felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2531 commits 5 branches 0 tags 16 MiB
Commit graph

1189 commits

Author SHA1 Message Date
Alexandre Pujol
3147f7d59a
feat(snap): do not confine snap. 
Curently ignored because of some incompatibilities with snap-confine.

snap-confine is more important to confine than snap itself.
 2023-09-10 12:07:35 +01:00
curiosityseeker
aaed7a25da
Various updates (#209) 2023-09-10 10:59:26 +00:00
nobody43
d414083113 Debian 12 Gnome DE 2023-09-10 11:58:13 +01:00
Jose Maldonado aka Yukiteru
43ade39bbd Fix access to /tmp/user/@{uid} in Debian Stable 
Firefox require access to /tmp/user/@{uid}/ for downloads in Firefox ESR
for actual Debian Stable (FirefoxESR-102.15.0esr-1-deb12u1)
 2023-09-10 11:00:27 +01:00
Alexandre Pujol
1fb2de0acd
feat(profiles): general update. 2023-09-05 23:36:46 +01:00
Alexandre Pujol
9a614a3502
feat(profiles): improve opensuse integration. 
See:  #208
 2023-09-05 16:53:50 +01:00
Alexandre Pujol
155ef6bef1
feat(profiles): general update. 2023-09-05 16:42:06 +01:00
Alexandre Pujol
1fb5475ad1
fix(profiles): compatibilty with some dist. 
See #191
 2023-09-05 16:36:20 +01:00
curiosityseeker
41525621aa
Various updates (#204) 2023-09-04 13:58:07 +00:00
Alexandre Pujol
b2fa7bacb8
feat(profiles): general update. 2023-09-01 22:50:43 +01:00
Alexandre Pujol
0c151259d2
feat(profiles): update kde group. 2023-09-01 22:47:37 +01:00
Alexandre Pujol
aea0034fcc
chore: various cosmetic changes. 2023-09-01 19:26:52 +01:00
curiosityseeker
c2bb733624
Various updates (#201) 2023-09-01 18:09:45 +00:00
curiosityseeker
86b1ee4df2
Updating sddm, plasmashell, kwin_wayland, startplasma, kscreenlocker-greet and mesa and wayland abstractions (#200) 
* Update sddm

* Update plasmashell

* Update kwin_wayland

* Update kscreenlocker-greet

* Update startplasma

* Update complete

Needed by various applications, e.g. kwin_wayland.

* Mesa rules for sddm
 2023-08-30 18:48:25 +00:00
Alexandre Pujol
22e57b3620
feat(profiles): apply guideline on some profile. Update flags list. 2023-08-27 15:30:18 +01:00
Alexandre Pujol
7a5096e7d8
feat(profiles): add inital version of dolphin. 2023-08-27 15:24:54 +01:00
Alexandre Pujol
4d79af2203
feat(profiles): add gnome-extension-gsconnect 2023-08-27 14:57:50 +01:00
Alexandre Pujol
75ef5ef6ad
feat(profiles): general update. 2023-08-27 14:54:04 +01:00
Alexandre Pujol
19331acaa9
feat(profiles): improve dbus related rules. 2023-08-27 14:46:49 +01:00
Alexandre Pujol
ec3c5cd62e
feat(profiles): improve kde integration. 2023-08-27 14:32:08 +01:00
Alexandre Pujol
41e0ac6ba8
feat(profiles): rewrite dpkg profile. 2023-08-27 13:30:01 +01:00
curiosityseeker
7f4cef2fff
Kwin wayland, kwin wayland wrapper and sddm (#198) 
* Update kwin_wayland

Please check the udev rules and change them if needed - I'm not familiar with them.

* Update kwin_wayland_wrapper

* Update sddm

* Update kwin_wayland_wrapper

Reverting change for @{run}/user/@{uid}

* Update kwin_wayland: Correct udev rule

* Update kwin_wayland: adding the wayland abs

* Update sddm: reverting owner /tmo rules

* Update sddm: reverting /usr/share/X11/xkb rule

* Update sddm: adding the mesa abs

* Update kwin_wayland: order udev rules
 2023-08-27 11:19:13 +00:00
Alexandre Pujol
393f7001dc
fix(aa-log): profile template. 
See #182
 2023-08-26 11:32:56 +01:00
Alexandre Pujol
07cfbcd952
feat(profiles): modernize udev access. 2023-08-24 19:31:54 +01:00
Alexandre Pujol
73cb5a4545
feat(profiles): add kwin_wayland. 2023-08-23 18:14:22 +01:00
curiosityseeker
80b2124807
kded5, plasmashell, startplasma and sddm updates (#197) 
* Update kded5

