From 25f6c3d9e1e6ed17f09a92b54e2a2f374d4c787b Mon Sep 17 00:00:00 2001 From: kytv Date: Sat, 13 Jun 2015 15:05:28 +0000 Subject: [PATCH] apparmor: tweaks to TMPDIR rules --- debian/apparmor/i2p | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/debian/apparmor/i2p b/debian/apparmor/i2p index 5d4ad3403d..f0b7b77ef0 100644 --- a/debian/apparmor/i2p +++ b/debian/apparmor/i2p @@ -51,11 +51,16 @@ # 'm' is needed by the I2P-Bote plugin /{,lib/live/mount/overlay/}tmp/ rwm, + owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/ rwk, + owner /{,lib/live/mount/overlay/}tmp/hsperfdata_i2psvc/** rw, + owner /{,lib/live/mount/overlay/}tmp/wrapper[0-9]*.tmp rwk, + owner /{,lib/live/mount/overlay/}tmp/wrapper[0-9]*.tmp/** rw, owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/ rwm, owner /{,lib/live/mount/overlay/}tmp/i2p-daemon/** rwklm, # Prevent spamming the logs deny /dev/tty rw, + deny /{,lib/live/mount/overlay/}var/tmp/ r, deny @{PROC}/[0-9]*/fd/ r, deny /usr/sbin/ r, deny /var/cache/fontconfig/ wk,