felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3584 commits 5 branches 0 tags 16 MiB
Commit graph

532 commits

Author SHA1 Message Date
Alexandre Pujol
ca9a8d47f8
feat(profile): add protonmail-bridge 2024-06-11 23:16:19 +01:00
Alexandre Pujol
d283ef5196
feat(profile): general update. 2024-06-10 23:58:44 +01:00
Alexandre Pujol
bb6df870bb
chore: cleanup opensc debian structure. 2024-06-10 23:43:55 +01:00
REmerald
e362aa9107 feat(profiles-m-r): vim syntax support 
Add vim modeline instructing the editor to use the syntax plugin provided by apparmor.
 2024-06-09 19:44:15 +03:00
Alexandre Pujol
5c8dda1ced
feat(profile): remove rule moved in the base or nameservice abstraction. 2024-06-08 22:49:28 +01:00
Alexandre Pujol
921156c846
fix(profile): pavucontrol 
fix #371
 2024-06-07 19:25:22 +01:00
valoq
bb772167f0
add multiple profiles (#341) 
* add multiple profiles
 2024-05-31 10:47:01 +00:00
fira959
d12db8a8dc
Minor improvements (#336) 
* Update audio-client

* Update mpv

* Update mutt

add common mail dir

* Update apparmor.d

* Update mutt

* Update mutt

* Update mutt

* Update mutt

* Update mutt
 2024-05-30 17:51:57 +00:00
Alexandre Pujol
c785b41451
feat(profile): general update. 2024-05-18 22:35:05 +01:00
doublez13
ce329175da pass: Use editor abstraction 2024-05-16 15:44:29 +01:00
Alexandre Pujol
7b25ed1913
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Task: Update abstraction path
  Mutt: Update abstraction path
  Update and move abstractions/editor to abstractions/app/editor
  Task: Use editor abstraction
  Mutt: Use editor abstraction
  Create editor abstraction
 2024-05-13 20:37:12 +01:00
Alexandre Pujol
8f102dea0a
feat(profile): general update. 2024-05-13 20:35:11 +01:00
doublez13
533bff8583 Mutt: Update abstraction path 2024-05-12 17:34:33 +01:00
doublez13
769b4a7cec Mutt: Use editor abstraction 2024-05-12 17:34:33 +01:00
Alexandre Pujol
1739c07ca1
feat(profile): general update. 2024-05-11 17:38:43 +01:00
Alexandre Pujol
4d29127d57
feat(profile): rewrite the child-open* profiles. 2024-05-11 12:13:57 +01:00
Alexandre Pujol
538a73e21e
feat(profile): add user_unconfined profile & reorganise pam profiles. 2024-05-08 15:34:39 +01:00
Alexandre Pujol
1842f8a4d5
feat(profile): add some new profile (2). 2024-05-07 17:32:36 +01:00
Alexandre Pujol
fe1e3c3be8
feat(profile): add some new profile. 2024-05-07 17:25:43 +01:00
Alexandre Pujol
239d5efe63
feat(profile): general update. 2024-05-07 16:19:29 +01:00
Jose Maldonado
8224ac2b3f
Fix access to OpenSC configuration (#326) 2024-05-06 18:16:39 +00:00
Alexandre Pujol
9dba91296a
fix: typo in abs name. 2024-05-04 00:24:41 +01:00
Alexandre Pujol
683bfed4ad
feat(profile): modernise some profiles. 2024-05-04 00:14:07 +01:00
Alexandre Pujol
40abc98201
feat(profile): general update. 2024-05-03 18:16:12 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable. 
It is only used with the owner statement.
 2024-05-02 22:12:02 +01:00
Alexandre Pujol
db87c56f37
feat(profile): general update. 2024-05-01 14:22:42 +01:00
Alexandre Pujol
a1d6d318cc
feat(profile): tweak the new msedge profiles a bit. 2024-05-01 12:11:43 +01:00
Jose Maldonado aka Yukiteru
fd590e9199 Fix exec_path in profiles for Edge and copyright headers 2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru
d0ea5f50a3 New profile for Microsoft Edge and better support in abstractions/app/chromium 
This commit add new profile for Microsoft Edge browser and variants (beta,dev).
The new profile is based in actual chrome profile. Tested with actual Edge, in
Debian Stable and enforced rules. All ok using GPU Rasterization and Vulkan, not
HWAccel for encoding video because this is very unstable yet in all Chromium based
browsers.

