# Last Modified: Wed Aug 27 13:50:46 2014 # vim:syntax=apparmor # VLC AppArmor profile with support for # proprietary nVidia driver, AMD Catalyst # and DVB # #include /usr/bin/vlc { #include #include #include #include #include #include #include #include # Support for proprietary AMD Catalyst driver /proc/ati r, /proc/ati/** r, /dev/ati rw, /dev/video* rw, /dev/ati/* rw, /etc/ati r, /etc/ati/** r, /etc/ati/authatieventsd.sh Ux, /dev/shm/ rwkl, /dev/shm/* rwkl, /home/*/.AMD/ rwkl, /home/*/.AMD/** rwkl, # / r, /dev/dvb/adapter0/ r, /dev/dvb/adapter0/demux0 r, /dev/dvb/adapter0/dvr0 r, /dev/dvb/adapter0/frontend0 rw, /dev/shm/ r, /dev/shm/* r, /dev/shm/pulse-shm-* rw, /dev/snd/** rw, /dev/sr* rw, /dev/ r, /dev/* r, /etc/xdg/ r, /etc/xdg/** r, /etc/asound.conf r, /etc/asound-pulse.conf r, /etc/vdpau_wrapper.cfg r, /etc/alsa-pulse.conf r, /etc/exports r, /etc/fonts/** r, /etc/fstab r, /etc/kde4/share/config/kdebugrc r, /etc/kde4/share/config/kdeglobals r, /etc/kde4/share/config/kioslaverc r, /etc/kde4rc r, /etc/ld.so.preload r, /etc/machine-id r, /etc/pulse/client.conf r, /etc/rcc.xml r, /etc/rpc r, /etc/udev/udev.conf r, /etc/kde4/share/config/oxygenrc r, /etc/pulse/* r, /home/ r, /home/*/ r, /home/*/.ICEauthority r, /home/*/.Xauthority r, /home/*/.nv/ rw, /home/*/.dvdcss/ r, /home/*/.dvdcss/** rw, /home/*/.nv/* rw, /home/*/.nv/GLCache/ rw, /home/*/.nv/GLCache/** rwk, /home/*/.local/share/vlc/ rw, /home/*/download/ rw, /home/*/Download/ rw, /home/*/downloads/ rw, /home/*/Downloads/ rw, /home/*/download/** rw, /home/*/Download/** rw, /home/*/downloads/** rw, /home/*/Downloads/** rw, /home/*/kdenlive/ r, /home/*/kdenlive/** r, /home/*/.kde*/share/config/oxygenrc r, /home/*/.local/share/vlc/** rw, /home/*/.cache/fontconfig/* rw, /home/*/.cache/vlc/** rw, /home/*/.cache/*cache* rwk, /home/*/.config/Trolltech.conf rk, /home/*/.config/fontconfig/fonts.conf r, /home/*/.config/kde.org/libphonon.conf r, /home/*/.config/pulse/cookie rk, /home/*/.config/qtcurve/stylerc r, /home/*/.config/vlc/** rw, /home/*/.config/vlc/** rwk, /home/*/.config/** r, /home/*/.directory r, /home/*/.fonts/ r, /home/*/.icons/** r, /home/*/.asoundrc r, /home/*/.kde*/share/apps/RecentDocuments/ r, /home/*/.kde*/share/apps/RecentDocuments/** rwl, /home/*/.kde*/share/config/kbookmarkrc r, /home/*/.kde*/share/config/*rc r, /home/*/.kde*/share/config/kdeglobal* rwk, /home/*/.kde4/share/config/kfilemodule* rw, /home/*/.kde*/share/config/kio_thumbnailrc r, /home/*/.kde*/share/config/kioslaverc r, /home/*/.kde*/share/config/knfsshare r, /home/*/.kde*/share/config/ktimezonedrc r, /home/*/.kde*/share/config/servicetype_profilerc r, /home/*/.kde*/share/config/vlcrc r, /home/*/.local/share/user-places.xbel r, /home/*/.local/share/vlc/** rw, /home/*/.rcc/comm/*.sock rw, /home/*/dwhelper/ rw, /home/*/dwhelper/** rw, /home/*/Desktop/.directory r, /home/*/Media/** r, /home/*/Musik/** r, /home/*/MythTV/.directory r, /home/*/TV-Aufnahmen/** r, /home/*/tmp/ rw, /home/*/tmp/** rwm, /home/*/asound.conf r, /home/*/bin/.directory r, /home/*/download/.directory r, /home/*/download/ rw, /home/*/download/** rw, /home/*/.config/vlcrc.lock