You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
i have created a small apparmor profile for theonionbox. Copy it to /etc/apparmor.d with a nice name and load it with "apparmor_parser -r [fullpath]".
#include <tunables/global>
/opt/theonionbox/theonionbox.py {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/python>
#include <abstractions/user-tmp>
# Set to where tob is installed, also look at the ".py" line above between the includes
/opt/theonionbox/ r,
/opt/theonionbox/** r,
/opt/theonionbox/theonionbox.py ixr,
# If owned by root, the user cannot write these anyway. So remove the noise.
deny /opt/theonionbox/tob/*.pyc mrwxkl,
/bin/{da,ba,z,a,k}sh ixr,
/bin/uname ixr,
/etc/network/resolv.conf* r,
/etc/timezone r,
@{PROC}/uptime r,
@{PROC}/[0-9]*/cmdline r,
@{PROC}/[0-9]*/stat r,
@{PROC}/[0-9]*/status r,
@{PROC}/[0-9]*/mounts r,
/sbin/ldconfig{,.real} ixr,
/sys/{devices/virtual,class}/thermal/** r,
/usr/bin/python{2.[4-7]*,3.[0-9]*} ixr,
/var/log/theonionbox/ r,
/var/log/theonionbox/* rw,
}
Due to some outdated python libs (psutil in example) I do not know, if some rules are missing. My profile works quite well. For me ;)
The text was updated successfully, but these errors were encountered:
Hi,
i have created a small apparmor profile for theonionbox. Copy it to /etc/apparmor.d with a nice name and load it with "apparmor_parser -r [fullpath]".
Due to some outdated python libs (psutil in example) I do not know, if some rules are missing. My profile works quite well. For me ;)
The text was updated successfully, but these errors were encountered: