felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3835 commits 5 branches 0 tags 16 MiB
Commit graph

3835 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alexandre Pujol
7aae9f0dd7
build: add stacked-dbus builder 
Resolve peer label variable in dbus rules. It create a full dbus rule by item in a variable when it is used a peer label.

For ubuntu with apparmor 4.1+

See https://gitlab.com/apparmor/apparmor/-/issues/537#note_2699570190
 2025-08-24 23:30:54 +02:00
Alexandre Pujol
107820975d
feat(aa): add file kind. 2025-08-24 23:18:41 +02:00
Alexandre Pujol
157c365b26
fix(aa): ensure tokenization helper cleanup data. 2025-08-24 23:17:10 +02:00
Alexandre Pujol
7d1f885209
test(aa): add testdata for network rule. 2025-08-24 23:15:21 +02:00
Alexandre Pujol
43f30333c6
feat(aa): add support for prompt and priority rule. 2025-08-24 23:14:52 +02:00
Alexandre Pujol
3a17dd3310
feat(aa): add support for advanced network rule. 2025-08-24 23:08:41 +02:00
Alexandre Pujol
bfcf9f846c
build: support for unconfined flag. 2025-08-24 22:52:35 +02:00
Alexandre Pujol
9b7c1acb1b
build: cosmetic on build task name. 2025-08-24 22:52:08 +02:00
Alexandre Pujol
1724040229
feat(profile): various ubuntu based improvements. 2025-08-24 22:15:51 +02:00
Alexandre Pujol
f21fecc25a
feat(profile): update possible path for browserpass. 2025-08-24 22:07:09 +02:00
Alexandre Pujol
0fccbef52b
feat(profile): improve firefox profiles. 2025-08-24 22:06:34 +02:00
Alexandre Pujol
3061882809
feat(profile): update dbus rules for Ubuntu. 2025-08-24 22:04:07 +02:00
Alexandre Pujol
eb2def65a1
feat(abs): move some dbus abs to the session subfolder. 2025-08-24 21:47:00 +02:00
Alexandre Pujol
d6885803cb
fear(abs): update dbus core abs. 2025-08-24 21:32:51 +02:00
Alexandre Pujol
e9f0b77f2d
feat(profile): update btop. 2025-08-23 18:59:08 +02:00
Alexandre Pujol
7b0a78b1f1
feat(abs): improve dbus core abstractions 2025-08-23 17:42:49 +02:00
Alexandre Pujol
bfe35f254e
feat(profile): small improvement for snap. 2025-08-23 17:40:48 +02:00
Alexandre Pujol
15b8a6cea4
fix: linter issue. 2025-08-22 21:22:25 +02:00
Alexandre Pujol
53df40b8ac
feat(profile) gvfs: more dbus integration. 2025-08-22 20:40:36 +02:00
Alexandre Pujol
f18fc88253
feat(profile): kde: improve dbus rules. 2025-08-22 20:39:18 +02:00
Alexandre Pujol
cea9fd5614
feat(profile): improve kde integration 
see #559
 2025-08-22 20:37:48 +02:00
Alexandre Pujol
1506ae04d8
fix(profile): /att/**/ instead of @{att}/ 2025-08-22 20:03:19 +02:00
Alexandre Pujol
3b2f745bca
feat(abs): use the new core abs in desktop. 2025-08-22 19:25:00 +02:00
Alexandre Pujol
0817911b57
feat(abs): add more core abstractions 
They will at term replace the freedesktop abstraction.
 2025-08-22 18:48:36 +02:00
Alexandre Pujol
fbb1768aa6
feat(abs): add the amdgpu abstraction. 2025-08-22 18:46:26 +02:00
Alexandre Pujol
81636262f1
feat(abs): add the java abstraction. 2025-08-22 18:42:38 +02:00
Alexandre Pujol
b53e0b7d39
feat(abs): add the oneapi abs. 2025-08-22 18:30:44 +02:00
Alexandre Pujol
fb82d8d0d6
feat(profile): small gnome related improvement. 2025-08-22 18:27:22 +02:00
Alexandre Pujol
46d4207d71
feat(profile): makepkg: handle lsb_release and pager. 2025-08-22 18:22:59 +02:00
Alexandre Pujol
2d3831221a
feat(profile): update cups profiles. 2025-08-22 18:16:43 +02:00
Alexandre Pujol
ba217a261e
feat(profile): update flatpak profiles. 2025-08-22 18:15:38 +02:00
Alexandre Pujol
ec73d8349e
fix(profile): gnome access to chromium shared. 
fix #806
 2025-08-22 18:05:05 +02:00
Alexandre Pujol
e7a91b307e
