felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3335 commits 5 branches 0 tags 16 MiB
Commit graph

52 commits

Author SHA1 Message Date
EliasTheGrandMasterOfMistakes
dc83373a0f bwrap(abstractions): Allow read to actions_avail 2025-03-18 22:35:44 +01:00
Alexandre Pujol
5784ff83cf
feat(abs): minor improvement to some abstraction. 2025-01-28 23:30:25 +01:00
Alexandre Pujol
815e9bfda2
feat(profile): general update. 2024-11-19 23:07:41 +00:00
Alexandre Pujol
4d11367bec
feat(profile): ensure flatpak can run programs in games dir. 
fix #586
 2024-11-10 19:55:21 +00:00
Alexandre Pujol
d9208e0648
feat(profile): general update and fixes. 2024-10-22 22:04:04 +01:00
Alexandre Pujol
38b973c596
chore(profile): remove trailing whitespace in profiles. 2024-10-22 20:03:24 +01:00
Alexandre Pujol
185dc96d45
feat(profile): general update. 2024-10-14 19:32:48 +01:00
Alexandre Pujol
61a27bc336
feat(profile): initial integration with attached path. 
The feature is not yet enabled.

See https://apparmor.pujol.io/development/internal/#re-attached-path
 2024-10-11 14:13:17 +01:00
Alexandre Pujol
fc43400c26
feat(abs): add abi reference to all abstractions. 2024-10-09 22:19:01 +01:00
Alexandre Pujol
7b73adceeb
feat(abs): common/gnome: remove open_path from the abs, add bus accessibility. 2024-10-04 14:31:54 +01:00
Alexandre Pujol
d6b7bef89e
feat(profile): enable abi 4 rules by default. 2024-10-02 14:19:26 +01:00
Alexandre Pujol
21e8456383
feat(abs): general improvment. 2024-10-01 17:29:49 +01:00
Alexandre Pujol
63888f07a7
fix(profile): flatpak app range. 
fix #519
 2024-09-27 14:39:01 +01:00
Alexandre Pujol
fbb0d62aee
fix(profile): ensure sandboxed app ca write font cache. 2024-09-26 20:21:48 +01:00
Alexandre Pujol
69f9e8464f
feat(profile): update profiles for gnome 47. 2024-09-25 00:14:02 +01:00
Alexandre Pujol
02d8aaee7f
feat(profile): improve integration with kde 
see #496
 2024-09-18 16:59:44 +01:00
odomingao
c622f5de93 Add support for controllers in game abstraction 2024-09-11 11:26:47 +00:00
Alexandre Pujol
c7181ecadf
feat(profile): general update. 2024-09-09 19:57:49 +01:00
Alexandre Pujol
a99fbaa0be
feat(profile): restic some well known path. 2024-09-09 19:47:25 +01:00
Alexandre Pujol
fde8ee6ec6
fix(profile): generic app need access to /var/cache/tmp/ 
fix #465
 2024-09-06 21:32:39 +01:00
Alexandre Pujol
50831a2fc8
feat(abs): split steam-game abstraction to game and steam-game abstractions. 2024-08-20 21:06:34 +01:00
Alexandre Pujol
6cd01064ae
feat(profile): general update. 2024-07-15 23:12:39 +01:00
Alexandre Pujol
2e127ace4b
feat(abs): general update. 2024-06-23 11:17:56 +01:00
Alexandre Pujol
2710fd3484
feat(profile): ensure steam can update itself. 2024-06-23 11:16:23 +01:00
REmerald
41b1489b76 fix: add vim syntax to remaining files 
Add vim syntax modeline to files which didn't have it for some reason.
Continuation of #396.
 2024-06-16 17:32:21 +01:00
REmerald
c1d531525a
fix(abstractions, tunables): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 22:01:25 +01:00
REmerald
1206692e51
feat(abstractions): vim syntax highlighting 
Add vim syntax support. See man apparmor.vim(5)
 2024-06-15 22:00:29 +01:00
Alexandre Pujol
39bfa9a40b
feat(profile): update steam profiles. 2024-06-15 21:59:31 +01:00
REmerald
eb480672f3
fix(abstractions, tunables): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 21:59:31 +01:00
REmerald
6b5475c7f2
feat(abstractions): vim syntax highlighting 
Add vim syntax support. See man apparmor.vim(5)
 2024-06-15 21:57:49 +01:00
Alexandre Pujol
ff88400b22
feat(abs): minor cleanup. 2024-06-11 23:18:07 +01:00
Alexandre Pujol
6d549b7c70
feat(profile): rewrite steam profiles. 
- Separate profile for sandboxes.
- Separate profile for native and proton games.
- Updated path dirs
- tested on arch & debian.

Note: these profiles are still in alpha stage and disabled by default.
 2024-06-11 00:21:29 +01:00
Alexandre Pujol
08a1aba39d
feat(abs): bwrap: add special mount rule for debian. 2024-06-11 00:01:46 +01:00
Alexandre Pujol
222685c029
feat(profile): use the cups-client more often. 2024-06-10 23:51:38 +01:00
Alexandre Pujol
5c8dda1ced
feat(profile): remove rule moved in the base or nameservice abstraction. 2024-06-08 22:49:28 +01:00
Alexandre Pujol
921156c846
fix(profile): pavucontrol 
fix #371
 2024-06-07 19:25:22 +01:00
Alexandre Pujol
503e83a896
fix: steam support on flatpak. 
fix #368
 2024-06-07 17:10:54 +01:00
Alexandre Pujol
ff16790421
feat(abs): general update. 2024-06-03 18:37:12 +01:00
Alexandre Pujol
8f102dea0a
feat(profile): general update. 2024-05-13 20:35:11 +01:00
Alexandre Pujol
7963a65a88
feat(profile): add support for terminal in flatpak app. 
- Sandbox's security is managed by flatpak
- The app stays confined under the (not really strict) flatpak-app profile
- User shell runs unconfined (under the `user_unconfined` profile)

Running terminal as a flatpak app provides less security than as a normal app.
This is because the shell runs as user_unconfined profile that will purposely
not transition to any other profile. While a shell from a classic terminal will
transition to any profile it can, and thus would get restricted. In other words,
running `apt` inside flatpak would run under the `user_unconfined` while it
would use the `apt` profile outside the sandbox.

fix #314
 2024-05-08 15:48:14 +01:00
Alexandre Pujol
9a2f4b5dbe
feat(abs): improve some common user abstraction. 2024-05-07 16:10:09 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable. 
It is only used with the owner statement.
 2024-05-02 22:12:02 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Alexandre Pujol
e4c3f1f076
fix: flatpak-app was too strict for some app. 
See #314
 2024-04-25 13:26:11 +01:00
Alexandre Pujol
50ce9750d3
feat(abs): add common gnome abstraction for gnome UI app. 2024-04-09 23:34:45 +01:00
Alexandre Pujol
4f1f34de3f
feat(abs): internal cleanup. 2024-04-05 23:49:21 +01:00
Alexandre Pujol
095254864f
feat(profile): general update. 2024-04-03 21:04:18 +01:00
Alexandre Pujol
6dd0c36e9a
feat: prefix variables that refer to a profile 2024-04-02 13:41:08 +01:00
Alexandre Pujol
dab928305f
feat(abs): add igfx_user_feature to the graphics abs. 2024-03-31 12:45:13 +01:00
Alexandre Pujol
f8deb46591
feat(abs): add initiall version of the electron common abstraction. 2024-03-30 14:48:29 +00:00