Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Last Modified: Thu Apr 24 00:12:28 2014
- #include <tunables/global>
- /usr/lib/iceweasel/iceweasel {
- #include <abstractions/audio>
- #include <abstractions/base>
- #include <abstractions/cups-client>
- #include <abstractions/dbus-session>
- #include <abstractions/fonts>
- #include <abstractions/freedesktop.org>
- #include <abstractions/gnome>
- #include <abstractions/nameservice>
- #include <abstractions/nvidia>
- #include <abstractions/ubuntu-browsers.d/chromium-browser>
- #include <abstractions/ubuntu-browsers>
- #include <abstractions/ubuntu-konsole>
- #include <abstractions/user-tmp>
- capability sys_admin,
- capability sys_ptrace,
- /bin/cat rix,
- /bin/kmod rix,
- /bin/ps rix,
- /bin/rm rix,
- /bin/uname rix,
- /dev/ r,
- /dev/nvidiactl rw,
- /etc/dconf/db/local r,
- /etc/dconf/profile/user r,
- /etc/iceweasel/** r,
- /etc/mailcap r,
- /etc/mime.types r,
- /etc/udev/udev.conf r,
- /etc/vdpau_wrapper.cfg r,
- /etc/xul-ext/** r,
- /etc/ssl/openssl.cnf r,
- /usr/lib/ssl/openssl.cnf r,
- /proc/ r,
- /proc/*/cmdline r,
- /proc/*/mountinfo r,
- /proc/*/stat r,
- /proc/*/status r,
- /proc/*/task/*/stat r,
- /proc/cmdline r,
- /proc/driver/nvidia/params r,
- /proc/modules r,
- /proc/sys/kernel/pid_max r,
- /proc/tty/drivers r,
- /proc/uptime r,
- owner @{HOME}/.adobe/ rw,
- owner @{HOME}/.adobe/** rw,
- owner @{HOME}/.cache/mozilla/firefox/** rw,
- owner @{HOME}/.macromedia/ rw,
- owner @{HOME}/.macromedia/** rw,
- owner @{HOME}/.mozilla/firefox/** rk,
- owner @{HOME}/.nv/GLCache/** k,
- owner @{HOME}/{.macromedia,.adobe}/ rwk,
- owner @{HOME}/{.macromedia,.adobe}/Flash_Player/ rwk,
- owner @{HOME}/{.macromedia,.adobe}/Flash_Player/** rwk,
- /sys/devices/system/cpu/ r,
- /sys/devices/system/cpu/present r,
- /sys/devices/virtual/block/dm-1/uevent r,
- /sys/module/nls_utf8/refcnt r,
- /sys/module/vboxdrv/holders/ r,
- /sys/module/vboxdrv/refcnt r,
- /sys/module/vboxnetadp/holders/ r,
- /sys/module/vboxnetadp/refcnt r,
- /sys/module/vboxnetflt/holders/ r,
- /sys/module/vboxnetflt/refcnt r,
- /sys/module/vboxpci/holders/ r,
- /sys/module/vboxpci/refcnt r,
- owner /tmp/** lk,
- /tmp/** mrw,
- /usr/bin/VBox rix,
- /usr/bin/basename rix,
- /usr/bin/mawk rix,
- /usr/bin/whoami rix,
- /usr/lib/iceweasel/iceweasel mr,
- /usr/lib/iceweasel/xulrunner/** mr,
- /usr/lib/xulrunner-*/** rm,
- /usr/lib/iceweasel/plugin-container rix,
- /usr/share/applications/defaults.list r,
- /usr/share/glib-2.0/schemas/gschemas.compiled r,
- /usr/share/gnome/applications/display.im6.desktop r,
- /usr/share/hunspell/ r,
- /usr/share/hunspell/** r,
- /usr/share/iceweasel/browser/ r,
- /usr/share/iceweasel/browser/** r,
- /usr/share/kali-defaults/ r,
- /usr/share/kali-defaults/** r,
- /usr/share/libthai/** r,
- /usr/share/mime/ r,
- /usr/share/mozilla/extensions/ r,
- /usr/share/mozilla/extensions/** r,
- /usr/share/xul-ext/ r,
- /usr/share/xul-ext/** r,
- /usr/share/xulrunner-*/defaults/pref/ r,
- /usr/share/xulrunner-*/defaults/pref/** r,
- /usr/lib/iceweasel/iceweasel//null** r,
- /{,var/}run/gdm{,3}/*/database r,
- owner /{run,dev}/shm/pulse-shm* rk,
- /{run,dev}/shm/pulse-shm* w,
- /usr/bin/{firefox,iceweasel} Cxr -> sanitized_helper,
- /usr/lib/{firefox*,iceweasel}/{firefox*.sh,iceweasel} Cx -> sanitized_helper,
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement