OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/26/2025 10:13:33 PM	rwxr-xr-x
📄 X	1.72 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 apache2-common	849 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📁 apparmor_api	-	05/26/2025 10:13:33 PM	rwxr-xr-x
📄 aspell	308 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 audio	1.82 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 authentication	1.55 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 base	6.39 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 bash	1.48 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 consoles	798 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 cups-client	714 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dbus	593 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dbus-accessibility	630 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dbus-accessibility-strict	637 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dbus-session	638 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dbus-session-strict	919 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dbus-strict	677 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dconf	246 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dovecot-common	562 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dri-common	434 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 dri-enumerate	281 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 enchant	1.96 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 fcitx	456 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 fcitx-strict	712 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 fonts	2.04 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 freedesktop.org	1.26 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 gnome	3.54 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 gnupg	356 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ibus	1 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 kde	2.71 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 kde-globals-write	298 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 kde-icon-cache-write	138 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 kde-language-write	458 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 kerberosclient	1.14 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 ldapclient	754 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 libpam-systemd	659 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 likewise	489 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 mdns	457 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 mesa	577 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 mir	593 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 mozc	471 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 mysql	641 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 nameservice	4.96 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 nis	524 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 nvidia	649 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 opencl	269 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 opencl-common	404 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 opencl-intel	564 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 opencl-mesa	527 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 opencl-nvidia	785 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 opencl-pocl	2.75 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 openssl	470 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 orbit2	93 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 p11-kit	899 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 perl	872 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 php	1.02 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 php5	105 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 postfix-common	1.17 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 private-files	1.51 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 private-files-strict	1.02 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 python	1.5 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 qt5	762 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 qt5-compose-cache-write	278 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 qt5-settings-write	398 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 recent-documents-write	346 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ruby	906 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 samba	830 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 smbpass	476 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ssl_certs	1.26 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 ssl_keys	790 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 svn-repositories	1.61 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-bittorrent-clients	698 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-browsers	1.63 KB	03/06/2024 06:40:00 PM	rw-r--r--
📁 ubuntu-browsers.d	-	05/26/2025 10:13:33 PM	rwxr-xr-x
📄 ubuntu-console-browsers	611 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-console-email	601 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-email	977 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-feed-readers	339 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-gnome-terminal	182 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-helpers	3.32 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-konsole	343 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-media-players	2.18 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-unity7-base	2.39 KB	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-unity7-launcher	191 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-unity7-messaging	192 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 ubuntu-xterm	237 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 user-download	876 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 user-mail	837 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 user-manpages	889 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 user-tmp	654 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 user-write	864 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 video	127 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 vulkan	503 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 wayland	580 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 web-data	705 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 winbind	739 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 wutmp	585 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 xad	883 bytes	03/06/2024 06:40:00 PM	rw-r--r--
📄 xdg-desktop	673 bytes	03/06/2024 06:40:00 PM	rw-r--r--

Name

Size

Modified

Perms

📁 ..

05/26/2025 10:13:33 PM

rwxr-xr-x

📄 X

1.72 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 apache2-common

849 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📁 apparmor_api

05/26/2025 10:13:33 PM

rwxr-xr-x

📄 aspell

308 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 audio

1.82 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 authentication

1.55 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 base

6.39 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 bash

1.48 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 consoles

798 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 cups-client

714 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dbus

593 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dbus-accessibility

630 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dbus-accessibility-strict

637 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dbus-session

638 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dbus-session-strict

919 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dbus-strict

677 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dconf

246 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dovecot-common

562 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dri-common

434 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 dri-enumerate

281 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 enchant

1.96 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 fcitx

456 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 fcitx-strict

712 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 fonts

2.04 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 freedesktop.org

1.26 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 gnome

3.54 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 gnupg

356 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ibus

1 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 kde

2.71 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 kde-globals-write

298 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 kde-icon-cache-write

138 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 kde-language-write

458 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 kerberosclient

1.14 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 ldapclient

754 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 libpam-systemd

659 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 likewise

489 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 mdns

457 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 mesa

577 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 mir

593 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 mozc

471 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 mysql

641 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 nameservice

4.96 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 nis

524 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 nvidia

649 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 opencl

269 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 opencl-common

404 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 opencl-intel

564 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 opencl-mesa

527 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 opencl-nvidia

785 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 opencl-pocl

2.75 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 openssl

470 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 orbit2

93 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 p11-kit

899 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 perl

872 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 php

1.02 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 php5

105 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 postfix-common

1.17 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 private-files

1.51 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 private-files-strict

1.02 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 python

1.5 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 qt5

762 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 qt5-compose-cache-write

