-
Notifications
You must be signed in to change notification settings - Fork 42
/
usr.bin.securedrop-client
75 lines (71 loc) · 2.67 KB
/
usr.bin.securedrop-client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Last Modified: Tue Dec 10 11:57:59 2019
#include <tunables/global>
/usr/bin/securedrop-client {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/python>
#include <abstractions/user-tmp>
deny /usr/bin/sudo x,
/dev/tty rw,
/dev/xen/evtchn rw,
/dev/xen/gntalloc rw,
/dev/xen/privcmd rw,
/dev/xen/xenbus rw,
/etc/group r,
/etc/machine-id r,
/etc/nsswitch.conf r,
/etc/passwd r,
/opt/venvs/securedrop-client/** r,
/opt/venvs/securedrop-client/bin/alembic mrix,
/opt/venvs/securedrop-client/bin/python3 ix,
/opt/venvs/securedrop-client/bin/sd-client mrix,
/opt/venvs/securedrop-client/lib/python3.7/site-packages/markupsafe/_speedups.cpython-37m-x86_64-linux-gnu.so mr,
/opt/venvs/securedrop-client/lib/python3.7/site-packages/sqlalchemy/cprocessors.cpython-37m-x86_64-linux-gnu.so mr,
/opt/venvs/securedrop-client/lib/python3.7/site-packages/sqlalchemy/cresultproxy.cpython-37m-x86_64-linux-gnu.so mr,
/opt/venvs/securedrop-client/lib/python3.7/site-packages/sqlalchemy/cutils.cpython-37m-x86_64-linux-gnu.so mr,
/proc/cpuinfo r,
/proc/filesystems r,
/sys/devices/system/cpu/online r,
/usr/bin/bash ix,
/usr/bin/cat mrix,
/usr/bin/chmod mrix,
/usr/bin/dash ix,
/usr/bin/mkdir mrix,
/usr/bin/qrexec-client-vm mrix,
/usr/bin/qubes-gpg-client mrix,
/usr/bin/qubes-gpg-import-key mrix,
/usr/bin/qvm-open-in-vm mrix,
/usr/bin/securedrop-client r,
/usr/bin/uname mrix,
/usr/bin/zenity mrix,
/usr/lib/qubes-gpg-split/pipe-cat mrix,
/usr/lib/qubes/qopen-in-vm mrix,
/usr/share/drirc.d/ r,
/usr/share/drirc.d/* r,
/usr/share/icons/** r,
/usr/share/mime/image/png.xml r,
/usr/share/mime/mime.cache r,
/usr/share/mime/types r,
/usr/share/securedrop-client/ r,
/usr/share/securedrop-client/** r,
/usr/share/zenity/* r,
owner /dev/pts/2 rw,
owner /home/*/.securedrop_client/sync_flag rw,
owner /home/user/.cache/** rwl,
owner /home/user/.securedrop_client/ rw,
owner /home/user/.securedrop_client/config.json r,
owner /home/user/.securedrop_client/data/ rw,
owner /home/user/.securedrop_client/data/** rwl,
owner /home/user/.securedrop_client/gpg/ rw,
owner /home/user/.securedrop_client/gpg/* rwl,
owner /home/user/.securedrop_client/logs/ rw,
owner /home/user/.securedrop_client/logs/* rw,
owner /home/user/.securedrop_client/svs.sqlite rwk,
owner /home/user/.securedrop_client/svs.sqlite-journal rw,
owner /home/user/QubesIncoming/sd-proxy/* rw,
owner /opt/venvs/securedrop-client/lib/python3.7/**/__pycache__/* rw,
owner /opt/venvs/securedrop-client/lib/python3.7/__pycache__/* rw,
owner /proc/*/cmdline r,
owner /proc/*/fd/ r,
owner /usr/share/securedrop-client/** rw,
}