# Rules for denying some things allowed in other abstractions
# Homepage: https://github.com/krathalan/apparmor-profiles
# Copyright 2019 (C) krathalan; Licensed under GPLv3

  # General
  deny ptrace (readby),
  deny ptrace (tracedby),
  deny unix (create),
  deny unix (receive) peer=(label=unconfined),

  # Deny executable mapping in writable space as allowed in abstractions/fonts
  deny @{HOME}/.{,cache/}fontconfig/ rw,
  deny @{HOME}/.{,cache/}fontconfig/** mrwl,

  # Deny executable mapping in writable space as allowed in abstractions/base for ecryptfs
  deny @{HOME}/.Private/** mrxwlk,
  deny @{HOMEDIRS}/.ecryptfs/*/.Private/** mrxwlk,
