Gecko [ oric.aiou.edu.pk ]

Name	Size	Permission
apparmor_api	[ DIR ]	drwxr-xr-x
ubuntu-browsers.d	[ DIR ]	drwxr-xr-x
X	1.72 KB	-rw-r--r--
apache2-common	849 B	-rw-r--r--
aspell	308 B	-rw-r--r--
audio	1.82 KB	-rw-r--r--
authentication	1.55 KB	-rw-r--r--
base	6.39 KB	-rw-r--r--
bash	1.48 KB	-rw-r--r--
consoles	798 B	-rw-r--r--
cups-client	714 B	-rw-r--r--
dbus	593 B	-rw-r--r--
dbus-accessibility	630 B	-rw-r--r--
dbus-accessibility-strict	637 B	-rw-r--r--
dbus-session	638 B	-rw-r--r--
dbus-session-strict	919 B	-rw-r--r--
dbus-strict	677 B	-rw-r--r--
dconf	246 B	-rw-r--r--
dovecot-common	562 B	-rw-r--r--
dri-common	434 B	-rw-r--r--
dri-enumerate	281 B	-rw-r--r--
enchant	1.96 KB	-rw-r--r--
fcitx	456 B	-rw-r--r--
fcitx-strict	712 B	-rw-r--r--
fonts	2.04 KB	-rw-r--r--
freedesktop.org	1.26 KB	-rw-r--r--
gnome	3.54 KB	-rw-r--r--
gnupg	356 B	-rw-r--r--
ibus	1 KB	-rw-r--r--
kde	2.71 KB	-rw-r--r--
kde-globals-write	298 B	-rw-r--r--
kde-icon-cache-write	138 B	-rw-r--r--
kde-language-write	458 B	-rw-r--r--
kerberosclient	1.14 KB	-rw-r--r--
ldapclient	754 B	-rw-r--r--
libpam-systemd	659 B	-rw-r--r--
likewise	489 B	-rw-r--r--
mdns	457 B	-rw-r--r--
mesa	577 B	-rw-r--r--
mir	593 B	-rw-r--r--
mozc	471 B	-rw-r--r--
mysql	641 B	-rw-r--r--
nameservice	4.96 KB	-rw-r--r--
nis	524 B	-rw-r--r--
nvidia	649 B	-rw-r--r--
opencl	269 B	-rw-r--r--
opencl-common	404 B	-rw-r--r--
opencl-intel	564 B	-rw-r--r--
opencl-mesa	527 B	-rw-r--r--
opencl-nvidia	785 B	-rw-r--r--
opencl-pocl	2.75 KB	-rw-r--r--
openssl	470 B	-rw-r--r--
orbit2	93 B	-rw-r--r--
p11-kit	899 B	-rw-r--r--
perl	872 B	-rw-r--r--
php	1.02 KB	-rw-r--r--
php5	105 B	-rw-r--r--
postfix-common	1.17 KB	-rw-r--r--
private-files	1.51 KB	-rw-r--r--
private-files-strict	1.02 KB	-rw-r--r--
python	1.5 KB	-rw-r--r--
qt5	762 B	-rw-r--r--
qt5-compose-cache-write	278 B	-rw-r--r--
qt5-settings-write	398 B	-rw-r--r--
recent-documents-write	346 B	-rw-r--r--
ruby	906 B	-rw-r--r--
samba	830 B	-rw-r--r--
smbpass	476 B	-rw-r--r--
ssl_certs	1.26 KB	-rw-r--r--
ssl_keys	790 B	-rw-r--r--
svn-repositories	1.61 KB	-rw-r--r--
ubuntu-bittorrent-clients	698 B	-rw-r--r--
ubuntu-browsers	1.63 KB	-rw-r--r--
ubuntu-console-browsers	611 B	-rw-r--r--
ubuntu-console-email	601 B	-rw-r--r--
ubuntu-email	977 B	-rw-r--r--
ubuntu-feed-readers	339 B	-rw-r--r--
ubuntu-gnome-terminal	182 B	-rw-r--r--
ubuntu-helpers	3.32 KB	-rw-r--r--
ubuntu-konsole	343 B	-rw-r--r--
ubuntu-media-players	2.18 KB	-rw-r--r--
ubuntu-unity7-base	2.39 KB	-rw-r--r--
ubuntu-unity7-launcher	191 B	-rw-r--r--
ubuntu-unity7-messaging	192 B	-rw-r--r--
ubuntu-xterm	237 B	-rw-r--r--
user-download	876 B	-rw-r--r--
user-mail	837 B	-rw-r--r--
user-manpages	889 B	-rw-r--r--
user-tmp	654 B	-rw-r--r--
user-write	864 B	-rw-r--r--
video	127 B	-rw-r--r--
vulkan	503 B	-rw-r--r--
wayland	580 B	-rw-r--r--
web-data	705 B	-rw-r--r--
winbind	739 B	-rw-r--r--
wutmp	585 B	-rw-r--r--
xad	883 B	-rw-r--r--
xdg-desktop	673 B	-rw-r--r--

Code Editor : base

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# (Note that the ldd profile has inlined this file; if you make
  # modifications here, please consider including them in the ldd
  # profile as well.)

