spacepaste

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Last Modified: Mon Oct 26 13:29:13 2009
# REPOSITORY: http://apparmor.test.opensuse.org/backend/api draglor 53
# Additional profiling based on work by Андрей Калинин, LP: #226624
#include <tunables/global>
#/usr/bin/skype flags=(complain) {
/usr/bin/skype {
  #include <abstractions/audio>
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/freedesktop.org>
  #include <abstractions/nameservice>
  #include <abstractions/nvidia>
  #include <abstractions/user-tmp>
  #include <abstractions/X>

  #include <abstractions/dbus-session>

  # allow webcam access
  /dev/video* mrw,
  
  # skype seems to need this, maybe for load calculations
  /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq r,
  /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq r,


  /dev/snd/* mrw,
  /var/cache/libx11/compose/* r,
  /usr/lib/libv4l/v4l2convert.so rm,

  # v4lcompat for usage with old webcams (i.e. LD_PRELOAD=/usr/lib/v4l1compat.so skype)
  # debian locations
  /usr/lib/x86_64-linux-gnu/libv4l/v4l1compat.so r,
  /usr/lib/i386-linux-gnu/libv4l/v4l1compat.so r,

  # archlinux location
  /usr/lib/libv4l/v4l1compat.so r,
  /usr/lib/v4l1compat.so r,

  /proc/*/net/arp r,
  /proc/*/fd/ r,
  /proc/*/task/ r,
  /proc/*/task/** r,
  /proc/sys/kernel/ostype r,
  /proc/sys/kernel/osrelease r,

  /etc/ssl/certs/ r,
  /etc/ssl/certs/* r,
  /usr/share/ca-certificates/ r,
  /usr/share/ca-certificates/** r,
  /sys/devices/system/cpu/ r,
  /dev/ r,
  /dev/shm/pulse-* mr,
  /usr/share/fonts/** mr,
  owner @{HOME}/.fonts/** mr,

  /usr/bin/skype mr,
  /usr/share/skype/** kmr,
  /usr/share/skype/sounds/*.wav kr,
  /usr/lib32/skype/** rixm,
  /etc/asound.conf r,

  owner @{HOME}/.Skype/   rw,
  owner @{HOME}/.Skype/** krw,
  owner @{HOME}/.config/Skype/ rw,
  owner @{HOME}/.config/Skype/** krw,
  
  # qt style configuration
  owner @{HOME}/.config/Trolltech.conf kr,
  owner @{HOME}/.kde/share/config/oxygenrc r,

  owner @{HOME}/.Xdefaults r,
  owner @{HOME}/.icons/** r,

  #kdelibs
  /usr/share/skype/lib/libQtWebKit.so.4 mr,
  /usr/lib*/kde4/plugins/*/*.so mr,
  /usr/lib*/kde4/plugins/*/ r,
  /usr/lib*/kde4/lib*so* mr,
  /usr/lib/@{multiarch}/kde4/plugins/*/*.so mr,
  /usr/lib/@{multiarch}/kde4/plugins/*/ r,
  /usr/lib/@{multiarch}/kde4/lib*so* mr,
  /usr/lib*/qt4/lib*/lib*so* mr,
  /usr/lib*/qt4/plugins/**  mr,
  /usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
  /usr/lib/@{multiarch}/qt4/plugins/**  mr,
  /usr/share/qt4/** r,

}