1 Policy: /usr/bin/lynx, Emulation: native ( 2 > native-issetugid: permit 3 > native-mprotect: permit 4 > native-mmap: permit 5 native-__sysctl: permit ( 6 > native-fsread: filename eq "/var/run/ld.so.hints" then pe 7 > native-fstat: permit 8 native-close: permit ( 9 native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then 10 native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit 11 native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t 12 native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" 13 native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p 14 native-fsread: filename match "/<non-existent filename>: | native-munmap: permit 15 native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit 16 native-fsread: filename eq "/etc/malloc.conf" then permit ( 17 native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit 18 native-fsread: filename eq "/etc/utmp" then permit < 19 native-fsread: filename eq "/home" then permit < 20 native-fsread: filename eq "$HOME" then permit < 21 native-fsread: filename eq "$HOME/.lynx-keymaps" then per < 22 native-fsread: filename eq "$HOME/.lynxrc" then permit < 23 native-fsread: filename eq "$HOME/.mailcap" then permit < 24 native-fsread: filename eq "$HOME/.mime.types" then permi < 25 native-fsread: filename eq "$HOME/.terminfo" then permit < 26 native-fsread: filename eq "$HOME/.terminfo.db" then perm < 27 native-fsread: filename eq "/obj" then permit < 28 native-fsread: filename eq "/tmp" then permit ( 29 native-fsread: filename match "/tmp/lynx-*/." then permit ( 30 > native-fsread: filename eq "$HOME" then permit 31 > native-fsread: filename eq "/etc/lynx.cfg" then permit 32 > native-fsread: filename eq "/" then permit 33 > native-fsread: filename eq "/usr/obj/bin/systrace/." then 34 > native-fsread: filename eq "/usr/obj/bin" then permit 35 > native-fcntl: permit 36 > native-getdirentries: permit 37 > native-lseek: permit 38 > native-fsread: filename eq "/usr/obj" then permit 39 native-fsread: filename eq "/usr" then permit ( 40 native-fsread: filename eq "/usr/bin" then permit ( 41 native-fsread: filename eq "/usr/games" then permit ( 42 native-fsread: filename eq "/usr/include" then permit ( 43 native-fsread: filename eq "/usr/lib" then permit ( 44 native-fsread: filename match "/usr/lib/libc.so.*" then p ( 45 native-fsread: filename match "/usr/lib/libcrypto.so.*" t ( 46 native-fsread: filename match "/usr/lib/libncurses.so.*" ( 47 native-fsread: filename match "/usr/lib/libssl.so.*" then ( 48 native-fsread: filename eq "/usr/libdata" then permit ( 49 native-fsread: filename eq "/usr/libexec" then permit ( 50 native-fsread: filename eq "/usr/lkm" then permit ( 51 native-fsread: filename eq "/usr/local" then permit ( 52 native-fsread: filename eq "/usr/mdec" then permit ( 53 native-fsread: filename eq "/usr/obj" then permit ( 54 native-fsread: filename eq "/usr/obj/bin" then permit ( 55 native-fsread: filename eq "/usr/obj/bin/systrace/." then ( 56 native-fsread: filename eq "/usr/obj/bin/systrace/.mailca ( 57 native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t ( 58 > native-fsread: filename eq "$HOME/.mime.types" then permi 59 > native-sigaction: permit 60 > native-ioctl: permit 61 > native-fsread: filename eq "$HOME/.terminfo.db" then perm 62 > native-fsread: filename eq "$HOME/.terminfo" then permit 63 native-fsread: filename eq "/usr/share/misc/terminfo.db" ( 64 > native-pread: permit 65 > native-write: permit 66 > native-fsread: filename eq "$HOME/.lynx-keymaps" then per 67 native-fsread: filename eq "/var/run/dev.db" then permit ( 68 native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit 69 native-fstat: permit < 70 native-fswrite: filename match "/tmp/lynx-*" then permit < 71 native-getdirentries: permit < 72 native-getpid: permit < 73 native-gettimeofday: permit < 74 native-ioctl: permit < 75 native-issetugid: permit < 76 native-lseek: permit < 77 native-mmap: permit < 78 native-mprotect: prot eq "PROT_READ" then permit < 79 native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < 80 native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < 81 native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < 82 native-munmap: permit < 83 native-nanosleep: permit < 84 native-poll: permit ( 85 native-pread: permit | native-nanosleep: permit 86 native-read: permit | native-gettimeofday: permit 87 native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit 88 native-select: permit < 89 native-sendto: true then permit < 90 native-sigaction: permit < 91 native-sigprocmask: permit < 92 native-socket: sockdom eq "AF_INET" and socktype eq "SOCK ( 93 > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe 94 > native-sendto: true then permit 95 > native-select: permit 96 > native-recvfrom: permit 97 native-socket: sockdom eq "AF_INET" and socktype eq "SOCK ( 98 native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p 99 > native-exit: permit 100
Indexes created Wed Oct 01 07:09:59 GMT 2025