Gecko [ oric.aiou.edu.pk ]

Name	Size	Permission
apparmor_api	[ DIR ]	drwxr-xr-x
ubuntu-browsers.d	[ DIR ]	drwxr-xr-x
X	1.72 KB	-rw-r--r--
apache2-common	849 B	-rw-r--r--
aspell	308 B	-rw-r--r--
audio	1.82 KB	-rw-r--r--
authentication	1.55 KB	-rw-r--r--
base	6.39 KB	-rw-r--r--
bash	1.48 KB	-rw-r--r--
consoles	798 B	-rw-r--r--
cups-client	714 B	-rw-r--r--
dbus	593 B	-rw-r--r--
dbus-accessibility	630 B	-rw-r--r--
dbus-accessibility-strict	637 B	-rw-r--r--
dbus-session	638 B	-rw-r--r--
dbus-session-strict	919 B	-rw-r--r--
dbus-strict	677 B	-rw-r--r--
dconf	246 B	-rw-r--r--
dovecot-common	562 B	-rw-r--r--
dri-common	434 B	-rw-r--r--
dri-enumerate	281 B	-rw-r--r--
enchant	1.96 KB	-rw-r--r--
fcitx	456 B	-rw-r--r--
fcitx-strict	712 B	-rw-r--r--
fonts	2.04 KB	-rw-r--r--
freedesktop.org	1.26 KB	-rw-r--r--
gnome	3.54 KB	-rw-r--r--
gnupg	356 B	-rw-r--r--
ibus	1 KB	-rw-r--r--
kde	2.71 KB	-rw-r--r--
kde-globals-write	298 B	-rw-r--r--
kde-icon-cache-write	138 B	-rw-r--r--
kde-language-write	458 B	-rw-r--r--
kerberosclient	1.14 KB	-rw-r--r--
ldapclient	754 B	-rw-r--r--
libpam-systemd	659 B	-rw-r--r--
likewise	489 B	-rw-r--r--
mdns	457 B	-rw-r--r--
mesa	577 B	-rw-r--r--
mir	593 B	-rw-r--r--
mozc	471 B	-rw-r--r--
mysql	641 B	-rw-r--r--
nameservice	4.96 KB	-rw-r--r--
nis	524 B	-rw-r--r--
nvidia	649 B	-rw-r--r--
opencl	269 B	-rw-r--r--
opencl-common	404 B	-rw-r--r--
opencl-intel	564 B	-rw-r--r--
opencl-mesa	527 B	-rw-r--r--
opencl-nvidia	785 B	-rw-r--r--
opencl-pocl	2.75 KB	-rw-r--r--
openssl	470 B	-rw-r--r--
orbit2	93 B	-rw-r--r--
p11-kit	899 B	-rw-r--r--
perl	872 B	-rw-r--r--
php	1.02 KB	-rw-r--r--
php5	105 B	-rw-r--r--
postfix-common	1.17 KB	-rw-r--r--
private-files	1.51 KB	-rw-r--r--
private-files-strict	1.02 KB	-rw-r--r--
python	1.5 KB	-rw-r--r--
qt5	762 B	-rw-r--r--
qt5-compose-cache-write	278 B	-rw-r--r--
qt5-settings-write	398 B	-rw-r--r--
recent-documents-write	346 B	-rw-r--r--
ruby	906 B	-rw-r--r--
samba	830 B	-rw-r--r--
smbpass	476 B	-rw-r--r--
ssl_certs	1.26 KB	-rw-r--r--
ssl_keys	790 B	-rw-r--r--
svn-repositories	1.61 KB	-rw-r--r--
ubuntu-bittorrent-clients	698 B	-rw-r--r--
ubuntu-browsers	1.63 KB	-rw-r--r--
ubuntu-console-browsers	611 B	-rw-r--r--
ubuntu-console-email	601 B	-rw-r--r--
ubuntu-email	977 B	-rw-r--r--
ubuntu-feed-readers	339 B	-rw-r--r--
ubuntu-gnome-terminal	182 B	-rw-r--r--
ubuntu-helpers	3.32 KB	-rw-r--r--
ubuntu-konsole	343 B	-rw-r--r--
ubuntu-media-players	2.18 KB	-rw-r--r--
ubuntu-unity7-base	2.39 KB	-rw-r--r--
ubuntu-unity7-launcher	191 B	-rw-r--r--
ubuntu-unity7-messaging	192 B	-rw-r--r--
ubuntu-xterm	237 B	-rw-r--r--
user-download	876 B	-rw-r--r--
user-mail	837 B	-rw-r--r--
user-manpages	889 B	-rw-r--r--
user-tmp	654 B	-rw-r--r--
user-write	864 B	-rw-r--r--
video	127 B	-rw-r--r--
vulkan	503 B	-rw-r--r--
wayland	580 B	-rw-r--r--
web-data	705 B	-rw-r--r--
winbind	739 B	-rw-r--r--
wutmp	585 B	-rw-r--r--
xad	883 B	-rw-r--r--
xdg-desktop	673 B	-rw-r--r--

