Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. # Last Modified: Thu Apr 24 00:12:28 2014
  2. #include <tunables/global>
  3.  
  4. /usr/lib/iceweasel/iceweasel {
  5. #include <abstractions/audio>
  6. #include <abstractions/base>
  7. #include <abstractions/cups-client>
  8. #include <abstractions/dbus-session>
  9. #include <abstractions/fonts>
  10. #include <abstractions/freedesktop.org>
  11. #include <abstractions/gnome>
  12. #include <abstractions/nameservice>
  13. #include <abstractions/nvidia>
  14. #include <abstractions/ubuntu-browsers.d/chromium-browser>
  15. #include <abstractions/ubuntu-browsers>
  16. #include <abstractions/ubuntu-konsole>
  17. #include <abstractions/user-tmp>
  18.  
  19. capability sys_admin,
  20. capability sys_ptrace,
  21.  
  22.  
  23.  
  24. /bin/cat rix,
  25. /bin/kmod rix,
  26. /bin/ps rix,
  27. /bin/rm rix,
  28. /bin/uname rix,
  29. /dev/ r,
  30. /dev/nvidiactl rw,
  31. /etc/dconf/db/local r,
  32. /etc/dconf/profile/user r,
  33. /etc/iceweasel/** r,
  34. /etc/mailcap r,
  35. /etc/mime.types r,
  36. /etc/udev/udev.conf r,
  37. /etc/vdpau_wrapper.cfg r,
  38. /etc/xul-ext/** r,
  39. /etc/ssl/openssl.cnf r,
  40. /usr/lib/ssl/openssl.cnf r,
  41. /proc/ r,
  42. /proc/*/cmdline r,
  43. /proc/*/mountinfo r,
  44. /proc/*/stat r,
  45. /proc/*/status r,
  46. /proc/*/task/*/stat r,
  47. /proc/cmdline r,
  48. /proc/driver/nvidia/params r,
  49. /proc/modules r,
  50. /proc/sys/kernel/pid_max r,
  51. /proc/tty/drivers r,
  52. /proc/uptime r,
  53. owner @{HOME}/.adobe/ rw,
  54. owner @{HOME}/.adobe/** rw,
  55. owner @{HOME}/.cache/mozilla/firefox/** rw,
  56. owner @{HOME}/.macromedia/ rw,
  57. owner @{HOME}/.macromedia/** rw,
  58. owner @{HOME}/.mozilla/firefox/** rk,
  59. owner @{HOME}/.nv/GLCache/** k,
  60.  
  61. owner @{HOME}/{.macromedia,.adobe}/ rwk,
  62. owner @{HOME}/{.macromedia,.adobe}/Flash_Player/ rwk,
  63. owner @{HOME}/{.macromedia,.adobe}/Flash_Player/** rwk,
  64.  
  65. /sys/devices/system/cpu/ r,
  66. /sys/devices/system/cpu/present r,
  67. /sys/devices/virtual/block/dm-1/uevent r,
  68. /sys/module/nls_utf8/refcnt r,
  69. /sys/module/vboxdrv/holders/ r,
  70. /sys/module/vboxdrv/refcnt r,
  71. /sys/module/vboxnetadp/holders/ r,
  72. /sys/module/vboxnetadp/refcnt r,
  73. /sys/module/vboxnetflt/holders/ r,
  74. /sys/module/vboxnetflt/refcnt r,
  75. /sys/module/vboxpci/holders/ r,
  76. /sys/module/vboxpci/refcnt r,
  77. owner /tmp/** lk,
  78. /tmp/** mrw,
  79. /usr/bin/VBox rix,
  80. /usr/bin/basename rix,
  81. /usr/bin/mawk rix,
  82. /usr/bin/whoami rix,
  83. /usr/lib/iceweasel/iceweasel mr,
  84. /usr/lib/iceweasel/xulrunner/** mr,
  85. /usr/lib/xulrunner-*/** rm,
  86. /usr/lib/iceweasel/plugin-container rix,
  87. /usr/share/applications/defaults.list r,
  88. /usr/share/glib-2.0/schemas/gschemas.compiled r,
  89. /usr/share/gnome/applications/display.im6.desktop r,
  90. /usr/share/hunspell/ r,
  91. /usr/share/hunspell/** r,
  92. /usr/share/iceweasel/browser/ r,
  93. /usr/share/iceweasel/browser/** r,
  94. /usr/share/kali-defaults/ r,
  95. /usr/share/kali-defaults/** r,
  96. /usr/share/libthai/** r,
  97. /usr/share/mime/ r,
  98. /usr/share/mozilla/extensions/ r,
  99. /usr/share/mozilla/extensions/** r,
  100. /usr/share/xul-ext/ r,
  101. /usr/share/xul-ext/** r,
  102. /usr/share/xulrunner-*/defaults/pref/ r,
  103. /usr/share/xulrunner-*/defaults/pref/** r,
  104. /usr/lib/iceweasel/iceweasel//null** r,
  105. /{,var/}run/gdm{,3}/*/database r,
  106. owner /{run,dev}/shm/pulse-shm* rk,
  107. /{run,dev}/shm/pulse-shm* w,
  108.  
  109. /usr/bin/{firefox,iceweasel} Cxr -> sanitized_helper,
  110. /usr/lib/{firefox*,iceweasel}/{firefox*.sh,iceweasel} Cx -> sanitized_helper,
  111. }