1 files changed, 46 insertions, 0 deletions

diff --git a/usr.share.discord.Discord b/usr.share.discord.Discord
new file mode 100644
index 0000000..0e9a5eb
--- /dev/null
+++ b/usr.share.discord.Discord
@@ -0,0 +1,46 @@
+#include <tunables/global>
+
+/usr/share/discord/Discord {
+#/usr/share/discord/Discord flags=(complain) {
+	#include <abstractions/X>
+	#include <abstractions/base>
+	#include <abstractions/fonts>
+	#include <abstractions/audio>
+	#include <abstractions/consoles>
+	#include <abstractions/mesa>
+	#include <abstractions/dbus-session>
+	#include <abstractions/nameservice>
+	#include <abstractions/freedesktop.org>
+
+	ptrace (trace,read) peer=/usr/share/discord/Discord,
+	ptrace (read) peer=/usr/games/steam,
+	deny ptrace (read) peer=/usr/lib/firefox/firefox,
+	deny ptrace (read) peer=unconfined,
+
+	/usr/share/discord/** rix,
+
+	owner @{HOME}/.config/discord/ rw,
+	owner @{HOME}/.config/discord/** rwkm,
+	owner @{HOME}/.pki/nssdb/{cert9.db,pkcs11.txt} r,
+
+	@{PROC}/ r,
+	@{PROC}/[0-9]*/cmdline r,
+	owner @{PROC}/[0-9]*/stat r,
+	owner @{PROC}/[0-9]*/statm r,
+	owner @{PROC}/[0-9]*/fd/ r,
+	owner @{PROC}/[0-9]*/task/ r,
+	owner @{PROC}/[0-9]*/clear_refs w,
+
+	@{sys}/bus/pci/devices/ r,
+	@{sys}/devices/** r,
+
+	/dev/ r,
+	/dev/video[0-9]* rw,
+
+	/tmp/ r,
+	/var/tmp/ r,
+	/tmp/.org.chromium.Chromium.*/ rw,
+	/tmp/.org.chromium.Chromium.*/** rw,
+	/dev/shm/.org.chromium.Chromium.* rw,
+}
+