# Bodhi.Zazen's current bfilter profile
# Please note this is for :
# Ubuntu 9.10

#include <tunables/global>

/usr/bin/bfilter {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability setgid,
  capability setuid,
  capability sys_nice,

  #include <abstractions/private-files>
  audit deny @{HOME}/.ssh/** mrwkl,

  deny @{HOME}/.bash* rw,
  deny @{HOME}/.ssh/* rw,
  deny @{HOME}/.zshrc rw,
  deny @{PROC}/ r,
  deny @{PROC}/* r,

  /bin/ls ixr,
  /bin/pwd ixr,
  /bin/sed ixr,
  /bin/which ixr,
  /bin/uname ixr,
  /etc/bfilter/** r,
  /sys/devices/system/cpu/ r,
  /usr/bin/basename ixr,
  /usr/bin/bfilter ixr,
  /usr/bin/dirname ixr,
  /usr/bin/expr ixr,
  /usr/lib/bfilter/bfilter ixr,
  /usr/lib/xulrunner-1.9.0.14/run-mozilla.sh ixr,
  /usr/lib/xulrunner-1.9.0.14/xulrunner ixr,
  /usr/lib/xulrunner-1.9.0.14/xulrunner-bin ixr,
  owner /var/run/bfilter.pid rwk,
  /var/run/bfilter.pid rw,
  /tmp/bfilter/ rw,
  /tmp/bfilter/** rw,

 }