# vim: sw=2 sts=2 ts=2 expandtab: # Last Modified: Thu Mar 12 19:11:52 2020 #include /home/bea/textfuckery/main.py { #include #include #include #include #include deny /bin/dash x, deny /dev/ptmx rw, deny /sbin/ldconfig x, deny /usr/bin/x86_64-linux-gnu-gcc-7 x, deny /usr/bin/x86_64-linux-gnu-ld.bfd x, deny owner /dev/pts/* rw, deny /etc/passwd r, signal (send) set=(kill), /lib/x86_64-linux-gnu/ld-*.so mr, /run/systemd/notify w, /usr/bin/ffmpeg mrCx -> ffmpeg, /bin/cp mrix, /usr/bin/env ix, /usr/bin/convert* Cx -> convert, /usr/bin/composite* Cx -> convert, /usr/bin/identify* Cx -> convert, /usr/bin/units mrix, /usr/share/units/** r, /var/lib/units/** r, /usr/bin/python3 r, /usr/bin/ghci-8.6.5 mrCx -> ghci, /usr/bin/python3.8 mrix, /usr/local/lib/python3.8/** mr, owner /home/bea/.local/lib/python3.8/site-packages/ r, owner /home/bea/.local/lib/python3.8/site-packages/** mr, owner /home/bea/textfuckery/ r, /home/bea/textfuckery/interpreter.py rCx -> interpreter_sandbox, owner /home/bea/textfuckery/** mrix, owner /home/bea/textfuckery/*.png rw, owner /home/bea/textfuckery/*.jpg rw, owner /home/bea/textfuckery/*.log rw, owner /home/bea/textfuckery/*.webp rw, owner /home/bea/textfuckery/*.mp4 rw, owner /home/bea/textfuckery/audio_input.audio rw, owner /home/bea/textfuckery/config.yaml rw, owner /home/bea/textfuckery/bea.db krw, owner /home/bea/textfuckery/prevalence.db krw, owner /home/bea/textfuckery/*.opus rw, owner /home/bea/textfuckery/speechrec/** rw, /home/bea/textfuckery/bea.db* krw, /opt/muziekbeen/data/ r, /opt/muziekbeen/data/** rw, owner /proc/*/fd/ r, owner /proc/*/mounts r, owner /proc/*/status r, owner /proc/*/attr/current r, /etc/mime.types r, profile interpreter_sandbox { #include #include signal (receive) set=(kill), owner /proc/*/fd/ r, owner /proc/*/mounts r, owner /proc/*/status r, /lib/x86_64-linux-gnu/ld-*.so mr, /run/systemd/notify w, /usr/bin/env ix, /usr/bin/python3 r, /usr/bin/python3.8 mrix, /home/bea/textfuckery/interpreter.py mrix, /usr/local/lib/python3.8/** mr, owner /home/bea/.local/lib/python3.8/site-packages/ r, owner /home/bea/.local/lib/python3.8/site-packages/** mr, owner /proc/*/attr/current r, } profile ffmpeg { #include /usr/bin/ffmpeg mrix, owner /home/bea/textfuckery/audio_input.audio rw, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/** r, owner /home/bea/textfuckery/*.opus rw, owner /home/bea/textfuckery/speechrec/** rw, } profile ghci { #include #include signal (receive) set=(kill), /bin/dash mrix, /usr/bin/x86_64-linux-gnu-gcc* mrix, /usr/bin/ghc-8.6.5 mrix, /usr/lib/ghc/bin/ghc mrix, /var/lib/ghc/** r, owner /proc/*/mounts r, owner /proc/*/status r, owner /proc/*/task/** rw, /sys/devices/system/cpu/online r, /usr/bin/ghci-8.6.5 r, owner /home/bea/textfuckery/** r, } profile convert { #include # for some reason it wants to mmap itself? wacky but ok /tmp/magick-* rw, /usr/bin/convert* mr, /usr/bin/composite* mr, /usr/bin/identify* mr, /usr/bin/dwebp rwix, /usr/lib/x86_64-linux-gnu/ImageMagick*/** mr, /etc/ImageMagick-*/* r, owner /home/bea/textfuckery/*.jpg rw, owner /home/bea/textfuckery/*.png rw, owner /home/bea/textfuckery/*.webp rw, /usr/local/share/fonts/** r, /usr/share/fontconfig/** r, /usr/share/poppler/** r, /usr/share/javascript/mathjax/fonts/** r, /usr/share/fonts/** r, /etc/fonts/** r, /var/cache/fontconfig/** r, /usr/share/fonts/ r, /usr/local/share/fonts/ r, /usr/share/ImageMagick-*/** r, } }