felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3834 commits 5 branches 0 tags 16 MiB
Commit graph

2797 commits

Author SHA1 Message Date
Jose Maldonado aka Yukiteru
0a941e7d87 Fix for access video devices and opensc in Chromium profile 
This commit fix two issues for abstractions/app/chromium

1.- Access to /dev/video (not merged in last commit)
2.- Access to /etc/opensc/opensc.conf in Debian (and derivates)
 2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru
d0ea5f50a3 New profile for Microsoft Edge and better support in abstractions/app/chromium 
This commit add new profile for Microsoft Edge browser and variants (beta,dev).
The new profile is based in actual chrome profile. Tested with actual Edge, in
Debian Stable and enforced rules. All ok using GPU Rasterization and Vulkan, not
HWAccel for encoding video because this is very unstable yet in all Chromium based
browsers.

Add support for libpam-tmpdir for abstractions/app/chromium and all browser using
this absctractions (Chrome, Chromium, Edge, and others). This fix access and use
of browser with libpam-tmpdir installed (Debian and Whonix)

Fix a denied access to RADV user cache (Vulkan-amdgpu) in abstractions/app/chromium
(Vulkan is optional in Chromium-based browser, but the backend is
perfectly usable now).
 2024-05-01 11:40:32 +01:00
Alexandre Pujol
065f2233ac
feat(abs): ensure pam-tmpdir-helper is allowed in the auth abs for all distribution. 2024-04-29 11:58:55 +01:00
Jeroen Rijken
e8eadcc7ec Cleanup 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-04-28 16:25:45 +02:00
Jeroen Rijken
c40bdcece7 Remove temp 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-04-28 16:19:01 +02:00
Jeroen Rijken
8b3613fa48 Various updates all over 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-04-28 16:08:03 +02:00
Jeroen Rijken
821e753572 Various profile updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-04-28 15:57:27 +02:00
Alexandre Pujol
2aa8986a21
feat(profile): update gvfsd-recent. 2024-04-28 13:57:27 +01:00
Alexandre Pujol
454daa9602
feat(profile): restrict torbrowser. 2024-04-28 13:53:25 +01:00
Alexandre Pujol
a63201486b
feat(profile): update flatpak profiles stack. 2024-04-28 13:51:57 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Jose Maldonado
b4e5837bb9
Fix access to /tmp using libpam-tmpdir in Debian (#318) 
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.

Those rules for the directory

/tmp/user/@{uid}/<affected_program>

In the case of qBitorrent this applies to the following directory:

/tmp/user/@{uid}/.qBitorrent

This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.

Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)
 2024-04-28 10:27:39 +00:00
Jose Maldonado aka Yukiteru
2f3d55e924 Fix out-of-scope in abstractions/video and bad use abstraction in chromium 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
d88e88767e Fix minitube profile for support Qt5CT and Qt6CT 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
df52a5aa50 Fix support for Qt5CT and Qt6CT in profiles-s-z 
This fix the next apps/binaries

*smplayer
*smtube
*strawberry
*thunderbird
*transmission-qt
*usbguard-applet-qt
*vidcutter
*vlc
*wpa-gui
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ed52e44cd Fix support for Qt5CT and Qt6CT in profiles-m-r 
This fix the next apps/binaries

*megasync
*merkaator
*mkvtoolnix-gui
*pinentry-qt
*psi
*psi-plus
*qnapi
*qpdfview
*qtox
*quiterss
*rpi-imager
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
917a754206 Fix suppport for Qt5CT and Qt6CT in profiles-g-l 
This fix support for this profiles

*kanyremote
*keepassxc
*linssid
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
5c35b1d69c Fix profiles for support Qt5CT and Qt6CT 
This fix the next profiles

*Birdtray
*Convertall
*Fritzing
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
72784f4cbc Fix support for Qt5CT and Qt6CT in kde groups profiles 
This fix support in this apps/binaries

