404

[ Avaa Bypassed ]




Upload:

Command:

botdev@18.189.6.59: ~ $
# Lenient profile that is intended to be used when 'Ux' is desired but
# does not provide enough environment sanitizing. This effectively is an
# open profile that blacklists certain known dangerous files and also
# does not allow any capabilities. For example, it will not allow 'm' on files
# owned be the user invoking the program. While this provides some additional
# protection, please use with care as applications running under this profile
# are effectively running without any AppArmor protection. Use this profile
# only if the process absolutely must be run (effectively) unconfined.
#
# Usage:
# Because this abstraction defines the sanitized_helper profile, it must only
# be #included once. Therefore this abstraction should typically not be
# included in other abstractions so as to avoid parser errors regarding
# multiple definitions.
#
# Limitations:
# 1. This does not work for root owned processes, because of the way we use
#    owner matching in the sanitized helper. We could do a better job with
#    this to support root, but it would make the policy harder to understand
#    and going unconfined as root is not desirable any way.
#
# 2. For this sanitized_helper to work, the program running in the sanitized
#    environment must open symlinks directly in order for AppArmor to mediate
#    it. This is confirmed to work with:
#     - compiled code which can load shared libraries
#     - python imports
#    It is known not to work with:
#     - perl includes
# 3. Sanitizing ruby and java
#
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.

profile sanitized_helper {
  #include <abstractions/base>
  #include <abstractions/X>

  # Allow all networking
  network inet,
  network inet6,

  # Allow all DBus communications
  #include <abstractions/dbus-session-strict>
  #include <abstractions/dbus-strict>
  dbus,

  # Needed for Google Chrome
  ptrace (trace) peer=**//sanitized_helper,

  # Allow exec of anything, but under this profile. Allow transition
  # to other profiles if they exist.
  /{usr/,}bin/* Pixr,
  /{usr/,}sbin/* Pixr,
  /usr/local/bin/* Pixr,

  # Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
  /usr/{,local/}lib*/{,**/}* Pixr,

  # Allow exec of software-center scripts. We may need to allow wider
  # permissions for /usr/share, but for now just do this. (LP: #972367)
  /usr/share/software-center/* Pixr,

  # Allow exec of texlive font build scripts (LP: #1010909)
  /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,

  # While the chromium and chrome sandboxes are setuid root, they only link
  # in limited libraries so glibc's secure execution should be enough to not
  # require the santized_helper (ie, LD_PRELOAD will only use standard system
  # paths (man ld.so)).
  /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
  /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m,

  # Full access
  / r,
  /** rwkl,
  /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,

  # Dangerous files
  audit deny owner /**/* m,              # compiled libraries
  audit deny owner /**/*.py* r,          # python imports
}

Filemanager

Name Type Size Permission Actions
apparmor_api Folder 0755
lxc Folder 0755
ubuntu-browsers.d Folder 0755
X File 1.86 KB 0644
apache2-common File 869 B 0644
aspell File 308 B 0644
audio File 1.72 KB 0644
authentication File 1.55 KB 0644
base File 6.21 KB 0644
bash File 1.48 KB 0644
consoles File 798 B 0644
cups-client File 714 B 0644
dbus File 593 B 0644
dbus-accessibility File 630 B 0644
dbus-accessibility-strict File 637 B 0644
dbus-session File 638 B 0644
dbus-session-strict File 919 B 0644
dbus-strict File 677 B 0644
dconf File 246 B 0644
dovecot-common File 572 B 0644
enchant File 1.96 KB 0644
fcitx File 456 B 0644
fcitx-strict File 712 B 0644
fonts File 1.93 KB 0644
freedesktop.org File 2.37 KB 0644
gnome File 3.3 KB 0644
gnupg File 356 B 0644
ibus File 640 B 0644
kde File 2.01 KB 0644
kerberosclient File 1.08 KB 0644
launchpad-integration File 824 B 0644
ldapclient File 686 B 0644
libpam-systemd File 659 B 0644
likewise File 489 B 0644
mdns File 436 B 0644
mir File 593 B 0644
mozc File 471 B 0644
mysql File 641 B 0644
nameservice File 3.75 KB 0644
nis File 524 B 0644
nvidia File 519 B 0644
openssl File 470 B 0644
orbit2 File 93 B 0644
p11-kit File 899 B 0644
perl File 872 B 0644
php File 974 B 0644
php5 File 105 B 0644
postfix-common File 1.08 KB 0644
private-files File 1.48 KB 0644
private-files-strict File 1006 B 0644
python File 1.5 KB 0644
ruby File 906 B 0644
samba File 834 B 0644
smbpass File 476 B 0644
ssl_certs File 924 B 0644
ssl_keys File 650 B 0644
svn-repositories File 1.61 KB 0644
tor File 547 B 0644
ubuntu-bittorrent-clients File 698 B 0644
ubuntu-browsers File 1.62 KB 0644
ubuntu-console-browsers File 611 B 0644
ubuntu-console-email File 601 B 0644
ubuntu-email File 902 B 0644
ubuntu-feed-readers File 339 B 0644
ubuntu-gnome-terminal File 182 B 0644
ubuntu-helpers File 3.35 KB 0644
ubuntu-konsole File 343 B 0644
ubuntu-media-players File 2.18 KB 0644
ubuntu-unity7-base File 2.39 KB 0644
ubuntu-unity7-launcher File 191 B 0644
ubuntu-unity7-messaging File 192 B 0644
ubuntu-xterm File 237 B 0644
user-download File 876 B 0644
user-mail File 837 B 0644
user-manpages File 889 B 0644
user-tmp File 654 B 0644
user-write File 864 B 0644
video File 123 B 0644
wayland File 580 B 0644
web-data File 705 B 0644
winbind File 739 B 0644
wutmp File 585 B 0644
xad File 883 B 0644
xdg-desktop File 673 B 0644