felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3375 commits 5 branches 0 tags 16 MiB
Commit graph

501 commits

Author SHA1 Message Date
Alexandre Pujol
cb30dcc4bc
feat(profile): general update. 
see #416
 2024-07-15 23:47:01 +01:00
Alexandre Pujol
68da315ac2
fix(profile): minor fixes. 
see #410
 2024-07-14 12:34:12 +01:00
valoq
bd1239b46a
add profiles for cmus and ouch (#408) 
* add profiles for cmus and ouch

* minor corrections
 2024-07-12 20:11:32 +01:00
Alexandre Pujol
d864f5c975
feat(profile): improve general integration 
See #407
 2024-07-12 20:08:58 +01:00
Alexandre Pujol
872b8fc30a
fix(profile): strawberry & nemo. 
see #407
 2024-07-11 14:29:43 +01:00
Alexandre Pujol
62e18d04d7
feat(profile): general update. 2024-07-04 22:22:48 +01:00
Alexandre Pujol
dcf92e8e88
feat(profile): update kde profiles. 2024-07-04 21:38:46 +01:00
Alexandre Pujol
f9a93ab67e
feat(profile): general update. 2024-06-29 23:05:45 +01:00
Alexandre Pujol
81ac0d0b6d
feat(profile): add ollama. 2024-06-24 17:39:08 +01:00
Alexandre Pujol
ae71b323c2
feat(profile): general update. 2024-06-23 11:25:17 +01:00
Alexandre Pujol
13b35b156e
feat(abs): add the app/kmod abstraction. 2024-06-16 21:50:48 +01:00
REmerald
41b1489b76 fix: add vim syntax to remaining files 
Add vim syntax modeline to files which didn't have it for some reason.
Continuation of #396.
 2024-06-16 17:32:21 +01:00
Alexandre Pujol
faab4928ed
feat(profile): general update. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
79eed4b93d
feat(profile): improve sqlite temp file definition. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
035e1da7b2
feat(abs): add udevadm app abstraction. 2024-06-15 21:59:31 +01:00
REmerald
280289247d
Merge branch 'main' into patch-profiles-m-r 2024-06-15 18:32:30 +03:00
REmerald
40a30dc310 fix(profiles-m-r): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 17:20:22 +03:00
valoq
7b69b696fb use strict abstraction 2024-06-13 13:38:42 +01:00
valoq
cc9e7fdde1 add preview tools 2024-06-13 13:38:42 +01:00
Alexandre Pujol
ca9a8d47f8
feat(profile): add protonmail-bridge 2024-06-11 23:16:19 +01:00
Alexandre Pujol
d283ef5196
feat(profile): general update. 2024-06-10 23:58:44 +01:00
Alexandre Pujol
bb6df870bb
chore: cleanup opensc debian structure. 2024-06-10 23:43:55 +01:00
REmerald
e362aa9107 feat(profiles-m-r): vim syntax support 
Add vim modeline instructing the editor to use the syntax plugin provided by apparmor.
 2024-06-09 19:44:15 +03:00
Alexandre Pujol
5c8dda1ced
feat(profile): remove rule moved in the base or nameservice abstraction. 2024-06-08 22:49:28 +01:00
Alexandre Pujol
921156c846
fix(profile): pavucontrol 
fix #371
 2024-06-07 19:25:22 +01:00
valoq
bb772167f0
add multiple profiles (#341) 
* add multiple profiles
 2024-05-31 10:47:01 +00:00
fira959
d12db8a8dc
Minor improvements (#336) 
* Update audio-client

* Update mpv

* Update mutt

add common mail dir

* Update apparmor.d

* Update mutt

* Update mutt

* Update mutt

* Update mutt

* Update mutt
 2024-05-30 17:51:57 +00:00
Alexandre Pujol
c785b41451
feat(profile): general update. 2024-05-18 22:35:05 +01:00
doublez13
ce329175da pass: Use editor abstraction 2024-05-16 15:44:29 +01:00
Alexandre Pujol
7b25ed1913
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Task: Update abstraction path
  Mutt: Update abstraction path
  Update and move abstractions/editor to abstractions/app/editor
  Task: Use editor abstraction
  Mutt: Use editor abstraction
  Create editor abstraction
 2024-05-13 20:37:12 +01:00
Alexandre Pujol
8f102dea0a
feat(profile): general update. 2024-05-13 20:35:11 +01:00
doublez13
533bff8583 Mutt: Update abstraction path 2024-05-12 17:34:33 +01:00
doublez13
769b4a7cec Mutt: Use editor abstraction 2024-05-12 17:34:33 +01:00
Alexandre Pujol
1739c07ca1
feat(profile): general update. 2024-05-11 17:38:43 +01:00
Alexandre Pujol
4d29127d57
feat(profile): rewrite the child-open* profiles. 2024-05-11 12:13:57 +01:00
Alexandre Pujol
538a73e21e
feat(profile): add user_unconfined profile & reorganise pam profiles. 2024-05-08 15:34:39 +01:00
Alexandre Pujol
1842f8a4d5
feat(profile): add some new profile (2). 2024-05-07 17:32:36 +01:00
Alexandre Pujol
fe1e3c3be8
feat(profile): add some new profile. 2024-05-07 17:25:43 +01:00
Alexandre Pujol
239d5efe63
feat(profile): general update. 2024-05-07 16:19:29 +01:00
Jose Maldonado
8224ac2b3f
Fix access to OpenSC configuration (#326) 2024-05-06 18:16:39 +00:00
Alexandre Pujol
9dba91296a
fix: typo in abs name. 2024-05-04 00:24:41 +01:00
Alexandre Pujol
683bfed4ad
feat(profile): modernise some profiles. 2024-05-04 00:14:07 +01:00
Alexandre Pujol
40abc98201
feat(profile): general update. 2024-05-03 18:16:12 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable. 
It is only used with the owner statement.
 2024-05-02 22:12:02 +01:00
Alexandre Pujol
db87c56f37
feat(profile): general update. 2024-05-01 14:22:42 +01:00
Alexandre Pujol
a1d6d318cc
feat(profile): tweak the new msedge profiles a bit. 2024-05-01 12:11:43 +01:00
Jose Maldonado aka Yukiteru
fd590e9199 Fix exec_path in profiles for Edge and copyright headers 2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru
d0ea5f50a3 New profile for Microsoft Edge and better support in abstractions/app/chromium 
This commit add new profile for Microsoft Edge browser and variants (beta,dev).
The new profile is based in actual chrome profile. Tested with actual Edge, in
Debian Stable and enforced rules. All ok using GPU Rasterization and Vulkan, not
HWAccel for encoding video because this is very unstable yet in all Chromium based
browsers.

Add support for libpam-tmpdir for abstractions/app/chromium and all browser using
this absctractions (Chrome, Chromium, Edge, and others). This fix access and use
of browser with libpam-tmpdir installed (Debian and Whonix)

Fix a denied access to RADV user cache (Vulkan-amdgpu) in abstractions/app/chromium
(Vulkan is optional in Chromium-based browser, but the backend is
perfectly usable now).
 2024-05-01 11:40:32 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Jose Maldonado
b4e5837bb9
Fix access to /tmp using libpam-tmpdir in Debian (#318) 
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.

Those rules for the directory

/tmp/user/@{uid}/<affected_program>

In the case of qBitorrent this applies to the following directory:

/tmp/user/@{uid}/.qBitorrent

This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.

Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)
 2024-04-28 10:27:39 +00:00