directly in order for AppArmor to mediate
#    it. This is confirmed to work with:
#     - compiled code which can load shared libraries
#     - python imports
#    It is known not to work with:
#     - perl includes
# 3. Sanitizing ruby and java
#
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.

profile sanitized_helper {
  #include <abstractions/base>
  #include <abstractions/X>

# Allow all networking
  network inet,
  network inet6,

# Allow all DBus communications
  #include <abstractions/dbus-session-strict>
  #include <abstractions/dbus-strict>
  dbus,

# Needed for Google Chrome
  ptrace (trace) peer=**//sanitized_helper,

# Allow exec of anything, but under this profile. Allow transition
  # to other profiles if they exist.
  /{usr/,}bin/* Pixr,
  /{usr/,}sbin/* Pixr,
  /usr/local/bin/* Pixr,

# Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
  /usr/{,local/}lib*/{,**/}* Pixr,

# Allow exec of software-center scripts. We may need to allow wider
  # permissions for /usr/share, but for now just do this. (LP: #972367)
  /usr/share/software-center/* Pixr,

# Allow exec of texlive font build scripts (LP: #1010909)
  /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,

# While the chromium and chrome sandboxes are setuid root, they only link
  # in limited libraries so glibc's secure execution should be enough to not
  # require the santized_helper (ie, LD_PRELOAD will only use standard system
  # paths (man ld.so)).
  /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
  /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m,

# Full access
  / r,
  /** rwkl,
  /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,

# Dangerous files
  audit deny owner /**/* m,              # compiled libraries
  audit deny owner /**/*.py* r,          # python imports
}

${this.title}

Code Editor : ubuntu-helpers