k2ll33d

K2LL33D SHELL

Apache/2.4.7 (Ubuntu)
Linux sman1baleendah 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64
uid=33(www-data) gid=33(www-data) groups=33(www-data)
safemode : OFF
MySQL: ON | Perl: ON | cURL: OFF | WGet: ON
> / etc / apparmor.d / abstractions / ubuntu-browsers.d /

server ip : 104.21.89.46

your ip : 172.69.59.113

H O M E

Filename	/etc/apparmor.d/abstractions/ubuntu-browsers.d/java
Size	3.41 kb
Permission	rw-r--r--
Owner	root : root
Create time	27-Apr-2025 09:56
Last modified	04-Apr-2014 14:27
Last accessed	05-Jul-2025 22:53
Actions	edit \| rename \| delete \| download (gzip)
View	text \| code \| image

# vim:syntax=apparmor

# Java plugin
owner @{HOME}/.java/deployment/deployment.properties k,
/etc/java-*/ r,
/etc/java-*/** r,
/usr/lib/jvm/java-{6,7}-openjdk*/jre/lib/*/IcedTeaPlugin.so mr,
/usr/lib/jvm/java-6-openjdk/jre/bin/java cx -> browser_openjdk,
/usr/lib/jvm/java-6-openjdk-{amd64,armel,armhf,i386,powerpc}/jre/bin/java cx -> browser_openjdk,
/usr/lib/jvm/java-7-openjdk/jre/bin/java cx -> browser_openjdk,
/usr/lib/jvm/java-7-openjdk-{amd64,armel,armhf,i386,powerpc}/jre/bin/java cx -> browser_openjdk,
/usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> browser_java,
/usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> browser_java,
/usr/lib/j2*-ibm/jre/bin/java cx -> browser_java,

# Profile for the supported OpenJDK in Ubuntu. This doesn't require the
# unfortunate workarounds of the proprietary Javas, so have a separate
# profile.
profile browser_openjdk {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/gnome>
#include <abstractions/kde>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/user-tmp>
#include <abstractions/private-files-strict>

network inet stream,
network inet6 stream,
@{PROC}/@{pid}/net/if_inet6 r,
@{PROC}/@{pid}/net/ipv6_route r,

/etc/java-*/ r,
/etc/java-*/** r,
/etc/lsb-release r,
/etc/ssl/certs/java/* r,
/etc/timezone r,
/etc/writable/timezone r,

@{PROC}/@{pid}/ r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/filesystems r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/** r,
/usr/share/** r,
/var/lib/dbus/machine-id r,

/usr/bin/env ix,
/usr/lib/jvm/java-{6,7}-openjdk*/jre/bin/java ix,
/usr/lib/jvm/java-{6,7}-openjdk*/jre/lib/i386/client/classes.jsa m,

# Why would java need this?
deny /usr/bin/gconftool-2 x,

owner @{HOME}/ r,
owner @{HOME}/** rwk,
}

# Profile for commercial Javas. These need workarounds to work right (eg
# Sun's forcing of an executable stack (LP: #535247)).
profile browser_java {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/gnome>
#include <abstractions/kde>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/user-tmp>
#include <abstractions/private-files-strict>

network inet stream,
network inet6 stream,
@{PROC}/@{pid}/net/if_inet6 r,
@{PROC}/@{pid}/net/ipv6_route r,
@{PROC}/loadavg r,

/etc/debian_version r,
/etc/java-*/ r,
/etc/java-*/** r,
/etc/lsb-release r,
/etc/ssl/certs/java/* r,
/etc/timezone r,
/etc/writable/timezone r,

@{PROC}/@{pid}/ r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/filesystems r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/** r,
/usr/share/** r,
/var/lib/dbus/machine-id r,

/usr/bin/env ix,
/usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} ix,
/usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m,
/usr/lib/j2*-ibm/jre/bin/java ix,

# noisy, can't write here anyway
deny /etc/.java/ w,
deny /etc/.java/** w,

deny /usr/bin/gconftool-2 x,

owner @{HOME}/ r,
owner @{HOME}/** rwk,

# These are seriously unfortunate, but required due to LP: #535247
/etc/passwd m,
owner @{HOME}/.java/**/cache/** m,
owner /tmp/** m,
/usr/lib{,32,64}/jvm/**/*.jar mr,
/usr/share/fonts/** m,
}