## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC ## See the file COPYING for copying conditions. #include #include capability audit_write, capability chown, capability net_admin, capability setgid, capability setuid, capability sys_resource, ptrace read, /dev/pts/[0-9]* rw, /{,usr/}bin/bash mrix, /{,usr/}bin/chown mrix, /{,usr/}bin/date mrix, /{,usr/}bin/mktemp mrix, /{,usr/}bin/rm mrix, /{,usr/}bin/touch mrix, /{,usr/}bin/systemctl mrix, /{,usr/}bin/id mrix, /{,usr/}bin/inotifywait mrix, /{,usr/}bin/mkfifo mrix, /{,usr/}bin/sudo mrix, /{,usr/}bin/tee mrix, /{,usr/}bin/getent mrix, /{,usr/}bin/whonix-{gateway,workstation}-firewall mrix, /{,usr/}bin/whonix_firewall mrix, /{,usr/}libexec/whonix-firewall/* mrix, /{,usr/}sbin/xtables-nft-multi mrix, ## TODO /{,usr/}bin/qubesdb-read rUx, /{,usr/}bin/qubesdb-cmd rUx, /etc/group r, /etc/sudoers r, /etc/sudoers.d/{,*} r, /etc/gai.conf r, owner /etc/host.conf r, owner /etc/hosts.anondist r, owner /etc/login.defs r, owner /etc/nsswitch.conf r, owner /etc/pam.d/* r, owner /etc/passwd r, owner /etc/protocols r, owner /etc/resolv.conf r, owner /etc/shadow r, owner /etc/whonix_firewall.d/{,*} r, owner /usr/local/etc/whonix_firewall.d/{,*} r, @{PROC}/{filesystems,sys/kernel/random/boot_id} r, @{PROC}/@{pid}/{,environ,sched,stat,fd/} r, owner @{PROC}/*/comm r, /run/log/journal/{,**} r, /var/log/journal/{,**} r, /run/sdwdate/{,**} rw, owner /run/anon-firewall/{,**} rw, owner /run/whonix_firewall/{,**} rw, owner /run/qubes-service/ rw, owner /run/qubes-service/* w, /run/updatesproxycheck/ r, owner /run/updatesproxycheck/ rw, owner /run/updatesproxycheck/** rw, owner /run/utmp rk, /tmp/tmp.* rw,