apparmor: tweaks to TMPDIR rules

2015-06-13 15:05:28 +00:00
parent c666f8a4f9
commit 25f6c3d9e1
1 changed files with 5 additions and 0 deletions
--- a/debian/apparmor/i2p
+++ b/debian/apparmor/i2p
@ -51,11 +51,16 @@

  # 'm' is needed by the I2P-Bote plugin
  /{,lib/live/mount/overlay/}tmp/                         rwm,
+  owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/ rwk,
+  owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/** rw,
+  owner /{,lib/live/mount/overlay/}tmp/wrapper[0-9]*.tmp   rwk,
+  owner /{,lib/live/mount/overlay/}tmp/wrapper[0-9]*.tmp/** rw,
  owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/        rwm,
  owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/**      rwklm,

  # Prevent spamming the logs
  deny /dev/tty                                           rw,
+  deny /{,lib/live/mount/overlay/}var/tmp/                r,
  deny @{PROC}/[0-9]*/fd/                                 r,
  deny /usr/sbin/                                         r,
  deny /var/cache/fontconfig/                             wk,