# Last Modified: Wed Aug 27 17:34:39 2014
# vim:syntax=apparmor
#include <tunables/global>

/usr/lib64/thunderbird/thunderbird.sh {
  #include <abstractions/X>
  #include <abstractions/apache2-common>
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/kde>
  #include <abstractions/user-download>
  #include <abstractions/audio>


  capability sys_module,


  /proc/modules r,

  /bin/bash rix,
  /bin/dbus* rix,
  /usr/bin/dbus* rix,
  /dev/nvidia* rw,
  /dev/shm/ r,
  /dev/shm/pulse-shm-* rw,
  /dev/tty rw,
  /etc/kde*/share/config/oxygenrc r,
  /etc/modprobe.d/* r,
  /etc/fonts/** r,
  /etc/gtk-2.0/gtkrc r,
  /etc/kde*/share/config/kdebugrc r,
  /etc/kde*/share/config/kdeglobals r,
  /etc/kde*/share/config/kioslaverc r,
  /etc/kde*rc r,
  /etc/ld.so.preload r,
  /etc/machine-id r,
  /etc/magic r,
  /etc/mailcap r,
  /etc/mime.types r,
  /etc/modprobe.d/ r,
  /etc/gnome*/ r,
  /etc/gnome*/** r,
  /etc/pulse/client.conf r,
  /home/*/.kde*/share/config/oxygenrc r,
  owner  /home/*/* r,
  owner  /home/*/ r,
  /home/*/download/ rw,
  /home/*/download/** rw,
  /home/*/Downloads/ rw,
  /home/*/Downloads/** rw,
  deny /home/*/.mozilla/firefox r,
  /home/*/.config/kde.org/libphonon.conf r,
  /home/*/.Xauthority r,
  /home/*/.cache/fontconfig/** r,
  owner  /home/*/.cache/thunderbird/** rw,
  /home/*/.config/gtk* r,
  /home/*/.config/**/gtk** r,
  /home/*/.config/fontconfig/fonts.conf r,
  /home/*/.config/pulse/cookie rk,
  /home/*/.config/qtcurve/* w,
  /home/*/.config/qtcurve/gtk-icons r,
  /home/*/.config/qtcurve/stylerc r,
  /home/*/.fonts/ r,
  /home/*/.gtkrc-2.0/ r,
  /home/*/.gtkrc* r,
  /home/*/.icons/** r,
  /home/*/.kde*/share/config/gtkrc-2.0 r,
  /home/*/.kde*/share/config/*rc r,
  owner /home/*/.kde*/share/config/kdeglobals* rwk,
  /home/*/.kde*/share/config/kioslaverc r,
  /home/*/.kde*/share/config/kmozillahelperrc r,
  /home/*/.kde*/share/config/kwinrc r,
  /home/*/.local/share/icons/** r,
  owner /home/*/.local/share/user-places* rwk,
  owner /home/*/.local/share/mime/mime.cache rwk,
  owner /home/*/.local/share/applications/kde4/ rwk,
  owner /home/*/.local/share/applications/kde4/** rwk,
  /home/*/.mozilla/extensions/** r,
  /home/*/.mozilla/plugins/ r,
  /home/*/.nv/ rwk,
  /home/*/.nv/GLCache/ r,
  /home/*/.nv/GLCache/** rwk,
  owner  /home/*/.thunderbird/ r,
  owner  /home/*/.thunderbird/** mrwk,
  owner  /home/*/Public/ r,
  owner  /home/*/Public/** rw,
  /opt/kde3/share/fonts/ r,
  /opt/lib/lib*so* mr,
   /proc/cmdline r,
   /proc/**/maps r,
   /proc/**/status r,
   /proc/**/task r,
   /proc/*/mountinfo r,
   /proc/*/stat r,
   /proc/*/task/*/stat r,
   /proc/*/task/*/stat r,
   /proc/*/task/*/stat r,
   /proc/@{pid}/cmdline r,
   /proc/driver/nvidia/params r,
   /proc/filesystems r,
   /proc/meminfo r,
   /proc/sys/kernel/modprobe r,
  #/sbin/modprobe rix,
  /sys/devices/system/cpu/present r,
  /sys/module/drm/initstate r,
  /sys/module/nvidia/ r,
  /sys/module/nvidia/** r,
  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/** r,
  /sys/bus/cpu/ r,
  /sys/bus/cpu/** r,
  owner /tmp/** rwlk,
  owner  /tmp/** m,
  /usr/bin/basename rix,
  /usr/bin/expr rix,
  /usr/bin/file rix,
  /usr/bin/gpg-connect-agent rix,
  /usr/bin/gpg2 Px,   
  /usr/bin/grep rix,
  /usr/bin/kde*-config rix,
  /usr/bin/kdeinit* rix,
  /usr/bin/nvidia-modprobe rix,
  /usr/bin/readlink rix,
  /usr/lib/mozilla/kmozillahelper rix,
  /usr/lib64/thunderbird/thunderbird-bin rix,
  /usr/lib64/thunderbird/crashreporter rix,
  /usr/lib{,32,64}/** mr,
  /usr/share/cantarell-fonts/**/*.conf r,
  /usr/share/fontconfig/conf.avail/* r,
  /usr/share/fonts-config/** r,
  /usr/share/fonts/ r,
  /usr/share/fonts/** r,
  /usr/share/stix-fonts/ r,
  /usr/share/stix-fonts/** r,
  /usr/share/ghostscript/fonts/ r,
  /usr/share/icons/ r,
  /usr/share/icons/** r,
  /usr/share/icu/*/*.dat r,
  /usr/share/kde*/config/*.areas r,
  /usr/share/kde*/config/*rc r,
  /usr/share/locale-bundle/**/**/*.mo r,
  /usr/share/mime/ r,
  /usr/share/mime/mime.cache r,
  /usr/share/misc/magic.mgc r,
  /usr/share/hunspell/ r,
  /usr/share/hunspell/** r,
  /usr/share/myspell/ r,
  /usr/share/myspell/** r,
  /usr/share/nvidia/* r,
  /usr/share/pixmaps/ r,
  /usr/share/sounds/** r,
  /usr/share/themes/** r,
  /var/cache/fontconfig/* r,
  /var/cache/gio-2.0/gnome-defaults.list r,
  /var/run/nscd/* r,
  owner /run/user/*/ksocket*/*mozilla* rwk,
  owner /run/user/*/ksocket*/* rwk,


}