I would like to contribute an AppArmor policy for amfora. I asked the
folks in #apparmor about this, and they recommended going to the Debian
bug tracker.
I tested amfora with the following policy, and all features appear to
work correctly.
----------------------------------------
#include <tunables/global>
# vim:syntax=apparmor
# AppArmor policy for amfora
/usr/bin/amfora {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/user-tmp>
/etc/mime.types r,
/etc/hosts r,
/etc/resolv.conf r,
/etc/nsswitch.conf r,
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
network tcp,
# Allow opening/saving geminitext files; amfora only opens files with
these extensions
/**.[gG][mM][iI] rw,
/**.[gG][eE][mM][iI][nN][iI] rw,
# Allow amfora to make these dirs, if they don't exist
owner @{HOME}/.cache/ w,
owner @{HOME}/.config/ w,
owner @{HOME}/.local/ w,
owner @{HOME}/.local/share/ w,
owner @{HOME}/.cache/amfora/ rw,
owner @{HOME}/.cache/amfora/** rw,
owner @{HOME}/.config/amfora/ rw,
owner @{HOME}/.config/amfora/** rw,
owner @{HOME}/.local/share/amfora/ rw,
owner @{HOME}/.local/share/amfora/** rw,
owner @{HOME}/.config/user-dirs.dirs r,
# Allows browsing/saving to a user-owned directory other than the
default Downloads directory. Supports removable media, etc. Restricting
it to only @{HOME}/Downloads/ would be more secure, but could cause
breakage.
owner /**/ rw,
# Allow amfora to open non-gemini URLs in other applications
/usr/bin/xdg-open Ux,
}