1 diff --git a/etc/apparmor.d/abstractions/base b/etc/apparmor.d/abstractions/base
2 index fabb427..2103c3c 100644
3 --- a/etc/apparmor.d/abstractions/base
4 +++ b/etc/apparmor.d/abstractions/base
9 - /usr/share/locale-bundle/** r,
10 - /usr/share/locale-langpack/** r,
11 - /usr/share/locale/** r,
12 - /usr/share/**/locale/** r,
13 - /usr/share/zoneinfo/ r,
14 - /usr/share/zoneinfo/** r,
15 - /usr/share/X11/locale/** r,
16 /run/systemd/journal/dev-log w,
17 # systemd native journal API (see sd_journal_print(4))
18 /run/systemd/journal/socket w,
20 # anything when reading so this is ok.
21 /run/systemd/journal/stdout rw,
23 - /usr/lib{,32,64}/locale/** mr,
24 - /usr/lib{,32,64}/gconv/*.so mr,
25 - /usr/lib{,32,64}/gconv/gconv-modules* mr,
26 - /usr/lib/@{multiarch}/gconv/*.so mr,
27 - /usr/lib/@{multiarch}/gconv/gconv-modules* mr,
29 # used by glibc when binding to ephemeral ports
30 /etc/bindresvport.blacklist r,
35 /etc/ld.so.conf.d/{,*.conf} r,
36 - /etc/ld.so.preload r,
37 - /{usr/,}lib{,32,64}/ld{,32,64}-*.so mr,
38 - /{usr/,}lib/@{multiarch}/ld{,32,64}-*.so mr,
39 - /{usr/,}lib/tls/i686/{cmov,nosegneg}/ld-*.so mr,
40 - /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mr,
41 - /opt/*-linux-uclibc/lib/ld-uClibc*so* mr,
43 - # we might as well allow everything to use common libraries
44 - /{usr/,}lib{,32,64}/** r,
45 - /{usr/,}lib{,32,64}/**.so* mr,
46 - /{usr/,}lib/@{multiarch}/** r,
47 - /{usr/,}lib/@{multiarch}/**.so* mr,
48 - /{usr/,}lib/tls/i686/{cmov,nosegneg}/*.so* mr,
49 - /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/*.so* mr,
50 + /etc/ld-nix.so.preload r,
52 # /dev/null is pretty harmless and frequently used
55 # libgcrypt reads some flags from /proc
56 @{PROC}/sys/crypto/* r,
58 - # some applications will display license information
59 - /usr/share/common-licenses/** r,
62 @{PROC}/filesystems r,
sourcephile / git / sourcephile-nix.git / blob