\u0420\u0435\u0448\u0438\u043b \u0437\u0430\u043f\u0438\u043b\u0438\u0442\u044c \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u0434\u043b\u044f \u0441\u0442\u0430\u0440\u043e\u0433\u043e \u0441\u043a\u0430\u0439\u043f\u0430 \u2014 \u0434\u0430\u0431\u044b \u043d\u043e\u0432\u044b\u0439 \u0442\u043e\u0436\u0435 \u043d\u0435 \u0431\u043e\u0440\u0437\u0435\u043b \u0441\u043e \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u043c\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438. \u041d\u0435 \u0437\u043d\u0430\u044e, \u0432 \u043a\u0430\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u044d\u0442\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442, \u043a\u0440\u0438\u0442\u0438\u043a\u0430 \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442\u0441\u044f.<\/p>\n
<\/p>\n
@{PROC}\/sys\/kernel\/{ostype,osrelease} r, \/sys\/devices\/**\/power_supply\/**\/online r, \/dev\/ r, \/var\/cache\/libx11\/compose\/* r,<\/p>\n # should this be in a separate KDE abstraction? \/usr\/bin\/skypeforlinux mr, # For opening links in the browser (still requires explicit access to execute owner @{HOME}\/.config\/ r, # Skype traverses the .mozilla directory and needs access to prefs.js # Skype also looks around in these directories<\/p>\n \/{,usr\/,usr\/local\/}lib\/ r,<\/p>\n # Recent skype builds have an executable stack, so it tries to mmap certain # Silence a few non-needed writes \u0420\u0435\u0448\u0438\u043b \u0437\u0430\u043f\u0438\u043b\u0438\u0442\u044c \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u0434\u043b\u044f \u0441\u0442\u0430\u0440\u043e\u0433\u043e \u0441\u043a\u0430\u0439\u043f\u0430 \u2014 \u0434\u0430\u0431\u044b \u043d\u043e\u0432\u044b\u0439 \u0442\u043e\u0436\u0435 \u043d\u0435 \u0431\u043e\u0440\u0437\u0435\u043b \u0441\u043e \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u043c\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438. \u041d\u0435 \u0437\u043d\u0430\u044e, \u0432 \u043a\u0430\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u044d\u0442\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442, \u043a\u0440\u0438\u0442\u0438\u043a\u0430 \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442\u0441\u044f.<\/p>\n","protected":false},"author":11348,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-25","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=\/wp\/v2\/users\/11348"}],"replies":[{"embeddable":true,"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=25"}],"version-history":[{"count":1,"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts\/25\/revisions"}],"predecessor-version":[{"id":26,"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts\/25\/revisions\/26"}],"wp:attachment":[{"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tolstoevsky.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n# Modifications by Tolstoevsky
\n# based on legacy Skype profile by
\n# - \u0410\u043d\u0434\u0440\u0435\u0439 \u041a\u0430\u043b\u0438\u043d\u0438\u043d, LP: #226624
\n# - Jamie Strandboge and Ivan Frederiks, LP: #933440
\n#include <tunables\/global>
\n\/usr\/bin\/skypeforlinux flags=(complain) {
\n#include <abstractions\/audio>
\n#include <abstractions\/base>
\n#include <abstractions\/dbus-session>
\n#include <abstractions\/fonts>
\n#include <abstractions\/freedesktop.org>
\n#include <abstractions\/gnome>
\n#include <abstractions\/ibus>
\n#include <abstractions\/kde>
\n#include <abstractions\/nameservice>
\n#include <abstractions\/nvidia>
\n#include <abstractions\/ssl_certs>
\n#include <abstractions\/user-tmp>
\n#include <abstractions\/X><\/code><\/p>\n
\n@{PROC}\/@{pid}\/net\/arp r,
\n@{PROC}\/@{pid}\/net\/dev r,
\nowner @{PROC}\/@{pid}\/auxv r,
\nowner @{PROC}\/@{pid}\/cmdline r,
\nowner @{PROC}\/@{pid}\/fd\/ r,
\nowner @{PROC}\/@{pid}\/task\/ r,
\nowner @{PROC}\/@{pid}\/task\/[0-9]*\/stat r,<\/p>\n
\n\/sys\/devices\/system\/cpu\/ r,
\n\/sys\/devices\/system\/cpu\/cpu[0-9]*\/cpufreq\/scaling_{cur_freq,max_freq} r,<\/p>\n
\nowner \/{dev,run}\/shm\/pulse-shm* m,
\n\/dev\/snd\/* m,
\n\/dev\/video* mrw,<\/p>\n
\nowner @{HOME}\/.kde{,4}\/share\/config\/kioslaverc r,<\/p>\n
\n\/etc\/xdg\/sni-qt.conf rk,
\n\/etc\/xdg\/Trolltech.conf rk,
\n\/usr\/share\/skypeforlinux\/** kr,
\n\/usr\/share\/skypeforlinux\/**\/*.qm mr,
\n\/usr\/share\/skypeforlinux\/sounds\/*.wav kr,
\n\/usr\/lib\/@{multiarch}\/pango\/** mr,<\/p>\n
\n# the browser)
\n\/usr\/bin\/xdg-open ixr,<\/p>\n
\nowner @{HOME}\/.config\/*\/ r,
\nowner @{HOME}\/.config\/skypeforlinux\/* rw,
\nowner @{HOME}\/.config\/Trolltech.conf kr,<\/p>\n
\nowner @{HOME}\/.mozilla\/ r,
\nowner @{HOME}\/.mozilla\/**\/ r,
\nowner @{HOME}\/.mozilla\/*\/*\/prefs.js r,<\/p>\n
\n# files. Let’s deny them for now.
\ndeny \/etc\/passwd m,
\ndeny \/etc\/group m,
\ndeny \/usr\/share\/fonts\/** m,<\/p>\n
\ndeny \/var\/cache\/fontconfig\/ w,
\ndeny owner @{HOME}\/.fontconfig\/ w,
\ndeny owner @{HOME}\/.fontconfig\/*.cache-*.TMP* w,
\n}<\/p>\n","protected":false},"excerpt":{"rendered":"