/etc/apparmor.d/usr.bin.pidgin is in apparmor-profiles-extra 1.4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | # vim:syntax=apparmor
#include <tunables/global>
/usr/bin/pidgin {
#include <abstractions/audio>
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/dbus>
#include <abstractions/dbus-session>
#include <abstractions/enchant>
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/launchpad-integration>
#include <abstractions/nameservice>
#include <abstractions/private-files-strict>
#include <abstractions/ssl_certs>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-helpers>
#include <abstractions/user-download>
deny capability sys_ptrace,
deny @{HOME}/.local/share/applications/wine/ r,
owner @{HOME}/.gstreamer*/ rw,
owner @{HOME}/.gstreamer*/** rw,
owner @{HOME}/.purple/ rw,
owner @{HOME}/.purple/** rwk,
owner @{HOME}/.{cache,config}/dconf/user rw,
owner @{HOME}/.config/indicators/ rw,
owner @{HOME}/.config/indicators/** rw,
owner @{HOME}/.local/share/applications/ r,
owner /{,var/}run/user/[0-9]*/dconf/user rwk,
/bin/dash rix,
/bin/which rix,
# NB: the preferred browser and proxy settings must be configured
# in the GNOME preferences: this profile does not allow running
# the corresponding external configuration applications.
/usr/bin/gconftool-2 rPix,
/usr/bin/gnome-open rmix,
/usr/bin/gsettings rix,
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
/usr/bin/xdg-open rmix,
/usr/share/gnome/applications/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/lib/frei0r-1/*.so rm,
/usr/lib/@{multiarch}/libvisual-*/**.so rm,
/usr/lib/pidgin/*.so rm,
/usr/lib/purple*/*.so rm,
/usr/share/purple/ca-certs/ r,
/usr/share/purple/ca-certs/** r,
/usr/share/tcltk/** r,
/usr/share/themes/ r,
owner @{PROC}/[0-9]*/auxv r,
owner @{PROC}/[0-9]*/fd/ r,
# For sound notifications
owner /tmp/orcexec.* mr,
# ... if /tmp is mounted noexec
owner @{HOME}/orcexec.* mr,
owner /{,var/}run/user/[0-9]*/ r,
owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.pidgin>
}
|