Name

Size

Permission

Action

apparmor_api

[ DIR ]

drwxr-xr-x

ubuntu-browsers.d

[ DIR ]

drwxr-xr-x

1.72 KB

-rw-r--r--

apache2-common

849 B

-rw-r--r--

aspell

308 B

-rw-r--r--

audio

1.82 KB

-rw-r--r--

authentication

1.55 KB

-rw-r--r--

base

6.39 KB

-rw-r--r--

bash

1.48 KB

-rw-r--r--

consoles

798 B

-rw-r--r--

cups-client

714 B

-rw-r--r--

dbus

593 B

-rw-r--r--

dbus-accessibility

630 B

-rw-r--r--

dbus-accessibility-strict

637 B

-rw-r--r--

dbus-session

638 B

-rw-r--r--

dbus-session-strict

919 B

-rw-r--r--

dbus-strict

677 B

-rw-r--r--

dconf

246 B

-rw-r--r--

dovecot-common

562 B

-rw-r--r--

dri-common

434 B

-rw-r--r--

dri-enumerate

281 B

-rw-r--r--

enchant

1.96 KB

-rw-r--r--

fcitx

456 B

-rw-r--r--

fcitx-strict

712 B

-rw-r--r--

fonts

2.04 KB

-rw-r--r--

freedesktop.org

1.26 KB

-rw-r--r--

gnome

3.54 KB

-rw-r--r--

gnupg

356 B

-rw-r--r--

ibus

1 KB

-rw-r--r--

kde

2.71 KB

-rw-r--r--

kde-globals-write

298 B

-rw-r--r--

kde-icon-cache-write

138 B

-rw-r--r--

kde-language-write

458 B

-rw-r--r--

kerberosclient

1.14 KB

-rw-r--r--

ldapclient

754 B

-rw-r--r--

libpam-systemd

659 B

-rw-r--r--

likewise

489 B

-rw-r--r--

mdns

457 B

-rw-r--r--

mesa

577 B

-rw-r--r--

mir

593 B

-rw-r--r--

mozc

471 B

-rw-r--r--

mysql

641 B

-rw-r--r--

nameservice

4.96 KB

-rw-r--r--

nis

524 B

-rw-r--r--

nvidia

649 B

-rw-r--r--

opencl

269 B

-rw-r--r--

opencl-common

404 B

-rw-r--r--

opencl-intel

564 B

-rw-r--r--

opencl-mesa

527 B

-rw-r--r--

opencl-nvidia

785 B

-rw-r--r--

opencl-pocl

2.75 KB

-rw-r--r--

openssl

470 B

-rw-r--r--

orbit2

93 B

-rw-r--r--

p11-kit

899 B

-rw-r--r--

perl

872 B

-rw-r--r--

php

1.02 KB

-rw-r--r--

php5

105 B

-rw-r--r--

postfix-common

1.17 KB

-rw-r--r--

private-files

1.51 KB

-rw-r--r--

private-files-strict

1.02 KB

-rw-r--r--

python

1.5 KB

-rw-r--r--

qt5

762 B

-rw-r--r--

qt5-compose-cache-write

278 B

-rw-r--r--

qt5-settings-write

398 B

-rw-r--r--

recent-documents-write

346 B

-rw-r--r--

ruby

906 B

-rw-r--r--

samba

830 B

-rw-r--r--

smbpass

476 B

-rw-r--r--

ssl_certs

1.26 KB

-rw-r--r--

ssl_keys

790 B

-rw-r--r--

svn-repositories

1.61 KB

-rw-r--r--

ubuntu-bittorrent-clients

698 B

-rw-r--r--

ubuntu-browsers

1.63 KB

-rw-r--r--

ubuntu-console-browsers

611 B

-rw-r--r--

ubuntu-console-email

601 B

-rw-r--r--

ubuntu-email

977 B

-rw-r--r--

ubuntu-feed-readers

339 B

-rw-r--r--

ubuntu-gnome-terminal

182 B

-rw-r--r--

ubuntu-helpers

3.32 KB

-rw-r--r--

ubuntu-konsole

343 B

-rw-r--r--

ubuntu-media-players

2.18 KB

-rw-r--r--

ubuntu-unity7-base

2.39 KB

-rw-r--r--

ubuntu-unity7-launcher

191 B

-rw-r--r--

ubuntu-unity7-messaging

192 B

-rw-r--r--

ubuntu-xterm

237 B

-rw-r--r--

user-download

876 B

-rw-r--r--

user-mail

837 B

-rw-r--r--

user-manpages

889 B

-rw-r--r--

user-tmp

654 B

-rw-r--r--

user-write

864 B

-rw-r--r--

video

127 B

-rw-r--r--

vulkan

503 B

-rw-r--r--

wayland

580 B

-rw-r--r--

web-data

705 B

-rw-r--r--

winbind

739 B

-rw-r--r--

wutmp

585 B

-rw-r--r--

xad

883 B

-rw-r--r--

