Opera browser Apparmor profile for Ubuntu 22.04

Victor M

Level 12
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
572
Here is the Opera browser's apparmor profile. Just save it with the given file name, and place it into /etc/apparmor.d/ directory. Then reboot.

Apparmor provides a mandatory access control system for Ubuntu; it is built-in. It CONFINES individual programs to a specific set of files and capabilities, proactively protecting the operating system and applications. But Ubuntu does not offer pre-built profile files for user programs, you have to craft your own.

File name: usr.lib.x86_64-linux-gnu.opera.opera

Note: I assume you are the first and only user on the Ubuntu system, therefore the user specific stuff is hard coded as user 1000.

Note: I ban access to the Documents folder, because that's stuff you created, and can contain secret/private stuff. Therefore it should be protected. I allow access to the Downloads folder because you have to save downloaded stuff. If you need to upload a document, you have to copy it to the Downloads folder, and delete it afterwards.
------------------------------------------------------------------------------------< profile begin>--------------------------------------------------------------------------------------------------------------------------
#include <tunables/global>

profile /usr/lib/x86_64-linux-gnu/opera/opera {


capability sys_admin ,
capability sys_ptrace,
network ,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
network inet seqpacket,
network inet6 seqpacket,
capability sys_chroot,




#include <abstractions/fonts>

#include <abstractions/gnome>


#include <abstractions/dbus>
#include <abstractions/dbus-accessibility>
#include <abstractions/dbus-session>




/usr/lib/x86_64-linux-gnu/opera/** mkrix,




dbus,



/proc/ r,
/proc/[0-9]*/cmdline r,
/proc/[0-9]*/fd/ r,
/proc/[0-9]*/stat r,
/proc/[0-9]*/statm r,
/proc/[0-9]*/status r,
/proc/[0-9]*/oom_score_adj rw,
/proc/[0-9]*/setgroups rw,
/proc/[0-9]*/gid_map rw,
/proc/[0-9]*/uid_map rw,
/proc/[0-9]*/task/** rw,

/proc/cpuinfo r,
/proc/filesystems r,
/proc/stat r,

/proc/self/stat r,
/proc/self/exe r,
/proc/self/cmdline r,
/proc/sys/fs/inotify/max_user_watches r,
/proc/sys/kernel/yama/ptrace_scope r,


/etc/udev/udev.conf r,
/etc/localtime r,
/etc/machine-id r,
/etc/os-release r,
/etc/fonts/** r,
/etc/gtk-3.0/settings.ini r,
/etc/opt/chrome/** r,
/etc/gcrypt/hwf.deny r,
/etc/gcrypt/random.conf r,


/dev/shm/.org.chromium.Chromium.** rw,
/dev/urandom r,
/etc/dconf/profile/user r,
/etc/gcrypt/hwf.deny r,
/etc/gcrypt/random.conf r,
/etc/gtk-3.0/settings.ini r,
# /etc/ld.so.cache mr,
# /etc/ld.so.preload r,
/etc/localtime r,
/etc/os-release r,

@{HOME}/.config/dconf/user r,
@{HOME}/.config/opera/** mkrwix,
@{HOME}/.config/user-dirs.dirs r,

