apparmor.d

Author	SHA1	Message	Date
fira959	f86b305a66	Update discord profile (#332 ) --------- Co-authored-by: Alex <roddhjav@users.noreply.github.com>	2024-05-16 10:33:24 +00:00
Alexandre Pujol	41b814675b	fix: syntax error.	2024-05-15 23:53:17 +01:00
Alexandre Pujol	58e458f4ab	feat(profile): add the app/firefox abstraction.	2024-05-15 23:13:23 +01:00
Alexandre Pujol	f5ac8cd4a1	feat(profile): improve dbus rule in chromium based profiles.	2024-05-15 23:07:05 +01:00
Alexandre Pujol	ad960d477b	feat(profile): replace former regex by the new @{user} variable.	2024-05-15 17:22:20 +01:00
Alexandre Pujol	407c71b133	feat(profile): modernize a few app profiles.	2024-05-15 14:50:50 +01:00
fira959	acd6a9794d	Update signal-desktop (#331 ) * Update signal-desktop * Update signal-desktop-chrome-sandbox * Update signal-desktop * Update apparmor.d/groups/apps/signal-desktop Co-authored-by: Alex <roddhjav@users.noreply.github.com> * Update signal-desktop --------- Co-authored-by: Alex <roddhjav@users.noreply.github.com>	2024-05-14 21:54:31 +00:00
Alexandre Pujol	855f25da9b	feat(tunable): add hex38.	2024-05-14 12:55:57 +01:00
Alexandre Pujol	7b25ed1913	Merge branch 'main' of github.com:roddhjav/apparmor.d * 'main' of github.com:roddhjav/apparmor.d: Task: Update abstraction path Mutt: Update abstraction path Update and move abstractions/editor to abstractions/app/editor Task: Use editor abstraction Mutt: Use editor abstraction Create editor abstraction	2024-05-13 20:37:12 +01:00
Alexandre Pujol	00fd9ddec1	feat(profile): add iceauth	2024-05-13 20:36:46 +01:00
Alexandre Pujol	8f102dea0a	feat(profile): general update.	2024-05-13 20:35:11 +01:00
doublez13	8594700f9a	Task: Update abstraction path	2024-05-12 17:34:33 +01:00
doublez13	533bff8583	Mutt: Update abstraction path	2024-05-12 17:34:33 +01:00
doublez13	479d04abac	Update and move abstractions/editor to abstractions/app/editor	2024-05-12 17:34:33 +01:00
doublez13	eb32db16c6	Task: Use editor abstraction	2024-05-12 17:34:33 +01:00
doublez13	769b4a7cec	Mutt: Use editor abstraction	2024-05-12 17:34:33 +01:00
doublez13	e38f2ac721	Create editor abstraction I'm counting seven profiles that have a child profile named "editor" that all include roughly the same boiler plate policies. Let's abstract it out.	2024-05-12 17:34:33 +01:00
Alexandre Pujol	1739c07ca1	feat(profile): general update.	2024-05-11 17:38:43 +01:00
Alexandre Pujol	533b7ac937	feat(profile): update steam internal This is still a wip stage and the profile is not installed by default.	2024-05-11 17:28:44 +01:00
Alexandre Pujol	4d29127d57	feat(profile): rewrite the child-open* profiles.	2024-05-11 12:13:57 +01:00
Jose Maldonado aka Yukiteru	60ba9ae965	Fix and optimizations for flameshot profile Profile simplification PATH and better use for abstractions. Add permission for @{user_cache_dirs}	2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru	3748a13710	Fix access to translations and /tmp in run-time Flameshot access to /usr/share/flameshot for search translations for UI. And have access to /tmp for create tempfile for other apps (ex: send image to GIMP)	2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru	31cb3e962d	Enable flameshot profile I tested in enforce mode the flameshot profile and fix a little problem with access resources for this app. All work OK in Debian Stable.	2024-05-11 12:10:59 +01:00
Alexandre Pujol	2b6fb63245	feat(profile): add foliate.	2024-05-08 21:15:27 +01:00
Alexandre Pujol	bed9545082	feat(profile): general update.	2024-05-08 20:08:41 +01:00
Alexandre Pujol	da7747e0fe	feat(tunable): add all int, hex and read variable from 2 to 64.	2024-05-08 18:27:16 +01:00
Alexandre Pujol	7963a65a88	feat(profile): add support for terminal in flatpak app. - Sandbox's security is managed by flatpak - The app stays confined under the (not really strict) flatpak-app profile - User shell runs unconfined (under the `user_unconfined` profile) Running terminal as a flatpak app provides less security than as a normal app. This is because the shell runs as user_unconfined profile that will purposely not transition to any other profile. While a shell from a classic terminal will transition to any profile it can, and thus would get restricted. In other words, running `apt` inside flatpak would run under the `user_unconfined` while it would use the `apt` profile outside the sandbox. fix #314	2024-05-08 15:48:14 +01:00
