apparmor.d

Author	SHA1	Message	Date
valoq	26d8f65aaa	fix include	2025-06-18 22:35:59 +02:00
valoq	1833cbae0e	add profile for whois	2025-06-18 22:27:18 +02:00
Alexandre Pujol	6ed873aad3	feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).	2025-06-05 00:35:43 +02:00
Alexandre Pujol	55e4b27c2b	feat(tunable): add the archive_path variable.	2025-06-01 16:02:20 +02:00
Alexandre Pujol	af82a9caa6	feat(profile): add profiles for whoopsie.	2025-05-31 13:52:42 +02:00
Alexandre Pujol	89a1714610	fix(profile): a few linting fixes.	2025-05-30 00:14:54 +02:00
Alexandre Pujol	d5a65ba831	feat(profile): add a few small profile needed by fsp.	2025-05-29 23:26:18 +02:00
Alexandre Pujol	e83a9a60dc	feat(profile): finalize upgrade process.	2025-05-26 00:47:47 +02:00
Alexandre Pujol	a7807408b6	feat(profile): update some update-* profiles.	2025-05-26 00:47:47 +02:00
Alexandre Pujol	0a5743fa46	feat(profile): add profile for more update-* tools.	2025-05-26 00:47:47 +02:00
Alexandre Pujol	17624b95d8	feat(profile): update ucf profiles.	2025-05-26 00:47:47 +02:00
Alexandre Pujol	d5926e9411	feat(abs): update debconf abs.	2025-05-26 00:47:46 +02:00
Alexandre Pujol	8755c4a1b7	fix(profile): remove sbin on some program path Debian and opensuse do not install the same programs under /usr/sbin. This will have to be tracked by distribution. For now, sbin.list follows debian install.	2025-05-26 00:47:46 +02:00
Alexandre Pujol	6e0c646d14	feat(profile): add profile for ischroot.	2025-05-26 00:47:46 +02:00
Alexandre Pujol	49155625a5	feat(profile): rewrite debconf & add debconf-frontend.	2025-05-26 00:47:46 +02:00
Alexandre Pujol	10ef829d31	fix(profile): more possible id than int for i2c.	2025-05-18 19:31:33 +02:00
Alexandre Pujol	658c054c47	feat(profile): update and enforce a few profiles.	2025-05-18 14:46:35 +02:00
Alexandre Pujol	053ce04c8e	feat(tunanle): add the sqlhex variable.	2025-05-18 13:09:06 +02:00
Alexandre Pujol	00327dfae1	feat(profile): minor improvements.	2025-05-17 18:38:48 +02:00
Alexandre Pujol	877452519d	feat(profile): unix-chkpwd: Add read capability to profile Following the Security Technical Implementation Guide, it is better to set the permissions to 0000 for the shadow file. However, since PAM version 1.6.0, after this change [0], unix-chkpwd will unconditionnaly read the shadow file. And with the previous restriction, the binary has an access denied to the shadow which blocks user authentications. Moreover the PAM changes is needed to fix the CVE-2024-10041. Giving the read capability to the unix-chkpwd profile allows it to function properly. See bug report [1]. [0] - https://github.com/linux-pam/linux-pam/pull/686 [1] - https://bugzilla.suse.com/show_bug.cgi?id=1241678 Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>	2025-05-14 22:49:58 +02:00
Alexandre Pujol	415c09ca88	feat(tunable): add alias from which.debianutils to which.	2025-05-14 22:43:58 +02:00
Alexandre Pujol	1096666191	feat(profile): general minor update.	2025-05-14 22:36:46 +02:00
beroal	be0b63724c	`v4l2-ctl`: a CLI utility for managing webcams (#731 ) * v4l2-ctl * abi 3 to 4	2025-05-14 20:19:27 +00:00
tpaau-17DB	f83e24b1b7	Add profile for spotdl. (#736 ) * Add profile for spotdl. * Change `rpx` to `rPx` * Remove copyright	2025-05-14 20:17:06 +00:00
Alexandre Pujol	45d7cf48c4	fix(profile): small improvment raised by the tests.	2025-05-01 18:48:31 +02:00
Alexandre Pujol	3a568ba307	feat(profile): add more programs to the list of sbin program.	2025-05-01 15:17:03 +02:00
Alexandre Pujol	7b55b351ef	feat(profile): replace @{bin} by @{sbin} on additional profiles.	2025-04-28 22:41:40 +02:00
Alexandre Pujol	fd17a77b17	feat(profile): use @{sbin} for all program inside /usr/sbin.	2025-04-28 21:27:57 +02:00
Alexandre Pujol	5bfebf6ea5	feat(profile): small general improvments.	2025-04-26 17:34:30 +02:00
Alexandre Pujol	c008cbda67	feat(profile): add profile for most of udev internat scripts Required by FSP.	2025-04-13 22:46:53 +02:00
Alexandre Pujol	cd890bb81b	feat(profile): minor improvement & update.	2025-04-13 22:46:53 +02:00
Alexandre Pujol	0860667d28	fix(profile): spotify needs to read usb.	2025-04-13 22:46:53 +02:00
Alexandre Pujol	4c67b21bf3	feat(profile): finish using variable instead of [0-9].	2025-04-06 20:56:39 +02:00
Alexandre Pujol	1009de7e6c	feat(abs): add the fusermount abstraction.	2025-04-06 15:30:10 +02:00
Alexandre Pujol	d5e70ca994	fix(test): various integration improvments.	2025-04-05 21:43:55 +02:00
Alexandre Pujol	5fb5d03512	feat(abs): ensure attached/consoles is not used manually.	2025-04-05 15:00:08 +02:00
Alexandre Pujol	1751a9997c	fix(profile): integration tests.	2025-03-30 18:28:50 +02:00
Alexandre Pujol	ee52841833	feat(profile): add sysstat profiles.	2025-03-30 17:07:51 +02:00
Alexandre Pujol	735f5de518	feat(profile): general update.	2025-03-30 16:27:41 +02:00
Roman Beslik	647d22ab9f	read access to the hwmon directory	2025-03-26 10:21:22 +01:00
Alexandre Pujol	921503f514	feat(profile): small improvment on UI profiles.	2025-03-24 22:00:54 +01:00
EricLin0509	7f3f0809a6	Fix can't parse mount rule error	2025-03-23 19:15:05 +01:00
Alexandre Pujol	310f06bc03	feat(profile): minor improvment on wechat profiles	2025-03-23 16:53:38 +01:00
EricLin0509	11fc80663f	A small fix	2025-03-23 16:48:32 +01:00
EricLin0509	7d06d07450	Apply suggestions	2025-03-23 16:48:32 +01:00
EricLin0509	5ac4a521ca	Add support for different Wechat variants	2025-03-23 16:48:32 +01:00
Alexandre Pujol	a5385c594a	fix(profile): cosmetic.	2025-03-23 16:28:55 +01:00
Alexandre Pujol	0fce2e526d	Merge branch 'xfce' of github.com:nobody43/apparmor.d into nobody43-xfce * 'xfce' of github.com:nobody43/apparmor.d: xfce, fixes Adapt to RO root xfce, flags xfce, proper abi xfce, new profiles xfce, updates	2025-03-23 16:18:46 +01:00
Alexandre Pujol	21dfc6ea26	feat(profile): improve kde profiles. fix #676	2025-03-23 15:35:27 +01:00
Alexandre Pujol	bd9ab55bf0	feta(profile): remove the now duplicated @{bin}/perl r.	2025-03-18 23:10:38 +01:00

1 2 3 4 5 ...

693 commits