@{HOME}/.local/share/glib-2.0/schemas/gschemas.compiled r,
@{HOME}/.local/share/mime/mime.cache r,
@{HOME}/.Xdefaults-zzz-Latitude-3540 r,
/lib/glibc-hwcaps/x86-64-v2/libgail.so mr,
/lib/glibc-hwcaps/x86-64-v3/libgail.so mr,
/lib/haswell/libgail.so mr,
/lib/haswell/x86_64/libgail.so mr,
/lib/libatk-bridge.so mr,
/lib/libgail.so mr,
/lib/tls/haswell/libgail.so mr,
/lib/tls/haswell/x86_64/libgail.so mr,
/lib/tls/libgail.so mr,
/lib/tls/x86_64/libgail.so mr,
/lib/x86_64/libgail.so mr,
/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libgail.so mr,
/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libgail.so mr,
/lib/x86_64-linux-gnu/haswell/libgail.so mr,
/lib/x86_64-linux-gnu/haswell/x86_64/libgail.so mr,
/lib/x86_64-linux-gnu/libasound.so.2 mr,
/lib/x86_64-linux-gnu/libatk-1.0.so.0 mr,
/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 mr,
/lib/x86_64-linux-gnu/libatk-bridge.so mr,
/lib/x86_64-linux-gnu/libatspi.so.0 mr,
/lib/x86_64-linux-gnu/libavahi-client.so.3 mr,
/lib/x86_64-linux-gnu/libavahi-common.so.3 mr,
/lib/x86_64-linux-gnu/libblkid.so.1 mr,
/lib/x86_64-linux-gnu/libbrotlicommon.so.1 mr,
/lib/x86_64-linux-gnu/libbrotlidec.so.1 mr,
/lib/x86_64-linux-gnu/libbsd.so.0 mr,
/lib/x86_64-linux-gnu/libcairo-gobject.so.2 mr,
/lib/x86_64-linux-gnu/libcairo.so.2 mr,
/lib/x86_64-linux-gnu/libcanberra-gtk3.so.0 mr,
/lib/x86_64-linux-gnu/libcanberra.so.0 mr,
/lib/x86_64-linux-gnu/libcap.so.2 mr,
/lib/x86_64-linux-gnu/libcom_err.so.2 mr,
/lib/x86_64-linux-gnu/libc.so.6 mr,
/lib/x86_64-linux-gnu/libcups.so.2 mr,
/lib/x86_64-linux-gnu/libdatrie.so.1 mr,
/lib/x86_64-linux-gnu/libdbus-1.so.3 mr,
/lib/x86_64-linux-gnu/libdl.so.2 mr,
/lib/x86_64-linux-gnu/libdrm.so.2 mr,
/lib/x86_64-linux-gnu/libepoxy.so.0 mr,
/lib/x86_64-linux-gnu/libexpat.so.1 mr,
/lib/x86_64-linux-gnu/libffi.so.8 mr,
/lib/x86_64-linux-gnu/libfontconfig.so.1 mr,
/lib/x86_64-linux-gnu/libfreetype.so.6 mr,
/lib/x86_64-linux-gnu/libfribidi.so.0 mr,
/lib/x86_64-linux-gnu/libgail.so mr,
/lib/x86_64-linux-gnu/libgbm.so.1 mr,
/lib/x86_64-linux-gnu/libgcc_s.so.1 mr,
/lib/x86_64-linux-gnu/libgcrypt.so.20 mr,
/lib/x86_64-linux-gnu/libgdk-3.so.0 mr,
/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 mr,
/lib/x86_64-linux-gnu/libgio-2.0.so.0 mr,
/lib/x86_64-linux-gnu/libglib-2.0.so.0 mr,
/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 mr,
/lib/x86_64-linux-gnu/libgmp.so.10 mr,
/lib/x86_64-linux-gnu/libgnutls.so.30 mr,
/lib/x86_64-linux-gnu/libgobject-2.0.so.0 mr,
/lib/x86_64-linux-gnu/libgpg-error.so.0 mr,
/lib/x86_64-linux-gnu/libgraphite2.so.3 mr,
/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 mr,
/lib/x86_64-linux-gnu/libgtk-3.so.0 mr,
/lib/x86_64-linux-gnu/libharfbuzz.so.0 mr,
/lib/x86_64-linux-gnu/libhogweed.so.6 mr,
/lib/x86_64-linux-gnu/libidn2.so.0 mr,
/lib/x86_64-linux-gnu/libjpeg.so.8 mr,
/lib/x86_64-linux-gnu/libk5crypto.so.3 mr,
