Ubuntu 12.04 Skype apparmor profile

I’ve had to improve apparmor profile for Skype because there were some issues and Skype didn’t want to turn on. So if you’ll compare old and new profile you’ll see that I’ve added only few lines only allowing reading few configuration files. Also I have to say that in 64 bit Ubuntu there were no issues. Problem was in 32 bit Ubuntu. But now everything works fine again. I hope this will be helpful for you.

#include <tunables/global>

/usr/bin/skype {

    #include <abstractions/base>
    #include <abstractions/user-tmp>
    #include <abstractions/audio>
    #include <abstractions/nameservice>
    #include <abstractions/ssl_certs>
    #include <abstractions/fonts>
    #include <abstractions/X>
    #include <abstractions/freedesktop.org>
    #include <abstractions/kde>

    /usr/bin/skype mr,
    /opt/skype/skype pix,
    /opt/skype/** kmr,
    /usr/share/fonts/X11/** m,

    @{PROC}/*/net/arp r,
    @{PROC}/sys/kernel/ostype r,
    @{PROC}/sys/kernel/osrelease r,

    /dev/ r,
    /dev/tty rw,
        /dev/snd/* mrw,
        /dev/shm/ r,
        /dev/shm/pulse-shm-* mrw,
    /etc/pulse/client.conf r,
    /dev/pts/* rw,
    /dev/video* mrw,

    /etc/xdg/Trolltech.conf rk,
    /usr/share/locale-langpack/* mr,
    /usr/share/glib-2.0/schemas/gschemas.compiled rm,
    /sys/devices/system/cpu/cpu0/cpufreq/* r,

    @{HOME}/.Skype/ rw,
    @{HOME}/.Skype/** krw,
    /usr/share/skype/** kmr,
    /usr/share/skype/sounds/*.wav kr,

    deny @{HOME}/.mozilla/ r, # no idea what it needs there
    deny @{PROC}/[0-9]*/fd/ r,
    deny @{PROC}/[0-9]*/task/ r,
    deny @{PROC}/[0-9]*/task/** r,

}

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s