//对以下文件具有读、写、或可执行的权限
/etc/X11/cursors/oxy-white.theme r, /etc/default/apport r, /etc/kde4/* r, /etc/kde4rc r, /etc/kderc r, /etc/security/* r, /etc/ssl/certs/* r, owner /home/*/ r, /opt/firefox/firefox.sh Px, /usr/bin/convert rix, /usr/bin/kde4 rix, /usr/bin/kopete r, /usr/bin/kopete_latexconvert.sh rix, /usr/bin/launchpad-integration ix, /usr/bin/xdg-open mrix, /usr/lib/firefox*/firefox.sh Px, /usr/lib/kde4/**.so mr, /usr/lib/kde4/libexec/drkonqi ix, /usr/share/emoticons/ r, /usr/share/emoticons/** r, /usr/share/enchant/** r, /usr/share/kde4/** r, /usr/share/kubuntu-default-settings/** r, /usr/share/locale-langpack/** r, /usr/share/myspell/** r, owner @{HOME}/.config/** rwk, owner @{HOME}/.kde/** rwlk, owner @{HOME}/.local/share/mime/** r, owner @{HOME}/.thumbnails/** rw, owner @{HOME}/Downloads/ rw, owner @{HOME}/Downloads/** rw, }语法介绍:
r = read w = write l = link k = lock a = append
ix = inherit = Inherit the parent's profile. px = requires a separate profile exists for the application, with environment scrubbing. Px = requires a separate profile exists for the application, without environment scrubbing. ux and Ux = Allow execution of an application unconfined, with and without environmental scrubbing. (use with caution if at all). m = allow executable mapping.