/lib/x86_64-linux-gnu/libkeyutils.so.1 mr,
/lib/x86_64-linux-gnu/libkrb5.so.3 mr,
/lib/x86_64-linux-gnu/libkrb5support.so.0 mr,
/lib/x86_64-linux-gnu/libltdl.so.7 mr,
/lib/x86_64-linux-gnu/liblz4.so.1 mr,
/lib/x86_64-linux-gnu/liblzma.so.5 mr,
/lib/x86_64-linux-gnu/libmd.so.0 mr,
/lib/x86_64-linux-gnu/libmount.so.1 mr,
/lib/x86_64-linux-gnu/libm.so.6 mr,
/lib/x86_64-linux-gnu/libnettle.so.8 mr,
/lib/x86_64-linux-gnu/libnspr4.so mr,
/lib/x86_64-linux-gnu/libnss3.so mr,
/lib/x86_64-linux-gnu/libnssutil3.so mr,
/lib/x86_64-linux-gnu/libogg.so.0 mr,
/lib/x86_64-linux-gnu/libp11-kit.so.0 mr,
/lib/x86_64-linux-gnu/libpango-1.0.so.0 mr,
/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 mr,
/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0 mr,
/lib/x86_64-linux-gnu/libpcre2-8.so.0 mr,
/lib/x86_64-linux-gnu/libpcre.so.3 mr,
/lib/x86_64-linux-gnu/libpixman-1.so.0 mr,
/lib/x86_64-linux-gnu/libplc4.so mr,
/lib/x86_64-linux-gnu/libplds4.so mr,
/lib/x86_64-linux-gnu/libpng16.so.16 mr,
/lib/x86_64-linux-gnu/libpthread.so.0 mr,
/lib/x86_64-linux-gnu/libresolv.so.2 mr,
/lib/x86_64-linux-gnu/libsecret-1.so.0 mr,
/lib/x86_64-linux-gnu/libselinux.so.1 mr,
/lib/x86_64-linux-gnu/libsmime3.so mr,
/lib/x86_64-linux-gnu/libsystemd.so.0 mr,
/lib/x86_64-linux-gnu/libtasn1.so.6 mr,
/lib/x86_64-linux-gnu/libtdb.so.1 mr,
/lib/x86_64-linux-gnu/libthai.so.0 mr,
/lib/x86_64-linux-gnu/libunistring.so.2 mr,
/lib/x86_64-linux-gnu/libuuid.so.1 mr,
/lib/x86_64-linux-gnu/libvorbisfile.so.3 mr,
/lib/x86_64-linux-gnu/libvorbis.so.0 mr,
/lib/x86_64-linux-gnu/libwayland-client.so.0 mr,
/lib/x86_64-linux-gnu/libwayland-cursor.so.0 mr,
/lib/x86_64-linux-gnu/libwayland-egl.so.1 mr,
/lib/x86_64-linux-gnu/libwayland-server.so.0 mr,
/lib/x86_64-linux-gnu/libX11.so.6 mr,
/lib/x86_64-linux-gnu/libX11-xcb.so.1 mr,
/lib/x86_64-linux-gnu/libXau.so.6 mr,
/lib/x86_64-linux-gnu/libxcb-randr.so.0 mr,
/lib/x86_64-linux-gnu/libxcb-render.so.0 mr,
/lib/x86_64-linux-gnu/libxcb-shm.so.0 mr,
/lib/x86_64-linux-gnu/libxcb.so.1 mr,
/lib/x86_64-linux-gnu/libXcomposite.so.1 mr,
/lib/x86_64-linux-gnu/libXcursor.so.1 mr,
/lib/x86_64-linux-gnu/libXdamage.so.1 mr,
/lib/x86_64-linux-gnu/libXdmcp.so.6 mr,
/lib/x86_64-linux-gnu/libXext.so.6 mr,
/lib/x86_64-linux-gnu/libXfixes.so.3 mr,
/lib/x86_64-linux-gnu/libXinerama.so.1 mr,
/lib/x86_64-linux-gnu/libXi.so.6 mr,
/lib/x86_64-linux-gnu/libxkbcommon.so.0 mr,
/lib/x86_64-linux-gnu/libXrandr.so.2 mr,
/lib/x86_64-linux-gnu/libXrender.so.1 mr,
/lib/x86_64-linux-gnu/libz.so.1 mr,
/lib/x86_64-linux-gnu/libzstd.so.1 mr,
/lib/x86_64-linux-gnu/tls/haswell/libgail.so mr,
/lib/x86_64-linux-gnu/tls/haswell/x86_64/libgail.so mr,
/lib/x86_64-linux-gnu/tls/libgail.so mr,
/lib/x86_64-linux-gnu/tls/x86_64/libgail.so mr,
/lib/x86_64-linux-gnu/x86_64/libgail.so mr,
/proc/*/stat r,
/proc/*/statm r,
/proc/*/status r,
### /proc/filesystems
/proc/self/cmdline r,
/proc/*/cmdline r,

