apparmor.d

Author	SHA1	Message	Date
Alexandre Pujol	24a9da865f	chore: update sbin.list	2025-06-21 20:05:47 +02:00
Alexandre Pujol	0483f476ed	fix(profile): aa-enforce: ensure looking path in sbin is allowed.	2025-06-21 19:56:54 +02:00
Alexandre Pujol	6735b8e5f8	feat(profile): zram: move kmod to its own subprofile.	2025-06-21 19:55:22 +02:00
Alexandre Pujol	226cb23073	feat(profile): small improvement to steam.	2025-06-21 19:53:26 +02:00
Alexandre Pujol	03d7ef5589	feat(profile): add profile for sshd session. It is only a first draft as recent update in sshd, split sshd in multiple binaries, it will allow us to also split the confinement in multiple profile.	2025-06-21 19:52:22 +02:00
Alexandre Pujol	5eb08f8de5	feat(profile): improve pacman profiles.	2025-06-21 19:47:49 +02:00
Alexandre Pujol	cd619d280a	feat(profile): update apt profiles.	2025-06-21 19:44:43 +02:00
Alexandre Pujol	ea45cec24d	feat(fsp): improve fsp profiles.	2025-06-21 19:43:02 +02:00
Alexandre Pujol	bb6ca01718	feat(profile): ufw: integrate ufw-init in ufw, use sysctl in subprofile.	2025-06-21 19:36:23 +02:00
Alexandre Pujol	3ffff07f3f	tests: enforce abstractions test.	2025-06-20 00:00:48 +02:00
Alexandre Pujol	f29041576e	feat(profile): move away from old or too wide abstractions.	2025-06-19 23:55:20 +02:00
Alexandre Pujol	033a7475e0	tests: enforce equivalent tests.	2025-06-19 23:35:13 +02:00
Alexandre Pujol	27907e5a17	feat(profiles): ensure we use {m,g,}awk instead of awk.	2025-06-19 23:27:34 +02:00
Alexandre Pujol	be62e5186f	feat(profiles): ensure we use which{,.debianutils} instead of which.	2025-06-19 23:16:16 +02:00
Alexandre Pujol	d2dbf771cc	feat(profiles): ensure we use {,e}grep instead of grep.	2025-06-19 23:07:17 +02:00
Alexandre Pujol	0e4cc45a5b	tests: simplify sbin check.	2025-06-19 20:03:53 +02:00
Alexandre Pujol	e7f25571d0	chore(profile): rename netplan.script to netplan.	2025-06-17 00:22:34 +02:00
Alexandre Pujol	0478e62f56	feat(fsp): sd/sdu: improve integration with stacked profiles.	2025-06-17 00:19:43 +02:00
Alexandre Pujol	fc45e5ee66	feat(fsp): add initial sd-umount.	2025-06-17 00:18:39 +02:00
Alexandre Pujol	d01b7ce7d6	chore: cleanup linter issue.	2025-06-16 23:42:30 +02:00
Alexandre Pujol	390a8b1b01	build: add the fsp-debug build command.	2025-06-16 23:20:03 +02:00
Alexandre Pujol	1118d2ffc5	build: use the base-strict abstraction automatically.	2025-06-16 23:17:45 +02:00
Alexandre Pujol	7dd860f277	feat(profile): minor update & cosmetic.	2025-06-16 23:15:07 +02:00
Alexandre Pujol	eeebcf91f3	feat(abs): add base-strict. For now, it is only a restructuring of the base abstraction with awareness of the apparmor.d architecture.	2025-06-16 23:05:50 +02:00
Alexandre Pujol	34f9a53a3b	ci: start dropping ci tests on ubuntu 22.04.	2025-06-16 22:53:36 +02:00
Alexandre Pujol	011de3c301	feat(profile): flatpak: ensure remote can be added/removed. see #690	2025-06-16 22:48:16 +02:00
Alexandre Pujol	8fa7c49a65	feat(profile): add firefox crashhelper	2025-06-16 22:42:11 +02:00
