felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(full): add default bwrap profiles.

Browse source 
On  full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application.
It is not enabled by default as the sandbox profile is quite large.

Also integrate with the gnome app that use bwrap as sandbox manager.

Update other related profiles

See Full system policy #252
This commit is contained in:
Alexandre Pujol 2023-11-26 23:12:35 +00:00
parent 3da0ad2572
commit e41779f576
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
8 changed files with 146 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

6
dists/flags/main.flags
View file

@ -1,12 +1,12 @@
# Common profile flags definition for all distributions
# One profile by line using the format: '<profile> <flags>'
bwrap attach_disconnected,mediate_deleted,complain
bwrap-app attach_disconnected,mediate_deleted,complain
default attach_disconnected,mediate_deleted,complain
default-app attach_disconnected,complain
default-bwrap attach_disconnected,complain
default-sudo complain
systemd attach_disconnected,mediate_deleted,complain
systemd-user attach_disconnected,complain
systemd-user attach_disconnected,mediate_deleted,complain
aa-load complain
acpid attach_disconnected,complain