/proc/self/stat r,
#### /proc/stat

/run/dconf/user/1000/** r,
/run/user/1000/dconf/profile r,
/run/user/1000/dconf/user r,
/run/user/1000/.mutter-Xwaylandauth.* r,
/run/user/1000/dconf/* rw,
/run/dbus/system_bus_socket rw,
/run/user/1000/bus rw,

/sys/devices/system/cpu r,
/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq r,
/sys/devices/system/cpu/cpu0/tsc_freq_khz r,
/sys/devices/system/cpu/** r,
/tmp/.org.chromium.Chromium.0hH7vL rw,
/usr/lib/chromium-browser/libffmpeg.so mr,
/usr/lib/chromium-browser/libs/libffmpeg.so mr,
/usr/lib/glibc-hwcaps/x86-64-v2/libgail.so mr,
/usr/lib/glibc-hwcaps/x86-64-v3/libgail.so mr,
/usr/lib/haswell/libgail.so mr,
/usr/lib/haswell/x86_64/libgail.so mr,
/usr/lib/libatk-bridge.so mr,
/usr/lib/libgail.so mr,
### /usr/lib/locale/locale-archive
/usr/lib/tls/haswell/libgail.so mr,
/usr/lib/tls/haswell/x86_64/libgail.so mr,
/usr/lib/tls/libgail.so mr,
/usr/lib/tls/x86_64/libgail.so mr,
/usr/lib/x86_64/libgail.so mr,
/usr/lib/x86_64-linux-gnu/charset.alias r,
### /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
### /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache
### /usr/lib/x86_64-linux-gnu/gio/modules
### /usr/lib/x86_64-linux-gnu/gio/modules/giomodule.cache
/usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgvfsdbus.so mr,
/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libgail.so mr,
/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libgail.so mr,
### /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules.cache
/usr/lib/x86_64-linux-gnu/gtk-3.0/modules/libcanberra-gtk-module.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/glibc-hwcaps/x86-64-v2/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/glibc-hwcaps/x86-64-v3/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/haswell/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/haswell/x86_64/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/libgvfscommon.so mr,
### /usr/lib/x86_64-linux-gnu/gvfs/modules
/usr/lib/x86_64-linux-gnu/gvfs/tls/haswell/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/tls/haswell/x86_64/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/tls/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/tls/x86_64/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/x86_64/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/haswell/libgail.so mr,
/usr/lib/x86_64-linux-gnu/haswell/x86_64/libgail.so mr,
/usr/lib/x86_64-linux-gnu/libatk-bridge.so mr,
/usr/lib/x86_64-linux-gnu/libgail.so mr,
/usr/lib/x86_64-linux-gnu/opera/../../../../chromium-ffmpeg/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/glibc-hwcaps/x86-64-v2/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/glibc-hwcaps/x86-64-v3/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/haswell/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/haswell/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/icudtl.dat r,
/usr/lib/x86_64-linux-gnu/opera/libasound.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libatk-1.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libatk-bridge-2.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libatk-bridge.so mr,
/usr/lib/x86_64-linux-gnu/opera/libatspi.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libavahi-client.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libavahi-common.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libblkid.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libbrotlicommon.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libbrotlidec.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libbsd.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libcairo-gobject.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libcairo.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libcanberra-gtk3.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libcanberra.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libcap.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libcom_err.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libc.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libcups.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libdatrie.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libdbus-1.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libdl.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libdrm.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libepoxy.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libexpat.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/glibc-hwcaps/x86-64-v2/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/glibc-hwcaps/x86-64-v3/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/haswell/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/haswell/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/tls/haswell/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/tls/haswell/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/tls/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/tls/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/lib_extra/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/libffi.so.8 mr,
/usr/lib/x86_64-linux-gnu/opera/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/libfontconfig.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libfreetype.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libfribidi.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgail.so mr,
/usr/lib/x86_64-linux-gnu/opera/libgbm.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libgcc_s.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libgcrypt.so.20 mr,
/usr/lib/x86_64-linux-gnu/opera/libgdk-3.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgdk_pixbuf-2.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgio-2.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libglib-2.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgmodule-2.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgmp.so.10 mr,
/usr/lib/x86_64-linux-gnu/opera/libgnutls.so.30 mr,
/usr/lib/x86_64-linux-gnu/opera/libgobject-2.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgpg-error.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libgraphite2.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libgssapi_krb5.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libgtk-3.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libharfbuzz.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libhogweed.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libidn2.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libjpeg.so.8 mr,
/usr/lib/x86_64-linux-gnu/opera/libk5crypto.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libkeyutils.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libkrb5.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libkrb5support.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libltdl.so.7 mr,
/usr/lib/x86_64-linux-gnu/opera/liblz4.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/liblzma.so.5 mr,
/usr/lib/x86_64-linux-gnu/opera/libmd.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libmount.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libm.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libnettle.so.8 mr,
/usr/lib/x86_64-linux-gnu/opera/libnspr4.so mr,
/usr/lib/x86_64-linux-gnu/opera/libnss3.so mr,
/usr/lib/x86_64-linux-gnu/opera/libnssutil3.so mr,
/usr/lib/x86_64-linux-gnu/opera/libogg.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libp11-kit.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libpango-1.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libpangocairo-1.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libpangoft2-1.0.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libpcre2-8.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libpcre.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libpixman-1.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libplc4.so mr,
/usr/lib/x86_64-linux-gnu/opera/libplds4.so mr,
/usr/lib/x86_64-linux-gnu/opera/libpng16.so.16 mr,
/usr/lib/x86_64-linux-gnu/opera/libpthread.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libresolv.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libsecret-1.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libselinux.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libsmime3.so mr,
/usr/lib/x86_64-linux-gnu/opera/libsystemd.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libtasn1.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libtdb.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libthai.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libunistring.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libuuid.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libvorbisfile.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libvorbis.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libwayland-client.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libwayland-cursor.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libwayland-egl.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libwayland-server.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libX11.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libX11-xcb.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libXau.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libxcb-randr.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libxcb-render.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libxcb-shm.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libxcb.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libXcomposite.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libXcursor.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libXdamage.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libXdmcp.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libXext.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libXfixes.so.3 mr,
/usr/lib/x86_64-linux-gnu/opera/libXinerama.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libXi.so.6 mr,
/usr/lib/x86_64-linux-gnu/opera/libxkbcommon.so.0 mr,
/usr/lib/x86_64-linux-gnu/opera/libXrandr.so.2 mr,
/usr/lib/x86_64-linux-gnu/opera/libXrender.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libz.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/libzstd.so.1 mr,
/usr/lib/x86_64-linux-gnu/opera/localization/en-US.pak r,
/usr/lib/x86_64-linux-gnu/opera/** r,
/usr/lib/x86_64-linux-gnu/opera/tls/haswell/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/tls/haswell/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/tls/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/tls/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/opera/x86_64/libffmpeg.so mr,
/usr/lib/x86_64-linux-gnu/tls/haswell/libgail.so mr,
/usr/lib/x86_64-linux-gnu/tls/haswell/x86_64/libgail.so mr,
/usr/lib/x86_64-linux-gnu/tls/libgail.so mr,
/usr/lib/x86_64-linux-gnu/tls/x86_64/libgail.so mr,
/usr/lib/x86_64-linux-gnu/x86_64/libgail.so mr,
/usr/local/share/dconf/profile/user r,
### /usr/local/share/glib-2.0/schemas/gschemas.compiled
/usr/share/dconf/profile/user r,
/usr/share/fonts/** r,

