vilyaem/vkdot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
vkdot/badwolf/usr.bin.badwolf
Vilyaem 7be70802f6 First.
2025-03-02 03:05:35 -05:00

81 lines
2 KiB
Text
Executable file
Raw Permalink Blame History

# BadWolf: Minimalist and privacy-oriented WebKitGTK+ browser
# Copyright © 2019-2021 Badwolf Authors <https://hacktivis.me/projects/badwolf>
# SPDX-License-Identifier: BSD-3-Clause
#
# Made on Gentoo Linux with PREFIX=/usr
#include <tunables/global>
/usr/bin/badwolf {
#include <abstractions/enchant>
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/uim>
#include <abstractions/private-files-strict>
/usr/bin/badwolf mr,
/usr/bin/bwrap Cx,
/usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess Cx,
/usr/libexec/webkit2gtk-4.0/WebKitWebProcess Cx,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
owner @{HOME}/.local/share/badwolf/ r,
owner @{HOME}/.local/share/badwolf/** r,
deny @{HOME}/.local/share/webkitgtk/** rwmlk,
/ r,
/** r,
#include <local/usr.bin.badwolf>
profile /usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/private-files-strict>
network inet stream,
network inet6 stream,
/usr/libexec/webkit2gtk-4.0/WebKitNetworkProcess mr,
/** r,
owner /** w,
}
profile /usr/libexec/webkit2gtk-4.0/WebKitWebProcess {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/gnome>
#include <abstractions/gstreamer>
#include <abstractions/audio>
#include <abstractions/mesa>
#include <abstractions/dri-common>
#include <abstractions/dri-enumerate>
/usr/libexec/webkit2gtk-4.0/WebKitWebProcess mr,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
/etc/passwd r,
/etc/group r,
/etc/nsswitch.conf r,
/dev/ r,
owner @{HOME}/.local/share/badwolf/webkit-web-extension/ r,
owner @{HOME}/.local/share/badwolf/webkit-web-extension/** mr,
}
profile /usr/bin/bwrap {
#include <abstractions/base>
deny capability sys_admin,
/usr/bin/bwrap mr,
@{PROC}/sys/kernel/overflowuid r,
@{PROC}/sys/kernel/overflowgid r,
owner @{PROC}/@{pid}/fd/ r,
}
}
Reference in a new issue View git blame Copy permalink