felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3434 commits 5 branches 0 tags 16 MiB
Commit graph

3434 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alexandre Pujol
04dc921eb1
doc: rewrite the introduction page. 2025-05-15 22:09:52 +02:00
Alexandre Pujol
36f9ae0458
fix(profile): ensure deluser use sbin. 2025-05-14 23:05:00 +02:00
Alexandre Pujol
877452519d
feat(profile): unix-chkpwd: Add read capability to profile 
Following the Security Technical Implementation Guide, it is better to
set the permissions to 0000 for the shadow file.
However, since PAM version 1.6.0, after this change [0], unix-chkpwd
will unconditionnaly read the shadow file. And with the previous
restriction, the binary has an access denied to the shadow which
blocks user authentications. Moreover the PAM changes is needed to fix
the CVE-2024-10041.
Giving the read capability to the unix-chkpwd profile allows it to
function properly. See bug report [1].

[0] - https://github.com/linux-pam/linux-pam/pull/686
[1] - https://bugzilla.suse.com/show_bug.cgi?id=1241678

Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>
 2025-05-14 22:49:58 +02:00
Alexandre Pujol
415c09ca88
feat(tunable): add alias from which.debianutils to which. 2025-05-14 22:43:58 +02:00
Alexandre Pujol
1096666191
feat(profile): general minor update. 2025-05-14 22:36:46 +02:00
Roman Beslik
c972607ca4 wmname 2025-05-14 22:20:39 +02:00
beroal
be0b63724c
v4l2-ctl: a CLI utility for managing webcams (#731) 
* v4l2-ctl

* abi 3 to 4
 2025-05-14 20:19:27 +00:00
Yifan Zhu
888954744f fix(abstractions): allow link in thumbnail write 2025-05-14 22:18:36 +02:00
tpaau-17DB
f83e24b1b7
Add profile for spotdl. (#736) 
* Add profile for spotdl.

* Change `rpx` to `rPx`

* Remove copyright
 2025-05-14 20:17:06 +00:00
beroal
8697a6a7e1
cheese: video capturing (#730) 2025-05-14 17:40:40 +02:00
gjpin
e044fbe565 git//ssh: allow execution of ksshaskpass 2025-05-14 17:38:02 +02:00
gjpin
29a352d78f feat(profile): xdg-permission-store: allow screencast 2025-05-14 17:37:09 +02:00
EricLin0509
bb58c07871 offices_names: add wps 2025-05-14 17:33:51 +02:00
Alexandre Pujol
b07be68636
fix(profile): directive format in localectl. 2025-05-04 20:38:15 +02:00
Alexandre Pujol
37f70a0030
feat(abs): minor abstraction improvement. 2025-05-04 20:33:18 +02:00
Alexandre Pujol
74dcf2defc
feat(profile): systemd: improve some ctl tools. 2025-05-04 20:31:10 +02:00
Alexandre Pujol
3e0c3067d8
feat(profile): systemd: add some generators 2025-05-04 20:05:54 +02:00
Alexandre Pujol
4e21ef53e6
feat(profile): systemd: add nsresourced. 2025-05-04 20:01:28 +02:00
Alexandre Pujol
f936088ae7
doc: add abstraction architecture. 2025-05-04 19:51:49 +02:00
Alexandre Pujol
6d8eda6b87
feat(profile): update some dbus defintion for gnome. 2025-05-03 18:34:37 +02:00
Alexandre Pujol
f6c0893d90
feat(abs): update dbus rules for gtk4. 2025-05-03 18:30:25 +02:00
Alexandre Pujol
38b9bf673e
feat(tunable): dbus: ensure compatibility across multiple distribution even on apparmor 4.1 2025-05-03 18:20:34 +02:00
Alexandre Pujol
da97ffb63c
fix(profile): ensure gdm uses sbin. 2025-05-02 22:59:40 +02:00
Alexandre Pujol
6423e962a0
feat(abs): update dbus interface abs. 2025-05-01 20:45:07 +02:00
Alexandre Pujol
dd7841f4e9
feat(profile): pacman: ensure ghc-pkg is run independant from pacman. 2025-05-01 20:42:12 +02:00
Alexandre Pujol
fa317ad91b
feat(profile): improve netplan generator. 2025-05-01 20:40:26 +02:00
Alexandre Pujol
97ddc0de63
feat(profile): add sshd-auth 2025-05-01 20:39:38 +02:00
Alexandre Pujol
a98b8bbc0d
feat(profile): improve dbus rule in the gnome profiles. 2025-05-01 20:39:10 +02:00
Alexandre Pujol
df6378cec0
feat(profile): improve common freedesktop profiles. 2025-05-01 20:34:35 +02:00
Alexandre Pujol
3cc39debfb
feat(profile): improve kde integration. 2025-05-01 20:27:03 +02:00
Alexandre Pujol
87e82b1505
fix(profile): modernise fuse-overlayfs. 
fix  #726
 2025-05-01 20:15:24 +02:00
Alexandre Pujol
5edde91d44
fix(test): update test to the new value of bin. 2025-05-01 19:56:34 +02:00
Alexandre Pujol
c969faf6e8
feat(profile): add initial version of sshd-auth. 
Fix #725
 2025-05-01 19:46:32 +02:00
Alexandre Pujol
83806c1b35
fix(profile): ensure cmus can read the home directory 
fix #728
 2025-05-01 19:38:57 +02:00
Roman Beslik
ad4bfab4f2
loginctl-linger 2025-05-01 19:30:16 +02:00
Alexandre Pujol
8f250f451c
doc: add sbin. 2025-05-01 19:23:42 +02:00
Alexandre Pujol
45d7cf48c4
fix(profile): small improvment raised by the tests. 2025-05-01 18:48:31 +02:00
Alexandre Pujol
3a568ba307
feat(profile): add more programs to the list of sbin program. 2025-05-01 15:17:03 +02:00
Alexandre Pujol
dc816178f5
fix(profile): ensure adduser use sbin. 2025-05-01 14:38:52 +02:00
Alexandre Pujol
7431867fa4
ci(github): remove useless github specific rules. 2025-05-01 14:37:31 +02:00
Alexandre Pujol
48a37bbf34
build: configure sbin value according to the target distribution. 2025-05-01 14:36:57 +02:00
Alexandre Pujol
d162032af9
feat(profile): allow needrestart to scan more directories. 2025-04-30 22:16:45 +02:00
Alexandre Pujol
b9eaa840bd
fix: integration tests. 2025-04-29 00:31:08 +02:00
Alexandre Pujol
018ca1b0b5
feat(abs): ensure app root launcher can start program in sbin. 2025-04-29 00:14:01 +02:00
Alexandre Pujol
4f4a8fa8e7
test(check): ensurre we only match the sbin name. 2025-04-28 23:04:17 +02:00
Alexandre Pujol
1c499183f2
feat(aa-log): add support for the sbin variable. 2025-04-28 22:43:33 +02:00
Alexandre Pujol
7b55b351ef
feat(profile): replace @{bin} by @{sbin} on additional profiles. 2025-04-28 22:41:40 +02:00
Alexandre Pujol
aeb3614a07
tests: add some program to the list of tracked files in sbin. 2025-04-28 22:34:17 +02:00
Alexandre Pujol
af070877f2
tests: update unit tests to last changes. 2025-04-28 22:09:28 +02:00
Alexandre Pujol
0f8032f9e8
feat(tunable): configure sbin across distributions. 2025-04-28 21:57:26 +02:00