Alexandre Pujol	b88cf164ec	feat(profile): gnome-shell: allow some basic tools needed by some extensions. fix #705	2025-06-16 22:38:37 +02:00
Alexandre Pujol	5ae1cc854d	fix(profile): pacman: add integration witn limine. fix #756	2025-06-16 22:20:13 +02:00
Alexandre Pujol	07007f93c4	fix(fsp): ignore not yet used mappings.	2025-06-16 22:06:55 +02:00
Alexandre Pujol	2941334b7c	fix(profile): brave flag & stacked helper. fix #763	2025-06-16 22:04:55 +02:00
Alexandre Pujol	110f4ea40e	feat(abs): mesa: add /var/cache as fallback location.	2025-06-16 22:01:40 +02:00
Alexandre Pujol	d3aa4ae4a1	fix(abs): ensure generic app can run widevine. fix #764	2025-06-16 22:01:08 +02:00
Alexandre Pujol	4cb6de3d2d	fix(profile): ufw: allow kmod. fix #765	2025-06-16 21:50:22 +02:00
Alexandre Pujol	8118bf3d23	fix: pinentry gtk need access to its cmdline. fix #768	2025-06-16 21:48:07 +02:00
Alexandre Pujol	5e14271f76	Merge FSP: rewrite the systemd profiles #753 * dev: (49 commits) fix: use mappings/sudo in su. build: justfile: add group. tests: update sbin.list fix: linter check. fix: add gpartedbin back to sbin.list. tests: show error line in sbin check. feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin). tests: remove symbolic link from sbin. test: add some security checks. tests: add more check for sbin path tests: rewrite and expand the profile check to more files. feat(tunable): add the archive_path variable. feat(profile): update gnome profiles. feat(fsp): small fsp improvement. feat(abs): minor improvement & cosmetic. feat(profile): add profiles for whoopsie. feat(profile): add initial profile for systemd-initctl. feat(profile): minor fsp related improvment. feat(fsp): setup RBAC mapping in auth enabled profiles. build: ignore all rule in abi3. ...	2025-06-16 21:41:08 +02:00
valoq	1f7e019500	clean desktop abstraction	2025-06-12 16:26:39 +02:00
valoq	5216cbdcde	add more xkeyboard-config-2 ressources	2025-06-12 16:26:39 +02:00
valoq	c947fe6c6c	complete xkeyboard-config-2 permissions	2025-06-12 16:26:39 +02:00
valoq	cdd45bcd60	add xkeyboard-config-2 ressources	2025-06-12 16:26:39 +02:00
Alexandre Pujol	3291d9a370	fix: use mappings/sudo in su.	2025-06-11 22:56:18 +02:00
Alexandre Pujol	e3bd48bd75	build: justfile: add group.	2025-06-11 22:55:17 +02:00
Alexandre Pujol	a4737546f7	tests: update sbin.list	2025-06-10 23:58:24 +02:00
Alexandre Pujol	65f9644753	fix: linter check.	2025-06-10 23:37:59 +02:00
Alexandre Pujol	edcbaa1b94	fix: add gpartedbin back to sbin.list.	2025-06-10 23:01:24 +02:00
Alexandre Pujol	f0355f36b9	tests: show error line in sbin check.	2025-06-05 00:36:30 +02:00
Alexandre Pujol	6ed873aad3	feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).	2025-06-05 00:35:43 +02:00
Alexandre Pujol	c8f2a435f8	tests: remove symbolic link from sbin.	2025-06-02 23:59:41 +02:00
Alexandre Pujol	f579940ae7	test: add some security checks.	2025-06-02 20:41:20 +02:00
Alexandre Pujol	fff0df39ba	tests: add more check for sbin path Also look for path that should not use sbin.	2025-06-01 23:59:14 +02:00

1 2 3 4 5 ...

3601 commits