fix(profile): fusermount with fsarchiver 
fix #817
 2025-08-22 18:01:31 +02:00
Alexandre Pujol
0f017048e4
fix(profile): fix att path in flatpak 
fix #820
 2025-08-22 17:57:40 +02:00
Alexandre Pujol
8b49f9ebf5
feat(profile): update telegram path 
fix #821
 2025-08-22 17:52:57 +02:00
curiosityseeker
ddee051279 Update gnome-boxes 2025-08-22 17:40:56 +02:00
curiosityseeker
b3dd09ce01 Update gnome-boxes 
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ladspa.rdfs comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ladspa-rubberband.rdf comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb2/2-3/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-6/1-6.2/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-14/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-13/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
 2025-08-22 17:40:56 +02:00
curiosityseeker
2c64ab91cb Update grub-mkrelpath 2025-08-22 17:40:39 +02:00
curiosityseeker
4d15570ff1 Update grub-mkrelpath 
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-08-20T16:43@{busname}.488Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-08-18T13:49@{busname}.739Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-04-11T11@{busname}:58.643Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_@{int16}5/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-08-20T16:43@{busname}.488Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-08-18T13:49@{busname}.739Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-04-11T11@{busname}:58.643Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_@{int16}5/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
 2025-08-22 17:40:39 +02:00
curiosityseeker
5d7646d9cc Update mandb 
ALLOWED mandb exec @{bin}/bzip2 -> mandb//null-@{bin}/bzip2 comm=mandb requested_mask=x denied_mask=x
ALLOWED mandb//null-@{bin}/bzip2 file_inherit /usr/share/man/man8/grub-btrfsd.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 file_inherit /var/cache/man/52062 comm=bzip2 requested_mask=wr denied_mask=wr
ALLOWED mandb//null-@{bin}/bzip2 file_mmap @{bin}/bzip2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 getattr /usr/share/man/man8/grub-btrfsd.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 file_inherit /usr/share/man/man8/grub-btrfs.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 getattr /usr/share/man/man8/grub-btrfs.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
 2025-08-22 14:42:20 +02:00
Alexandre Pujol
f3d209e42a
feat(profile): ensure nautilus can access root files. 2025-08-19 22:58:46 +02:00
Alexandre Pujol
c806ec44eb
feat(profile): update virt profiles. 2025-08-19 22:56:07 +02:00
Alexandre Pujol
5e5fde7741
feat(abs): add the sqlite abstraction. 2025-08-19 21:43:20 +02:00
Alexandre Pujol
24f629d326
fix(profile): few fixes related to reattached paths. 
See #816
 2025-08-17 21:43:23 +02:00
Alexandre Pujol
952c4e91a1
feat(aa): add aa --enforce and aa --complain. 
These are small dev tools, not installed by default.
 2025-08-17 20:50:00 +02:00
Alexandre Pujol
7f9664c51f
feat(profile): add profile for mpris-proxy. 2025-08-17 17:51:10 +02:00
Alexandre Pujol
ba16e3c340
feat(profile): cleanup log from well known programs. 2025-08-17 17:20:08 +02:00
Alexandre Pujol
4dba131fb3
feat(profile): parser: move sysctl to its own subprofile. 2025-08-17 17:16:24 +02:00
Alexandre Pujol
7e79d5abef
feat(profile): improve support for ubuntu & kubuntu. 2025-08-17 17:15:24 +02:00
Alexandre Pujol
523522dd1d
feat(profile): improve kde profiles. 2025-08-17 17:05:38 +02:00