Apparmor profile for VirtualBox

If you have any problems with it, read my other thread on iron.

Code:

# Last Modified: Tue Feb 18 11:05:02 2014
#include <tunables/global>

/usr/lib/virtualbox/VirtualBox {
  #include <abstractions/apache2-common>
  #include <abstractions/base>
  #include <abstractions/ubuntu-konsole>

  capability dac_override,
  capability net_admin,
  capability net_raw,
  capability setgid,
  capability setuid,
  capability sys_admin,
  capability sys_nice,
  capability sys_ptrace,
  capability sys_resource,

  network inet raw,

  deny /etc/passwd m,

  /bin/cat rix,
  /bin/dash rix,
  /bin/grep rix,
  /bin/lsmod mrix,
  /bin/ps mrix,
  /bin/rm rix,
  /bin/sed rix,
  /bin/uname mrix,
  /bin/which rix,
  /dev/ r,
  /dev/ati/* rw,
  /dev/block/ r,
  /dev/bsg/ r,
  /dev/bus/ r,
  /dev/bus/usb/ r,
  /dev/bus/usb/** r,
  /dev/char/ r,
  /dev/cpu/ r,
  /dev/disk/ r,
  /dev/disk/** r,
  /dev/dri/** mrw,
  /dev/input/ r,
  /dev/input/by-path/ r,
  /dev/mapper/ r,
  /dev/nvidia0 rw,
  /dev/nvidiactl rw,
  /dev/snd/ r,
  /dev/snd/by-path/ r,
  /dev/tty rw,
  /dev/vboxdrv rw,
  /dev/vboxnetctl rw,
  /dev/vboxusb/ r,
  /etc/default/locale r,
  /etc/environment r,
  /etc/fonts/** r,
  /etc/fstab r,
  /etc/gnome-vfs-2.0/modules/ r,
  /etc/gnome-vfs-2.0/modules/default-modules.conf r,
  /etc/login.defs r,
  /etc/mtab r,
  /etc/nsswitch.conf r,
  /etc/pam.d/* r,
  deny /etc/passwd rq,
  /etc/pulse/client.conf r,
  /etc/securetty r,
  /etc/security/capability.conf r,
  /etc/security/pam_env.conf r,
  deny /etc/shadow rw,
  deny /etc/sudoers rw,
  deny /etc/sudoers.d/ rw,
  deny /etc/sudoers.d/** rw,
  /etc/xdg/Trolltech.conf rk,
  /home/*/ r,
  /home/*/** mrwk,
  /lib{,32,64}/** mr,
  /proc/ r,
  /proc/*/cmdline r,
  /proc/*/fd/ r,
  /proc/*/mounts r,
  /proc/*/net/dev r,
  /proc/*/net/if_inet6 r,
  /proc/*/stat r,
  /proc/*/status r,
  /proc/*/task/ r,
  /proc/interrupts r,
  /proc/modules r,
  /proc/sys/kernel/pid_max r,
  /proc/tty/drivers r,
  /proc/uptime r,
  /proc/version r,
  /run/shm/ r,
  /run/shm/** mrw,
  /sbin/ifconfig rix,
  /sys/block/ r,
  /sys/bus/usb/devices/ r,
  /sys/class/power_supply/ r,
  /sys/devices/** r,
  /sys/devices/virtual/** r,
  owner /tmp/** l,
  /tmp/** mrwk,
  /usr/bin/VBox r,
  /usr/bin/basename mrix,
  /usr/bin/gksu rix,
  /usr/bin/lsb_release rix,
  /usr/bin/mawk mrix,
  /usr/bin/pulseaudio rix,
  deny /usr/bin/sudo rw,
  /usr/bin/whoami mrix,
  /usr/include/python2.7/pyconfig.h r,
  /usr/lib/virtualbox/** rwix,
  /usr/lib/virtualbox/ExtensionPacks/** rwix,
  /usr/lib/virtualbox/VBoxSVC rix,
  /usr/lib/virtualbox/VBoxTestOGL rix,
  /usr/lib/virtualbox/VBoxXPCOMIPCD rix,
  /usr/lib/virtualbox/VirtualBox rix,
  /usr/lib{,32,64}/** mr,
  /usr/local/lib/python2.7/dist-packages/ r,
  /usr/local/share/fonts/ r,
  /usr/share/fonts/ r,
  /usr/share/fonts/** mr,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/gvfs/remote-volume-monitors/ r,
  /usr/share/gvfs/remote-volume-monitors/afc.monitor r,
  /usr/share/gvfs/remote-volume-monitors/gdu.monitor r,
  /usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r,
  /usr/share/icons/ r,
  /usr/share/icons/** mrk,
  /usr/share/mime/** mr,
  /usr/share/pixmaps/ r,
  /usr/share/poppler/cMap/Adobe-CNS1/ r,
  /usr/share/poppler/cMap/Adobe-GB1/ r,
  /usr/share/poppler/cMap/Adobe-Japan1/ r,
  /usr/share/poppler/cMap/Adobe-Japan2/ r,
  /usr/share/poppler/cMap/Adobe-Korea1/ r,
  /usr/share/pyshared/PIL.pth r,
  /usr/share/pyshared/gtk-2.0-pysupport-compat.pth r,
  /usr/share/pyshared/lazr.restfulclient-0.12.0-nspkg.pth r,
  /usr/share/pyshared/lazr.uri-1.0.3-nspkg.pth r,
  /usr/share/pyshared/pygst.pth r,
  /usr/share/pyshared/pygtk.pth r,
  /usr/share/pyshared/ubuntu-sso-client.pth r,
  /usr/share/pyshared/ubuntuone-client.pth r,
  /usr/share/pyshared/ubuntuone-control-panel.pth r,
  /usr/share/pyshared/ubuntuone-couch.pth r,
  /usr/share/qt4/** r,
  /usr/share/themes/** r,
  /usr/share/virtualbox/** mr,
  /usr/share/virtualbox/VBoxSysInfo.sh rix,
  /var/cache/fontconfig/** r,
  /var/lib/dbus/machine-id r,
  /{,var/}run/utmp rk,

}