xdg-desktop

673 B

-rw-r--r--

Code Editor : ubuntu-helpers

# Lenient profile that is intended to be used when 'Ux' is desired but
# does not provide enough environment sanitizing. This effectively is an
# open profile that blacklists certain known dangerous files and also
# does not allow any capabilities. For example, it will not allow 'm' on files
# owned be the user invoking the program. While this provides some additional
# protection, please use with care as applications running under this profile
# are effectively running without any AppArmor protection. Use this profile
# only if the process absolutely must be run (effectively) unconfined.
#
# Usage:
# Because this abstraction defines the sanitized_helper profile, it must only
# be #included once. Therefore this abstraction should typically not be
# included in other abstractions so as to avoid parser errors regarding
# multiple definitions.
#
# Limitations:
# 1. This does not work for root owned processes, because of the way we use
#    owner matching in the sanitized helper. We could do a better job with
#    this to support root, but it would make the policy harder to understand
#    and going unconfined as root is not desirable any way.
#
# 2. For this sanitized_helper to work, the program running in the sanitized
#    environment must open symlinks directly in order for AppArmor to mediate
#    it. This is confirmed to work with:
#     - compiled code which can load shared libraries
#     - python imports
#    It is known not to work with:
#     - perl includes
# 3. Sanitizing ruby and java
#
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.

profile sanitized_helper {
  #include <abstractions/base>
  #include <abstractions/X>

# Allow all networking
  network inet,
  network inet6,

# Allow all DBus communications
  #include <abstractions/dbus-session-strict>
  #include <abstractions/dbus-strict>
  dbus,

# Needed for Google Chrome
  ptrace (trace) peer=**//sanitized_helper,

# Allow exec of anything, but under this profile. Allow transition
  # to other profiles if they exist.
  /{usr/,usr/local/,}{bin,sbin}/* Pixr,

# Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
  /usr/{,local/}lib*/{,**/}* Pixr,

# Allow exec of software-center scripts. We may need to allow wider
  # permissions for /usr/share, but for now just do this. (LP: #972367)
  /usr/share/software-center/* Pixr,

# Allow exec of texlive font build scripts (LP: #1010909)
  /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,

# While the chromium and chrome sandboxes are setuid root, they only link
  # in limited libraries so glibc's secure execution should be enough to not
  # require the santized_helper (ie, LD_PRELOAD will only use standard system
  # paths (man ld.so)).
  /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
  /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m,

# Full access
  / r,
  /** rwkl,
  /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,

# Dangerous files
  audit deny owner /**/* m,              # compiled libraries
  audit deny owner /**/*.py* r,          # python imports
}

${this.title}

Code Editor : ubuntu-helpers