### /usr/share/glib-2.0/schemas/gschemas.compiled
/usr/share/locale/** r,
/usr/share/mime/mime.cache r,
/usr/share/themes/** r,
/usr/share/ubuntu/dconf/profile/user r,
### /usr/share/ubuntu/glib-2.0/schemas/gschemas.compiled
/usr/share/X11/locale/** r,
/var/lib/dbus/machine-id r,
### /var/lib/snapd/desktop/dconf/profile/user
### /var/lib/snapd/desktop/glib-2.0/schemas/gschemas.compiled



owner @{HOME}/Downloads/** rw,
deny @{HOME}/Documents/** rw,


}
 
Last edited:
  • Like
Reactions: vtqhtr413

Bot

AI-powered Bot
Apr 21, 2016
4,315
Thanks for sharing this detailed AppArmor profile for Opera on Ubuntu 22.04. It seems quite comprehensive and should provide a good amount of security while using the Opera browser. Remember to restart the apparmor service after placing the profile in the /etc/apparmor.d directory.
 

Victor M

Level 12
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
572
This Apparmor profile that I made is not as secure as it can be. I did not deny execution from the directories where Opera saves it own settings.

However, I just learned that Opera is sort of a sham when it comes to it's built-in VPN, for it is merely a proxy that routes data to it's headquarters. And there doesn't seem to be any encryption either. Thus the privacy of your browsing data is at risk. So I will not be updating this Opera's apparmor profile anymore.

See my Chrome 124 Apparmor profile for Ubuntu 24.04 .
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top