Add support for libpam-tmpdir for abstractions/app/chromium and all browser using
this absctractions (Chrome, Chromium, Edge, and others). This fix access and use
of browser with libpam-tmpdir installed (Debian and Whonix)

Fix a denied access to RADV user cache (Vulkan-amdgpu) in abstractions/app/chromium
(Vulkan is optional in Chromium-based browser, but the backend is
perfectly usable now).
 2024-05-01 11:40:32 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Jose Maldonado
b4e5837bb9
Fix access to /tmp using libpam-tmpdir in Debian (#318) 
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.

Those rules for the directory

/tmp/user/@{uid}/<affected_program>

In the case of qBitorrent this applies to the following directory:

/tmp/user/@{uid}/.qBitorrent

This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.

Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)
 2024-04-28 10:27:39 +00:00
Jose Maldonado aka Yukiteru
d88e88767e Fix minitube profile for support Qt5CT and Qt6CT 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ed52e44cd Fix support for Qt5CT and Qt6CT in profiles-m-r 
This fix the next apps/binaries

*megasync
*merkaator
*mkvtoolnix-gui
*pinentry-qt
*psi
*psi-plus
*qnapi
*qpdfview
*qtox
*quiterss
*rpi-imager
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
c733d6b9c2 Modifications for qbittorrent profile and qt5.d abstractions 
This modifications allow read system and user qt5ct configs for better
integrations with other DEs (not-KDE).
 2024-04-26 00:16:25 +01:00
Alexandre Pujol
b3a5fb1ce5
fix: enable pam-tmpdir-helper for all distribution. 
fix #316
 2024-04-25 12:10:29 +01:00
Alexandre Pujol
095254864f
feat(profile): general update. 2024-04-03 21:04:18 +01:00
Alexandre Pujol
6dd0c36e9a
feat: prefix variables that refer to a profile 2024-04-02 13:41:08 +01:00
Alexandre Pujol
751bc683d9
fix(profile): ensure mutt pager can read its local storage. 
Revert some mutt related change from 0619f4dcec

See #309
 2024-04-01 21:42:58 +01:00
Alexandre Pujol
0619f4dcec
feat(profile): general update. 2024-03-29 19:45:10 +00:00
Alexandre Pujol
adb936e62f
feat(abs): add new shells abstraction. 2024-03-29 18:31:15 +00:00
Alexandre Pujol
2fc2394bad
feat(abs): rewrite user-read/user-write. 
See #307
 2024-03-28 16:47:40 +00:00
Alexandre Pujol
e77f8db40f
feat(abs): add bash-strict. 2024-03-27 22:07:43 +00:00
Alexandre Pujol
197c1bd78a
feat(profile): general update. 2024-03-27 21:53:11 +00:00
Alexandre Pujol
b88b8b8c26
refractor(abs): move common and app abstraction to their own abstractions subfolder. 
As the number of abstraction is increasing, it is valuable to separate "base" abstractions to programs specific ones.
 2024-03-27 15:11:21 +00:00
Alexandre Pujol
8da2fd621a
feat(abs): remove some unused abstractions. 2024-03-24 14:44:58 +00:00
Alexandre Pujol
a5f71675ea
feat(profile): general update. 2024-03-22 19:45:13 +00:00
Alexandre Pujol
87db46113c
feat(profile): cleanup common desktop files. 2024-03-21 23:28:57 +00:00
Alexandre Pujol
5149b55bd0
feat(profile): add only directive. 2024-03-21 23:18:03 +00:00
Alexandre Pujol
6c38e90b5e
feat(profile): update dbus directive format. 2024-03-21 23:03:08 +00:00
Alexandre Pujol
5039dae148
feat(profile): improve kde support on debian. 2024-03-20 16:13:20 +00:00