veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
veilor-os/scripts/apparmor/usr.local.bin.lm-studio
s8n 3cbffaf714 sec: AppArmor profile skeletons + audit shipping draft + veilor-firstboot SELinux module (#3) 
Co-authored-by: veilor-org <admin@veilor.org>
2026-05-02 04:39:39 +01:00

96 lines
3.4 KiB
Text
Raw Blame History

# veilor-os AppArmor profile — LM Studio (local LLM runner)
#
# Scope:
# Confine LM Studio's binary. LM Studio loads arbitrary GGUF/safetensors
# weights and exposes an OpenAI-compatible HTTP server on :1234. The
# binary itself is closed-source — we don't trust it with the full home
# directory.
#
# Mode:
# complain initially. Flip to enforce once observed denials are reviewed.
#
# Manual enable:
# sudo install -m 0644 scripts/apparmor/usr.local.bin.lm-studio /etc/apparmor.d/
# sudo apparmor_parser -r /etc/apparmor.d/usr.local.bin.lm-studio
# sudo aa-complain /etc/apparmor.d/usr.local.bin.lm-studio
# sudo aa-enforce /etc/apparmor.d/usr.local.bin.lm-studio
#
# NOT enabled in kickstart by default. v0.5 work.
#include <tunables/global>
profile lm-studio /usr/local/bin/lm-studio flags=(complain) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/openssl>
#include <abstractions/dbus-session>
#include <abstractions/freedesktop.org>
#include <abstractions/X>
#include <abstractions/fonts>
# ---- network: HTTP server :1234 + outbound model downloads ----
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
deny network raw,
deny network packet,
deny network bluetooth,
# ---- binary + electron runtime (LM Studio is Electron-based) ----
/usr/local/bin/lm-studio mr,
/opt/lm-studio/** mr,
/usr/lib/lm-studio/** mr,
# ---- model weights + metadata ----
owner @{HOME}/.lmstudio/ rw,
owner @{HOME}/.lmstudio/** rwk,
owner @{HOME}/.cache/lm-studio/** rwk,
owner @{HOME}/.config/LMStudio/** rwk,
# ---- temp ----
/tmp/ r,
owner /tmp/** rwk,
/var/tmp/ r,
owner /var/tmp/** rwk,
# ---- GPU device nodes (CUDA / ROCm / Vulkan) ----
/dev/dri/ r,
/dev/dri/** rw,
/dev/nvidia* rw,
/dev/nvidiactl rw,
/dev/nvidia-uvm rw,
/dev/nvidia-uvm-tools rw,
/dev/kfd rw,
/dev/shm/** rwk,
# ---- system info ----
/etc/machine-id r,
/etc/os-release r,
/etc/localtime r,
/sys/devices/system/cpu/** r,
/sys/class/drm/** r,
/proc/cpuinfo r,
/proc/meminfo r,
/proc/stat r,
# ---- /proc: own process only ----
owner /proc/@{pid}/** r,
deny /proc/*/mem rwk,
# ---- forbidden ----
deny ptrace,
deny capability sys_ptrace,
deny capability sys_module,
deny capability sys_rawio,
deny /dev/kmem rwk,
deny /dev/mem rwk,
deny /dev/port rwk,
deny /sys/kernel/** w,
deny /etc/shadow r,
deny @{HOME}/.ssh/** rwk,
deny @{HOME}/.gnupg/** rwk,
# ---- xdg / browser handoff for "Open in browser" UI button ----
/usr/bin/xdg-open Pix,
}
Reference in a new issue View git blame Copy permalink