*kio_http
*kiod
*kscreenlocker
*kwalletd
*kwalletmanager
*kwin_wayland
*sddm-greeter
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ba5adc6f2 Fix qt5ct and qt6ct support in freedesktop group profiles 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
35f947aaa9 Fix Calibre group profile 
Forgotten qt5ct line in Calibre group profile.
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
d26b86c5d7 Fix support for Qt5 and Qt5 in apps groups 
This changes fix access to qt5ct and qt6ct for:

*Calibre
*Flameshot
*Telegram
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
004572349d Fix support for Qt5 and Qt6 in Akonadi group 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
5d1fae1121 Better support for video devices (ex: webcam) 
Actually, Wirepumbler profile fail to access to /dev/video devices
this update fix this problem.
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
3291fa7f8f Better support for Qt in abstractions/chromium 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
4355f707db Add support for qt5ct and qt6ct 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
4874bd8c7e Fix path in abstractions/qt5 2024-04-26 00:16:25 +01:00
Jose Maldonado aka Yukiteru
0adb00212a Changes for use @{user_config_dirs} for abstractions/qt5.d integration 2024-04-26 00:16:25 +01:00
Jose Maldonado aka Yukiteru
c733d6b9c2 Modifications for qbittorrent profile and qt5.d abstractions 
This modifications allow read system and user qt5ct configs for better
integrations with other DEs (not-KDE).
 2024-04-26 00:16:25 +01:00
Alexandre Pujol
e4c3f1f076
fix: flatpak-app was too strict for some app. 
See #314
 2024-04-25 13:26:11 +01:00
Alexandre Pujol
b3a5fb1ce5
fix: enable pam-tmpdir-helper for all distribution. 
fix #316
 2024-04-25 12:10:29 +01:00
Alexandre Pujol
af6d4d698e
fix: clean redundant x transition. 
See #312
 2024-04-15 18:25:24 +01:00
Alexandre Pujol
4c6122598e
fix: add missing systemd-notify profile. 2024-04-13 12:21:47 +01:00
Alexandre Pujol
4a27c92d53
feat(abs): add dummy org.kde.kwalletd bus abs. 2024-04-10 00:02:41 +01:00
Alexandre Pujol
a7f1973246
feat(profile): add more whonix specific profile. 2024-04-10 00:01:26 +01:00
Alexandre Pujol
a966cc0a93
feat(profile): add more xfce profiles. 2024-04-09 23:59:52 +01:00
Alexandre Pujol
3d8cdc0834
feat(profile): improve dbus integration in some apps. 2024-04-09 23:52:26 +01:00
Alexandre Pujol
3c6102e919
feat(profile): general update. 2024-04-09 23:48:33 +01:00
Alexandre Pujol
5873cbff95
feat(profile): add a few gnome core app. 2024-04-09 23:43:14 +01:00
Alexandre Pujol
69f90c5a11
feat(profile): use gnome abs in common gnome app. 2024-04-09 23:42:03 +01:00
Alexandre Pujol
50ce9750d3
feat(abs): add common gnome abstraction for gnome UI app. 2024-04-09 23:34:45 +01:00
Alexandre Pujol
8327fc83b6
feat(profile): add child-open-help. 2024-04-08 22:00:00 +01:00
Alexandre Pujol
f34fbeef7f
fix: ensure can start child-modprobe-nvidia. 2024-04-08 19:50:19 +01:00
Alexandre Pujol
900ef19cff
feat(profile): general update. 2024-04-08 19:28:10 +01:00
Alexandre Pujol
f96e5a9713
feat(profile): update kde integration. 
See #310
 2024-04-08 19:17:01 +01:00
Alexandre Pujol
edf32f923c
feat(abs): add support for xfce in the desktop abs. 2024-04-08 18:08:30 +01:00
Alexandre Pujol
1919d90770
feat(profile): start using child-modprobe-nvidia. 2024-04-08 18:07:18 +01:00
Alexandre Pujol
6cbaefc4d5
feat(profile): whonix: add rads 2024-04-06 15:11:04 +01:00
Alexandre Pujol
279b8b40a6
feat(profile): whonix: add sdwdate profiles. 2024-04-06 15:09:48 +01:00
Alexandre Pujol
9aa9f26507
feat(profile): general update. 2024-04-05 23:55:21 +01:00