Private
Server IP : 195.201.23.43  /  Your IP : 18.217.217.234
Web Server : Apache
System : Linux webserver2.vercom.be 5.4.0-192-generic #212-Ubuntu SMP Fri Jul 5 09:47:39 UTC 2024 x86_64
User : kdecoratie ( 1041)
PHP Version : 7.1.33-63+ubuntu20.04.1+deb.sury.org+1
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /etc/apparmor.d/abstractions/ubuntu-browsers.d/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /etc/apparmor.d/abstractions/ubuntu-browsers.d/java
# vim:syntax=apparmor

  # Java plugin
  owner @{HOME}/.java/deployment/deployment.properties k,
  /etc/java-*/ r,
  /etc/java-*/** r,
  /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}lib/*/IcedTeaPlugin.so mr,
  /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}lib/*/IcedTeaPlugin.so mr,
  /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}bin/java cx -> browser_openjdk,
  /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}bin/java cx -> browser_openjdk,
  /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> browser_java,
  /usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> browser_java,
  /usr/lib/j2*-ibm/jre/bin/java cx -> browser_java,
  owner /{,var/}run/user/*/icedteaplugin-*/   rw,
  owner /{,var/}run/user/*/icedteaplugin-*/** rwk,

  # Profile for the supported OpenJDK in Ubuntu. This doesn't require the
  # unfortunate workarounds of the proprietary Javas, so have a separate
  # profile.
  profile browser_openjdk {
    #include <abstractions/base>
    #include <abstractions/fonts>
    #include <abstractions/gnome>
    #include <abstractions/kde>
    #include <abstractions/nameservice>
    #include <abstractions/ssl_certs>
    #include <abstractions/user-tmp>
    #include <abstractions/private-files-strict>

    network inet stream,
    network inet6 stream,
    @{PROC}/@{pid}/net/if_inet6 r,
    @{PROC}/@{pid}/net/ipv6_route r,

    /etc/java-*/ r,
    /etc/java-*/** r,
    /etc/lsb-release r,
    /etc/ssl/certs/java/* r,
    /etc/timezone r,
    /etc/writable/timezone r,

    @{PROC}/@{pid}/ r,
    @{PROC}/@{pid}/fd/ r,
    @{PROC}/filesystems r,
    @{sys}/devices/system/cpu/ r,
    @{sys}/devices/system/cpu/** r,
    /usr/share/** r,
    /var/lib/dbus/machine-id r,

    /usr/bin/env ix,
    /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}bin/java ix,
    /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}bin/java ix,
    /usr/lib/jvm/java-{6,7}-openjdk*/jre/lib/i386/client/classes.jsa m,

    # Why would java need this?
    deny /usr/bin/gconftool-2 x,

    owner /{,var/}run/user/[0-9]*/icedteaplugin-*-*/[0-9]*-icedteanp-appletviewer-to-plugin rw,
    owner /{,var/}run/user/[0-9]*/icedteaplugin-*-*/[0-9]*-icedteanp-plugin-{,debug-}to-appletviewer r,
    owner @{HOME}/ r,
    owner @{HOME}/** rwk,
  }

  # Profile for commercial Javas. These need workarounds to work right (eg
  # Sun's forcing of an executable stack (LP: #535247)).
  profile browser_java {
    #include <abstractions/base>
    #include <abstractions/fonts>
    #include <abstractions/gnome>
    #include <abstractions/kde>
    #include <abstractions/nameservice>
    #include <abstractions/ssl_certs>
    #include <abstractions/user-tmp>
    #include <abstractions/private-files-strict>

    network inet stream,
    network inet6 stream,
    @{PROC}/@{pid}/net/if_inet6 r,
    @{PROC}/@{pid}/net/ipv6_route r,
    @{PROC}/loadavg r,

    /etc/debian_version r,
    /etc/java-*/ r,
    /etc/java-*/** r,
    /etc/lsb-release r,
    /etc/ssl/certs/java/* r,
    /etc/timezone r,
    /etc/writable/timezone r,

    @{PROC}/@{pid}/ r,
    @{PROC}/@{pid}/fd/ r,
    @{PROC}/filesystems r,
    @{sys}/devices/system/cpu/ r,
    @{sys}/devices/system/cpu/** r,
    /usr/share/** r,
    /var/lib/dbus/machine-id r,

    /usr/bin/env ix,
    /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} ix,
    /usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m,
    /usr/lib/j2*-ibm/jre/bin/java ix,

    # noisy, can't write here anyway
    deny /etc/.java/ w,
    deny /etc/.java/** w,

    deny /usr/bin/gconftool-2 x,

    owner @{HOME}/ r,
    owner @{HOME}/** rwk,

    # These are seriously unfortunate, but required due to LP: #535247
    /etc/passwd m,
    owner @{HOME}/.java/**/cache/** m,
    owner /tmp/** m,
    /usr/lib{,32,64}/jvm/**/*.jar mr,
    /usr/share/fonts/** m,
  }
Private