/etc/apparmor.d/usr.bin.totem is in apparmor-profiles-extra 1.19.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | # vim:syntax=apparmor
# Author: Jamie Strandboge <jamie@canonical.com>
#include <tunables/global>
/usr/bin/totem {
#include <abstractions/audio>
#include <abstractions/dconf>
#include <abstractions/ibus>
#include <abstractions/nvidia>
#include <abstractions/python>
#include <abstractions/totem>
signal (send) set=("kill") peer=unconfined,
# Maybe in an abstraction?
/usr/include/**/pyconfig.h r,
/usr/bin/totem r,
/usr/bin/totem-video-thumbnailer Pix,
/usr/bin/bwrap PUx,
/usr/lib/@{multiarch}/libtotem-plparser[0-9]*/totem-pl-parser/* ix,
/dev/sr* r,
# Quiet logs
deny /{usr/,}lib/@{multiarch}/totem/plugins/*/__pycache__/ w,
# Allow read and write on almost anything in @{HOME}. Lenient, but
# private-files-strict is in effect.
#include <abstractions/private-files-strict>
owner @{HOME}/[^.]* rw,
owner @{HOME}/[^.]*/** rw,
owner /{,var/}run/user/*/dconf/user w,
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
/sys/devices/pci[0-9]*/**/config r,
/sys/devices/pci[0-9]*/**/{,subsystem_}{device,vendor} r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.totem>
}
|