#include <tunables/global> /opt/sublime_text*/sublime_text { #include <abstractions/base> #include <abstractions/X> #include <abstractions/ibus> #include <abstractions/dbus> #include <abstractions/dbus-session> #include <abstractions/dbus-accessibility> #include <abstractions/dbus-session-strict> #include <abstractions/gnome> /usr/share/mate/applications/** r, /usr/bin/caja rwix, /usr/share/glib-*/schemas/** r, /dev/null r, /{dev,run}/{,shm/}** rwmkl, /opt/sublime_text/ rwixmkl, /opt/sublime_text/** rwixmkl, owner @{HOME}/.config/sublime-text/ rwmkl, owner @{HOME}/.config/sublime-text/** rwmkl, owner @{HOME}/.cache/sublime-text/ rwmkl, owner @{HOME}/.cache/sublime-text/** rwmkl, owner @{HOME}/ rwmkl, owner @{HOME}/** rwmkl, owner /tmp/ rwmkl, owner /tmp/** rwmkl, deny network inet, deny network inet6, deny network raw, } /opt/sublime_text*/plugin_host { #include <abstractions/base> deny network inet, deny network inet6, deny network raw, }