# HOWTO:# $ sudo aa-genprof /usr/bin/skype# $ sudo service apparmor restart

1. # HOWTO:
2. # $ sudo aa-genprof /usr/bin/skype
3. # $ sudo service apparmor restart
4. # $ sudo aa-enforce skype
5. # then monitor syslog and add more, if required
6.  
7. # INFO: man 5 apparmor.d
8. # Access modes:
9. # r - read
10. # w - write
11. # m -- allow PROT_EXEC with mmap()
12. # l -- link
13. # k -- lock
14. # *x -- different ways to execute. Best: ix
15.  
16. #include <tunables/global>
17.  
18. /usr/bin/skype {
19. #include <abstractions/audio>
20. #include <abstractions/base>
21. #include <abstractions/kde>
22. #include <abstractions/nameservice>
23. #include <abstractions/fonts>
24. #include <abstractions/video>
25. #include <abstractions/dbus>
26. #include <abstractions/nvidia>
27. #include <abstractions/X>
28.  
29. # System
30. /proc/sys/kernel/** r,
31. @{PROC}/@{pid}/** r,
32. /dev/ r,
33. /dev/video* rw,
34.  
35. /sys/devices/system/cpu/ r,
36. /sys/devices/system/cpu/** r,
37.  
38. # Executables
39. /usr/bin/skype mr,
40. /usr/bin/pulseaudio rmix,
41.  
42. # Root
43. /etc/xdg/Trolltech.conf rk,
44. /usr/share/** rk,
45. /var/cache/fontconfig/** rwk,
46.  
47. # Home
48. owner @{HOME}/.Skype/ rwk,
49. owner @{HOME}/.Skype/** rwk,
50. owner @{HOME}/.config/Skype/** rwk,
51. owner @{HOME}/.kde/share/config/kioslaverc r,
52. owner @{HOME}/.kde{,4}/share/config/kdeglobals rl,
53.  
54. # Uploads to /tmp/tmp/
55. /tmp/tmp/** rwk,
56. }