felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3996 commits 5 branches 0 tags 16 MiB
Commit graph

1812 commits

Author SHA1 Message Date
Alexandre Pujol
5d1ef40877
feat(profile): add some missing proc access. 
Due to recent changes in base-strict.
 2025-08-29 19:55:42 +02:00
Alexandre Pujol
61d8cee932
feat(profile): ssh: cleanup. 2025-08-28 21:27:58 +02:00
Alexandre Pujol
544204e511
feat(abs): add the user-dirs abstraction. 2025-08-28 21:22:22 +02:00
Alexandre Pujol
4db65834a4
feat(abs): glibc: restrict auxv maps and statux to owner. 2025-08-28 21:15:42 +02:00
Alexandre Pujol
81d020173d
feat(profile): general update. 2025-08-28 21:09:09 +02:00
Alexandre Pujol
cf96e7b1d0
feat(profile): smal snap improvements. 2025-08-28 00:39:28 +02:00
Alexandre Pujol
749ae318fc
feat(profile): aa uses word8 as bug files. 2025-08-28 00:35:35 +02:00
Alexandre Pujol
1724040229
feat(profile): various ubuntu based improvements. 2025-08-24 22:15:51 +02:00
Alexandre Pujol
0fccbef52b
feat(profile): improve firefox profiles. 2025-08-24 22:06:34 +02:00
Alexandre Pujol
3061882809
feat(profile): update dbus rules for Ubuntu. 2025-08-24 22:04:07 +02:00
Alexandre Pujol
eb2def65a1
feat(abs): move some dbus abs to the session subfolder. 2025-08-24 21:47:00 +02:00
Alexandre Pujol
bfe35f254e
feat(profile): small improvement for snap. 2025-08-23 17:40:48 +02:00
Alexandre Pujol
15b8a6cea4
fix: linter issue. 2025-08-22 21:22:25 +02:00
Alexandre Pujol
53df40b8ac
feat(profile) gvfs: more dbus integration. 2025-08-22 20:40:36 +02:00
Alexandre Pujol
f18fc88253
feat(profile): kde: improve dbus rules. 2025-08-22 20:39:18 +02:00
Alexandre Pujol
cea9fd5614
feat(profile): improve kde integration 
see #559
 2025-08-22 20:37:48 +02:00
Alexandre Pujol
1506ae04d8
fix(profile): /att/**/ instead of @{att}/ 2025-08-22 20:03:19 +02:00
Alexandre Pujol
fb82d8d0d6
feat(profile): small gnome related improvement. 2025-08-22 18:27:22 +02:00
Alexandre Pujol
46d4207d71
feat(profile): makepkg: handle lsb_release and pager. 2025-08-22 18:22:59 +02:00
Alexandre Pujol
2d3831221a
feat(profile): update cups profiles. 2025-08-22 18:16:43 +02:00
Alexandre Pujol
ba217a261e
feat(profile): update flatpak profiles. 2025-08-22 18:15:38 +02:00
Alexandre Pujol
ec73d8349e
fix(profile): gnome access to chromium shared. 
fix #806
 2025-08-22 18:05:05 +02:00
Alexandre Pujol
e7a91b307e
fix(profile): fusermount with fsarchiver 
fix #817
 2025-08-22 18:01:31 +02:00
Alexandre Pujol
0f017048e4
fix(profile): fix att path in flatpak 
fix #820
 2025-08-22 17:57:40 +02:00
curiosityseeker
ddee051279 Update gnome-boxes 2025-08-22 17:40:56 +02:00
curiosityseeker
b3dd09ce01 Update gnome-boxes 
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ladspa.rdfs comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ladspa-rubberband.rdf comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb2/2-3/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-6/1-6.2/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-14/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-13/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
 2025-08-22 17:40:56 +02:00
curiosityseeker
2c64ab91cb Update grub-mkrelpath 2025-08-22 17:40:39 +02:00
curiosityseeker
4d15570ff1 Update grub-mkrelpath 
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-08-20T16:43@{busname}.488Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-08-18T13:49@{busname}.739Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-04-11T11@{busname}:58.643Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_@{int16}5/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-08-20T16:43@{busname}.488Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-08-18T13:49@{busname}.739Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-04-11T11@{busname}:58.643Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_@{int16}5/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
 2025-08-22 17:40:39 +02:00
Alexandre Pujol
f3d209e42a
feat(profile): ensure nautilus can access root files. 2025-08-19 22:58:46 +02:00
Alexandre Pujol
c806ec44eb
feat(profile): update virt profiles. 2025-08-19 22:56:07 +02:00
Alexandre Pujol
5e5fde7741
feat(abs): add the sqlite abstraction. 2025-08-19 21:43:20 +02:00
Alexandre Pujol
24f629d326
fix(profile): few fixes related to reattached paths. 
See #816
 2025-08-17 21:43:23 +02:00
Alexandre Pujol
ba16e3c340
feat(profile): cleanup log from well known programs. 2025-08-17 17:20:08 +02:00
Alexandre Pujol
4dba131fb3
feat(profile): parser: move sysctl to its own subprofile. 2025-08-17 17:16:24 +02:00
Alexandre Pujol
7e79d5abef
feat(profile): improve support for ubuntu & kubuntu. 2025-08-17 17:15:24 +02:00
Alexandre Pujol
523522dd1d
feat(profile): improve kde profiles. 2025-08-17 17:05:38 +02:00
Alexandre Pujol
edc2755d61
feat(profile): kde: add initial dbus definition. 2025-08-17 17:03:17 +02:00
Alexandre Pujol
4e70cb4c91
fix(profile): workaround in apparmor issue for attached path. 
See https://gitlab.com/apparmor/apparmor/-/issues/450
Fix #815
 2025-08-17 11:57:36 +02:00
Alexandre Pujol
e55ace4e0a
fix(profile): issue with re-attached paths 
- Add missing att on some profiles
- Fix alias / -> //
- Fix aa-log att variable resolution