rw, /home/*/public_html/.directory r, /home/*/xorg.conf r, /opt/kde3/share/*/ r, /opt/lib/lib*so* mr, /proc/@{pid}/cmdline r, /proc/*/net/if_inet6 r, /proc/*/status r, /proc/filesystems r, /proc/modules r, /proc/driver/nvidia/* r, /proc/driver/nvidia/** r, owner /run/user/*/vlc*socket rw, /run/udev/** r, /run/udev/data/b254:0 r, /run/udev/data/b8:7 r, /sys/bus/ r, /sys/bus/acpi/devices/ r, /sys/bus/clockevents/devices/ r, /sys/bus/clocksource/devices/ r, /sys/bus/container/devices/ r, /sys/bus/cpu/devices/ r, /sys/bus/event_source/devices/ r, /sys/bus/hid/devices/ r, /sys/bus/i2c/devices/ r, /sys/bus/machinecheck/devices/ r, /sys/bus/mdio_bus/devices/ r, /sys/bus/memory/devices/ r, /sys/bus/node/devices/ r, /sys/bus/pci/devices/ r, /sys/bus/pci_express/devices/ r, /sys/bus/platform/devices/ r, /sys/bus/pnp/devices/ r, /sys/bus/scsi/devices/ r, /sys/bus/serio/devices/ r, /sys/bus/usb/devices/ r, /sys/bus/workqueue/devices/ r, /sys/class/ r, /sys/class/ata_device/ r, /sys/class/ata_link/ r, /sys/class/ata_port/ r, /sys/class/backlight/ r, /sys/class/bdi/ r, /sys/class/block/ r, /sys/class/bluetooth/ r, /sys/class/bsg/ r, /sys/class/dma/ r, /sys/class/dmi/ r, /sys/class/drm/ r, /sys/class/firmware/ r, /sys/class/gpio/ r, /sys/class/graphics/ r, /sys/class/hidraw/ r, /sys/class/hwmon/ r, /sys/class/ieee80211/ r, /sys/class/input/ r, /sys/class/leds/ r, /sys/class/mdio_bus/ r, /sys/class/mem/ r, /sys/class/misc/ r, /sys/class/net/ r, /sys/class/pci_bus/ r, /sys/class/phy/ r, /sys/class/power_supply/ r, /sys/class/pps/ r, /sys/class/ptp/ r, /sys/class/pwm/ r, /sys/class/rfkill/ r, /sys/class/rtc/ r, /sys/class/scsi_device/ r, /sys/class/scsi_disk/ r, /sys/class/scsi_generic/ r, /sys/class/scsi_host/ r, /sys/class/scsi_tape/ r, /sys/class/sound/ r, /sys/class/thermal/ r, /sys/class/tty/ r, /sys/class/usbmisc/ r, /sys/class/vc/ r, /sys/class/video4linux/ r, /sys/class/vtconsole/ r, /sys/class/watchdog/ r, /sys/class/wmi/ r, /sys/devices/** r, /sys/devices/**/uevent r, /usr/bin/kbuildsycoca4 rix, /usr/bin/net rix, /usr/bin/nvidia-modprobe Ux, /usr/bin/testparm rix, /usr/bin/vlc mr, /usr/bin/pulseaudio rix, /usr/lib64/rcc/rccexternal rix, /usr/lib{,32,64}/** mrw, /usr/lib64/vlc/ mrk, /usr/lib64/vlc/** mrk, /usr/share/**.dat r, /usr/share/alsa/ r, /usr/share/alsa/** r, /usr/share/cantarell-fonts/** r, /usr/share/fontconfig/** r, /usr/share/fonts-config/** r, /usr/share/fonts/ r, /usr/share/fonts/** r, /usr/share/plasma/ r, /usr/share/plasma/** r, /usr/share/ghostscript/fonts/ r, /usr/share/color-schemes/ r, /usr/share/color-schemes/** r, /usr/share/icons/** rk, /usr/share/stix-fonts/ r, /usr/share/stix-fonts/** r, /usr/share/kde4/config/kdebug.areas r, /usr/share/kde4/config/kdebugrc r, /usr/share/kde4/config/kshorturifilterrc r, /usr/share/libtranslate/services.xml r, /usr/share/nvidia/** r, /var/cache/fontconfig/** rw, /var/cache/libx11/compose/* r, /var/lib/samba/gencache.tdb w, owner /run/user/*/pulse/ rw, owner /run/user/*/pulse/** rwk, owner /var/tmp/** wlk, owner /tmp/ rwm, owner /tmp/** rwm, /var/tmp/** r, /var/tmp/kdecache-*/icon-cache.kcache rw, }