* dev: (49 commits)
fix: use mappings/sudo in su.
build: justfile: add group.
tests: update sbin.list
fix: linter check.
fix: add gpartedbin back to sbin.list.
tests: show error line in sbin check.
feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).
tests: remove symbolic link from sbin.
test: add some security checks.
tests: add more check for sbin path
tests: rewrite and expand the profile check to more files.
feat(tunable): add the archive_path variable.
feat(profile): update gnome profiles.
feat(fsp): small fsp improvement.
feat(abs): minor improvement & cosmetic.
feat(profile): add profiles for whoopsie.
feat(profile): add initial profile for systemd-initctl.
feat(profile): minor fsp related improvment.
feat(fsp): setup RBAC mapping in auth enabled profiles.
build: ignore all rule in abi3.
...
- ABI4 by default, fallback to abi 3.
- aa-prebuild cli that can be used by other project shipping profiles.
- --file option to cli to only build one dev profile.
- add abi version filter to only & exclude directives.
Improve go apparmor lib.
* aa: (62 commits)
feat(aa): handle appending value to defined variables.
chore(aa): cosmetic.
fix: userspace prebuild test.
chore: cleanup unit test.
feat(aa): improve log conversion.
feat(aa): move conversion function to its own file & add unit tests.
fix: go linter issue & not defined variables.
tests(aa): improve aa unit tests.
tests(aa): improve rules unit tests.
feat(aa): ensure the prebuild jobs are working.
feat(aa): add more unit tests.
chore(aa): cleanup.
feat(aa): Move sort, merge and format methods to the rules interface.
feat(aa): add the hat template.
feat(aa): add the Kind struct to manage aa rules.
feat(aa): cleanup rules methods.
feat(aa): add function to resolve include preamble.
feat(aa): updaqte mount flags order.
feat(aa): update default tunable selection.
feat(aa): parse apparmor preamble files.
...
Turn out this is the actual source of issues #80#235:
- Some programs do not start well with scrub the environment
- Not related to dbus (but dbus was affected)
- May concern a lot of profiles
As a temporary solution, we convert all Px in px while we find out a proper solution.