fix #813 #814
 2025-08-17 00:07:53 +02:00
Alexandre Pujol
5ee999536c
feat(abs): reorganize the electron & chromium abs. 2025-08-16 19:23:33 +02:00
Alexandre Pujol
c29b4ba536
feat(profile): various security/linter improvement 
- Ignore some rule from the linter
- Move some bin to subprofile
 2025-08-15 18:03:36 +02:00
Alexandre Pujol
aafcd1c861
feat(profile): simplify ssh home path. 2025-08-15 17:21:24 +02:00
Alexandre Pujol
3d329fdef8
feat(profile): minor profiles improvement. 2025-08-15 11:39:35 +02:00
Alexandre Pujol
9c9af1d821
feat(profile): improve integration with ubuntu. 2025-08-15 10:59:20 +02:00
Alexandre Pujol
112d54907e
feat(profile): thunderbird/firefox: move rules needed in both programs. 2025-08-15 10:53:52 +02:00
Alexandre Pujol
d09f5d055f
feat(profile): improve dbus definitions. 2025-08-15 10:51:16 +02:00
Alexandre Pujol
e2b1547bf1
feat(profile): ssh: add ssh.hmac 
Similar to newest version of sshd with sshd.hmac

see #811
 2025-08-15 10:41:26 +02:00
Alexandre Pujol
b1b3ee8321
feat(abs): add tty/drivers to pgrrep/pkill subprofiles. 
see #811
 2025-08-15 10:38:15 +02:00
Alexandre Pujol
ace53f3002
feat(profile): openvpn need to load module. 
See #811
 2025-08-15 10:35:19 +02:00
Alexandre Pujol
c02674593d
feat(profile): update kde profiles 
see #811
 2025-08-15 10:34:48 +02:00