* Update startplasma

* Update plasmashell

* Update sddm
 2023-08-23 12:54:28 +00:00
Alexandre Pujol
96b8f96137
feat(profiles): general update. 2023-08-22 23:23:47 +01:00
Alexandre Pujol
360230b2a5
feat(profiles): general update. 2023-08-21 23:32:10 +01:00
Alexandre Pujol
0ed036efd5
feat(firefox): minor firefox update. 2023-08-21 23:23:08 +01:00
Alexandre Pujol
5704d1ba20
feat(profiles): various profile fixes. 2023-08-19 14:01:50 +01:00
Alexandre Pujol
275d6b6e62
feat(profiles): replace old [0-9]* glob by @{int} 
Beware some [0-9]* glob are actually not proper @{int}.
 2023-08-18 17:09:53 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables 
* 'tunables' of https://github.com/nobody43/apparmor.d:
  dbus temp tails
  Update apparmor.d
  Update gdm-runtime-config
  more unrelated changes
  adjust date-time
  random tails
  rename to int, convert more profiles
  fixes
  tunables
 2023-08-17 20:01:53 +01:00
curiosityseeker
7b018a60bd
Update pacman (#193) 
* Update pacman

`@{exec_path} mr,` is causing the following errors:

```
ALLOWED pacman exec owner /usr/bin/pacman -> pacman//null-/usr/bin/pacman comm=bash requested_mask=x denied_mask=x
ALLOWED pacman//null-/usr/bin/pacman file_inherit owner /dev/pts/4 comm=pacman requested_mask=wr denied_mask=wr
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/bin/pacman comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/lib/ld-linux-x86-64.so.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r

etc.
```
`@{exec_path} mrix,`  fixes it. 

Commits for new profiles for `checkrebuild` and `pkgfile`  will follow.

* Fix pacman update

* Update apparmor.d/groups/pacman/pacman

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2023-08-17 18:49:56 +00:00
curiosityseeker
2299eb00f6 Partially revert change in child-open 2023-08-17 19:43:29 +01:00
curiosityseeker
9da2809695 Update child-open 
Adding gwenview and libreoffice
 2023-08-17 19:43:29 +01:00
curiosityseeker
6fc8cd3e60
Brave: adjust @{exec_path} (#161) 
The path in Ubuntu is:
/opt/brave.com/brave/brave

The path in Arch is:
/opt/brave-bin/brave

That's why Brave was not confined on Arch.
 2023-08-17 18:41:13 +00:00
ShellCode
cc8210a1bd
Fix xdg user dirs (#186) 
* Rename XDG_*_HOME to XDG_*_DIR for consistent naming

* tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override
 2023-08-17 18:28:10 +00:00
Alexandre Pujol
5d47dfba95
feat(profiles): general update. 2023-08-17 18:43:56 +01:00
Alexandre Pujol
f7b9ff959a
feat(profiles): rewrite the signal-desktop profile. 2023-08-17 18:37:36 +01:00
Alexandre Pujol
5911c43930
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  fix: signal-desktop (#195)
 2023-08-17 18:35:50 +01:00
Cyril Levis
b49bd32564
fix: signal-desktop (#195) 
issue: https://github.com/roddhjav/apparmor.d/issues/194
 2023-08-14 15:55:02 +00:00
Alexandre Pujol
1db6f5f67c
feat(profiles): improve ibus entry point. 2023-08-13 21:19:16 +01:00
Alexandre Pujol
a2c35b07a5
fix: libvirtd profile. 2023-08-06 16:45:39 +02:00
Alexandre Pujol
1cac6715db
feat(profiles): general update. 2023-08-06 16:30:38 +02:00
Alexandre Pujol
cdc10fdb31
feat(profiles): general update. 
See #134
 2023-08-06 16:06:17 +02:00
Alexandre Pujol
5938079dfd
fix: missing "startplasma-wayland" profile, but "sddm" tries to transition to it. 
#188
 2023-08-06 10:22:05 +02:00
curiosityseeker
4894d6a3c4
Adding /dev/tty[0-9]* and /dev/pts/[0-9]* to various profiles; update kded5 and reflector (#183) 
* Update update-mime-database

* Update btrfs

* Update update-grub

* Update pacman-hook-depmod

* Update pacman

* Update systemd-sysusers

* Update lscpu

* Update pacman-hook-systemd

* Update pacman-hook-perl

* Update pacman-hook-gtk

* Update needrestart-iucode-scan-versions

* Update reflector

* Update kded5
 2023-07-27 11:23:04 +00:00
ShellCode
0f9b7cb474
Fix #184 (#185) 
* Replace @{HOME}/.config with @{user_config_dirs}

* Replace @{HOME}/.cache with @{user_cache_dirs}

* Replace @{HOME}/.local/state with @{user_state_dirs}

* Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d

* Update docs/variables.md

* Replace @{HOME}/.local/share with @{user_share_dirs}

* Replace @{HOME}/.local/lib with @{user_lib_dirs}

* Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d"

This reverts commit 9525003098.
 2023-07-27 11:20:19 +00:00
Alexandre Pujol
a79f03f038
feat(kde): improve support for kde. 2023-07-20 21:10:19 +01:00
Alexandre Pujol
1424fb5493
feat(profiles): add iio-sensor-proxy 2023-07-20 21:09:18 +01:00