Alexandre Pujol	538a73e21e	feat(profile): add user_unconfined profile & reorganise pam profiles.	2024-05-08 15:34:39 +01:00
Alexandre Pujol	66c8f42d94	feat(tunable): add the new @{user} variable	2024-05-07 17:41:34 +01:00
Alexandre Pujol	1842f8a4d5	feat(profile): add some new profile (2).	2024-05-07 17:32:36 +01:00
Alexandre Pujol	fe1e3c3be8	feat(profile): add some new profile.	2024-05-07 17:25:43 +01:00
Alexandre Pujol	239d5efe63	feat(profile): general update.	2024-05-07 16:19:29 +01:00
Alexandre Pujol	4ada6f5879	feat(profile): improve dpkg deb & split.	2024-05-07 16:12:29 +01:00
Alexandre Pujol	9a2f4b5dbe	feat(abs): improve some common user abstraction.	2024-05-07 16:10:09 +01:00
Alexandre Pujol	37bb51ccb5	fix: remove duplicate program name.	2024-05-07 15:57:57 +01:00
Jose Maldonado aka Yukiteru	1c6f7dd1c2	Fix recent error in abstractions/thumbnails-cache-read Sorry, in the previous commit I introduced an error in abstractions/thumbnails-cache-read that prevented this abstractions from working correctly after a restart and complete reload of the profiles (after a new installation from Git). This commit fixes the bug and with it must also pass the repository tests.	2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru	92a370210d	Fix exec for exim4 for anacron (default config Debian Stable) On default installation on Debian Stable (12) anacron run tasks and when finish all them, run exim4 for send info via mail. The actual profile don´t permit this behaviour and fail sending info for all task finished for mail configurated.	2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru	0d5655ba76	Noise reduction in exim4 profile exim4 profile access to /proc/sys/net/ipv6/conf/all/disable_ipv6 in read mode searching information over IPv6 connection in the host. In the actual profile this access is denied, this change fix this and reduce noise in log.	2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru	2f3c4574ec	Fix access to thumbnail cache dirs in abstractions gsd-housekeepin in GNOME have access to @{user_cache_dirs} for searching thumbnail files and executing one task for cleaning these files every day. The actual abstractions/thumbnails-cache-write fail in granted this access, specially to various folders in the thumbnail cache (ex: fail folder). These changes fix this access. For convenience abstractions/thumbnails-cache-read, have the same access structure also for files/folders, but only read permissions.	2024-05-07 15:55:09 +01:00
Alexandre Pujol	18d1ee66a2	feat(profile): update zram generator.	2024-05-07 13:19:41 +01:00
Alexandre Pujol	7cb006d20c	feat(tunable): add torbrowser download dir.	2024-05-07 00:05:20 +01:00
Alexandre Pujol	03dd5fe4cd	feat(profile): improve xfce profiles stack.	2024-05-07 00:04:07 +01:00
Alexandre Pujol	c84b48b0b4	feat(profile): add torbrowser-updater.	2024-05-06 23:53:17 +01:00
Alexandre Pujol	eeb990a934	feat(profile): add some whonix specific profiles.	2024-05-06 23:52:38 +01:00
Alexandre Pujol	c5ed997b6d	feat(profile): improve whonix specific profiles.	2024-05-06 23:51:46 +01:00
Alexandre Pujol	301ffb6065	fix(profile): link rule format.	2024-05-06 20:53:29 +01:00
Alexandre Pujol	f567c0eff7	fix(profile): do not use aa:exec in flatpak-app to avoid conflicting x.	2024-05-06 20:49:30 +01:00
Alexandre Pujol	c2d786200f	feat(profile): cleanup xsession logs.	2024-05-06 20:47:08 +01:00
Alexandre Pujol	4b4e14b1d6	fix(profile): various fix & cleanup	2024-05-06 20:33:01 +01:00
Alexandre Pujol	e2c69f18fa	Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update * 'feat/update' of https://github.com/Jeroen0494/apparmor.d: Cleanup Remove temp Various updates all over Various profile updates	2024-05-06 20:08:13 +01:00

... 19 20 21 22 23 ...

2727 commits