278 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 qt5-settings-write

398 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 recent-documents-write

346 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ruby

906 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 samba

830 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 smbpass

476 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ssl_certs

1.26 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 ssl_keys

790 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 svn-repositories

1.61 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-bittorrent-clients

698 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-browsers

1.63 KB

03/06/2024 06:40:00 PM

rw-r--r--

📁 ubuntu-browsers.d

05/26/2025 10:13:33 PM

rwxr-xr-x

📄 ubuntu-console-browsers

611 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-console-email

601 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-email

977 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-feed-readers

339 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-gnome-terminal

182 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-helpers

3.32 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-konsole

343 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-media-players

2.18 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-unity7-base

2.39 KB

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-unity7-launcher

191 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-unity7-messaging

192 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 ubuntu-xterm

237 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 user-download

876 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 user-mail

837 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 user-manpages

889 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 user-tmp

654 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 user-write

864 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 video

127 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 vulkan

503 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 wayland

580 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 web-data

705 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 winbind

739 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 wutmp

585 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 xad

883 bytes

03/06/2024 06:40:00 PM

rw-r--r--

📄 xdg-desktop

673 bytes

03/06/2024 06:40:00 PM

rw-r--r--

Editing: ubuntu-helpers

# Lenient profile that is intended to be used when 'Ux' is desired but
# does not provide enough environment sanitizing. This effectively is an
# open profile that blacklists certain known dangerous files and also
# does not allow any capabilities. For example, it will not allow 'm' on files
# owned be the user invoking the program. While this provides some additional
# protection, please use with care as applications running under this profile
# are effectively running without any AppArmor protection. Use this profile
# only if the process absolutely must be run (effectively) unconfined.
#
# Usage:
# Because this abstraction defines the sanitized_helper profile, it must only
# be #included once. Therefore this abstraction should typically not be
# included in other abstractions so as to avoid parser errors regarding
# multiple definitions.
#
# Limitations:
# 1. This does not work for root owned processes, because of the way we use
#    owner matching in the sanitized helper. We could do a better job with
#    this to support root, but it would make the policy harder to understand
#    and going unconfined as root is not desirable any way.
#
# 2. For this sanitized_helper to work, the program running in the sanitized
#    environment must open symlinks directly in order for AppArmor to mediate
#    it. This is confirmed to work with:
#     - compiled code which can load shared libraries
#     - python imports
#    It is known not to work with:
#     - perl includes
# 3. Sanitizing ruby and java
#
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.

profile sanitized_helper {
  #include <abstractions/base>
  #include <abstractions/X>

# Allow all networking
  network inet,
  network inet6,

# Allow all DBus communications
  #include <abstractions/dbus-session-strict>
  #include <abstractions/dbus-strict>
  dbus,

# Needed for Google Chrome
  ptrace (trace) peer=**//sanitized_helper,

# Allow exec of anything, but under this profile. Allow transition
  # to other profiles if they exist.
  /{usr/,usr/local/,}{bin,sbin}/* Pixr,

# Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
  /usr/{,local/}lib*/{,**/}* Pixr,

# Allow exec of software-center scripts. We may need to allow wider
  # permissions for /usr/share, but for now just do this. (LP: #972367)
  /usr/share/software-center/* Pixr,

# Allow exec of texlive font build scripts (LP: #1010909)
  /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,

# While the chromium and chrome sandboxes are setuid root, they only link
  # in limited libraries so glibc's secure execution should be enough to not
  # require the santized_helper (ie, LD_PRELOAD will only use standard system
  # paths (man ld.so)).
  /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
  /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
  /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
  /opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m,

# Full access
  / r,
  /** rwkl,
  /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,

# Dangerous files
  audit deny owner /**/* m,              # compiled libraries
  audit deny owner /**/*.py* r,          # python imports
}