1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#include <tunables/global>
/usr/lib/firefox/firefox {
#include <abstractions/X>
#include <abstractions/audio>
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/dconf>
#include <abstractions/gnome>
#include <abstractions/consoles>
#include <abstractions/fonts>
#include <abstractions/nameservice>
#include <abstractions/freedesktop.org>
#include <abstractions/user-tmp>
/bin/dash ix,
/bin/readlink rix,
/bin/which rix,
/usr/bin/dirname ix,
/etc/firefox/ r,
/etc/firefox/** r,
/etc/mime.types r,
/etc/mailcap r,
/usr/share/xulrunner-*/** r,
/usr/share/firefox/** r,
/usr/share/mozilla/** r,
/usr/share/mime/ r,
/usr/share/doc/** r,
/usr/share/fontconfig/** r,
/usr/lib/firefox/firefox ix,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/sys/devices/system/cpu/present r,
/sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
owner @{PROC}/[0-9]*/{mountinfo,smaps,stat,statm} r,
/dev/ r,
/dev/dri/ r,
owner /{dev,run}/shm/org.chromium.* mrw,
owner /{dev,run}/shm/org.mozilla.ipc.* mrw,
owner @{HOME}/.mozilla/ w,
owner @{HOME}/.mozilla/firefox/ w,
owner @{HOME}/.mozilla/firefox/** rwk,
owner @{HOME}/.cache/mozilla/** rwk,
owner @{HOME}/.cache/dconf/user rw,
owner @{HOME}/.config/mimeapps.list.* w,
owner @{HOME}/Downloads/** rw,
}
|