# The __canary_death_handler function writes a time-stamped log
  # message to /dev/log for logging by syslogd. So, /dev/log, timezones,
  # and localisations of date should be available EVERYWHERE, so
  # StackGuard, FormatGuard, etc., alerts can be properly logged.
  /dev/log                       w,
  /dev/random                    r,
  /dev/urandom                   r,
  # Allow access to the uuidd daemon (this daemon is a thin wrapper around
  # time and getrandom()/{,u}random and, when available, runs under an
  # unprivilged, dedicated user).
  /run/uuidd/request             r,
  /etc/locale/**                 r,
  /etc/locale.alias              r,
  /etc/localtime                 r,
  /etc/writable/localtime        r,
  /usr/share/locale-bundle/**    r,
  /usr/share/locale-langpack/**  r,
  /usr/share/locale/**           r,
  /usr/share/**/locale/**        r,
  /usr/share/zoneinfo/           r,
  /usr/share/zoneinfo/**         r,
  /usr/share/X11/locale/**       r,
  /run/systemd/journal/dev-log w,
  # systemd native journal API (see sd_journal_print(4))
  /run/systemd/journal/socket w,
  # Nested containers and anything using systemd-cat need this. 'r' shouldn't
  # be required but applications fail without it. journald doesn't leak
  # anything when reading so this is ok.
  /run/systemd/journal/stdout rw,

/usr/lib{,32,64}/locale/**             mr,
  /usr/lib{,32,64}/gconv/*.so            mr,
  /usr/lib{,32,64}/gconv/gconv-modules*  mr,
  /usr/lib/@{multiarch}/gconv/*.so           mr,
  /usr/lib/@{multiarch}/gconv/gconv-modules* mr,

# used by glibc when binding to ephemeral ports
  /etc/bindresvport.blacklist    r,

# ld.so.cache and ld are used to load shared libraries; they are best
  # available everywhere
  /etc/ld.so.cache               mr,
  /etc/ld.so.conf                r,
  /etc/ld.so.conf.d/{,*.conf}    r,
  /etc/ld.so.preload             r,
  /{usr/,}lib{,32,64}/ld{,32,64}-*.so   mr,
  /{usr/,}lib/@{multiarch}/ld{,32,64}-*.so    mr,
  /{usr/,}lib/tls/i686/{cmov,nosegneg}/ld-*.so     mr,
  /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so     mr,
  /opt/*-linux-uclibc/lib/ld-uClibc*so* mr,

# we might as well allow everything to use common libraries
  /{usr/,}lib{,32,64}/**                r,
  /{usr/,}lib{,32,64}/**.so*       mr,
  /{usr/,}lib/@{multiarch}/**            r,
  /{usr/,}lib/@{multiarch}/**.so*   mr,
  /{usr/,}lib/tls/i686/{cmov,nosegneg}/*.so*    mr,
  /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/*.so*    mr,

# /dev/null is pretty harmless and frequently used
  /dev/null                      rw,
  # as is /dev/zero
  /dev/zero                      rw,
  # recent glibc uses /dev/full in preference to /dev/null for programs
  # that don't have open fds at exec()
  /dev/full                      rw,

# Sometimes used to determine kernel/user interfaces to use
  @{PROC}/sys/kernel/version     r,
  # Depending on which glibc routine uses this file, base may not be the
  # best place -- but many profiles require it, and it is quite harmless.
  @{PROC}/sys/kernel/ngroups_max r,

# glibc's sysconf(3) routine to determine free memory, etc
  @{PROC}/meminfo                r,
  @{PROC}/stat                   r,
  @{PROC}/cpuinfo                r,
  @{sys}/devices/system/cpu/       r,
  @{sys}/devices/system/cpu/online r,

# glibc's *printf protections read the maps file
  @{PROC}/@{pid}/{maps,auxv,status} r,

# libgcrypt reads some flags from /proc
  @{PROC}/sys/crypto/*           r,

# some applications will display license information
  /usr/share/common-licenses/**  r,

# glibc statvfs
  @{PROC}/filesystems            r,

# glibc malloc (man 5 proc)
  @{PROC}/sys/vm/overcommit_memory r,

# Allow determining the highest valid capability of the running kernel
  @{PROC}/sys/kernel/cap_last_cap r,

# Allow other processes to read our /proc entries, futexes, perf tracing and
  # kcmp for now (they will need 'read' in the first place). Administrators can
  # override with:
  #   deny ptrace (readby) ...
  ptrace (readby),

# Allow other processes to trace us by default (they will need 'trace' in
  # the first place). Administrators can override with:
  #   deny ptrace (tracedby) ...
  ptrace (tracedby),

# Allow us to ptrace read ourselves
  ptrace (read) peer=@{profile_name},

# Allow unconfined processes to send us signals by default
  signal (receive) peer=unconfined,

# Allow us to signal ourselves
  signal peer=@{profile_name},

# Checking for PID existence is quite common so add it by default for now
  signal (receive, send) set=("exists"),

# Allow us to create and use abstract and anonymous sockets
  unix peer=(label=@{profile_name}),

# Allow unconfined processes to us via unix sockets
  unix (receive) peer=(label=unconfined),

# Allow us to create abstract and anonymous sockets
  unix (create),

# Allow us to getattr, getopt, setop and shutdown on unix sockets
  unix (getattr, getopt, setopt, shutdown),

# Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
  # filesystems generally. This does not appreciably decrease security with
  # Ubuntu profiles because the user is expected to have access to files owned
  # by him/her. Exceptions to this are explicit in the profiles. While this rule
  # grants access to those exceptions, the intended privacy is maintained due to
  # the encrypted contents of the files in this directory. Files in this
  # directory will also use filename encryption by default, so the files are
  # further protected. Also, with the use of 'owner', this rule properly
  # prevents access to the files from processes running under a different uid.

# encrypted ~/.Private and old-style encrypted $HOME
  owner @{HOME}/.Private/ r,
  owner @{HOME}/.Private/** mrixwlk,
  # new-style encrypted $HOME
  owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
  owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,

${this.title}

Code Editor : base