felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3832 commits 5 branches 0 tags 16 MiB
Commit graph

162 commits

Author SHA1 Message Date
Alexandre Pujol
bfcf9f846c
build: support for unconfined flag. 2025-08-24 22:52:35 +02:00
Alexandre Pujol
9b7c1acb1b
build: cosmetic on build task name. 2025-08-24 22:52:08 +02:00
Alexandre Pujol
eb2def65a1
feat(abs): move some dbus abs to the session subfolder. 2025-08-24 21:47:00 +02:00
Alexandre Pujol
4e70cb4c91
fix(profile): workaround in apparmor issue for attached path. 
See https://gitlab.com/apparmor/apparmor/-/issues/450
Fix #815
 2025-08-17 11:57:36 +02:00
Alexandre Pujol
b0c661931a
fix(build): fsp regex. 2025-08-15 18:23:05 +02:00
Alexandre Pujol
483c0c107d
build: enable re-attach disconnected path by default 
Ignored on Ubuntu 25.04 and abi3.0
 2025-08-15 18:22:07 +02:00
Alexandre Pujol
a5aa13923b
build: add support for building multiple version of the package. 2025-08-12 16:11:10 +02:00
Alexandre Pujol
b2910ae593 tests(check): add support for '#aa:lint ignore' inline directive to disable linting. 2025-08-04 12:47:01 +02:00
Alexandre Pujol
1118d2ffc5
build: use the base-strict abstraction automatically. 2025-06-16 23:17:45 +02:00
Alexandre Pujol
5e14271f76
Merge FSP: rewrite the systemd profiles #753 
* dev: (49 commits)
  fix: use mappings/sudo in su.
  build: justfile: add group.
  tests: update sbin.list
  fix: linter check.
  fix: add gpartedbin back to sbin.list.
  tests: show error line in sbin check.
  feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).
  tests: remove symbolic link from sbin.
  test: add some security checks.
  tests: add more check for sbin path
  tests: rewrite and expand the profile check to more files.
  feat(tunable): add the archive_path variable.
  feat(profile): update gnome profiles.
  feat(fsp): small fsp improvement.
  feat(abs): minor improvement & cosmetic.
  feat(profile): add profiles for whoopsie.
  feat(profile): add initial profile for systemd-initctl.
  feat(profile): minor fsp related improvment.
  feat(fsp): setup RBAC mapping in auth enabled profiles.
  build: ignore all rule in abi3.
  ...
 2025-06-16 21:41:08 +02:00
Alexandre Pujol
d9e6e686e0
build: ignore all rule in abi3. 2025-05-30 01:44:09 +02:00
Alexandre Pujol
7243c18ce2
fix(build): conversion from abi4 to abi3. 2025-05-26 23:54:56 +02:00
Alexandre Pujol
c07c5838e4
build: add RBAC filter to the only/exclude directive. 2025-05-26 01:00:08 +02:00
Alexandre Pujol
780ca65953
build(fsp): set stacked variables. 2025-05-26 00:57:37 +02:00
Alexandre Pujol
d9430c68c1
build: improve error message in the stack direcive. 2025-05-26 00:55:48 +02:00
Alexandre Pujol
8d374ed876
feat(fsp): add tunables for the future systemd executor profiles. 2025-05-17 22:25:27 +02:00
Alexandre Pujol
5edde91d44
fix(test): update test to the new value of bin. 2025-05-01 19:56:34 +02:00
Alexandre Pujol
48a37bbf34
build: configure sbin value according to the target distribution. 2025-05-01 14:36:57 +02:00
Alexandre Pujol
6d2147582e build: add mappings to the list of directories without profile files. 2025-04-13 22:46:53 +02:00
Alexandre Pujol
ead2f4e40b
Revert "fix: remove wip workarroind in gstreamer abs." 
This reverts commit 75a8ef2906.
 2025-04-06 16:07:51 +02:00
Alexandre Pujol
99df9cec51
fix(build): fsp configuration. 2025-04-06 15:39:48 +02:00
Alexandre Pujol
75a8ef2906
fix: remove wip workarroind in gstreamer abs. 2025-04-06 14:47:55 +02:00
Alexandre Pujol
9e9036b86d
fix: revert to CopyTo to handle overwrite. 2025-04-06 14:47:01 +02:00
Alexandre Pujol
99f5ed5901
fix: remove now unused variable. 2025-04-06 00:18:01 +02:00
Alexandre Pujol
8d71574e4d
build: improve the use of attached/base. 2025-04-05 21:31:51 +02:00
Alexandre Pujol
7d6f68a95e
feat(abs): automatically use the attached consoles. 2025-04-05 20:55:29 +02:00
Alexandre Pujol
2c3380f9ba
build: use golang CopyFS 
- speed up prebuild sync tasks.
 2025-04-05 00:28:04 +02:00
Alexandre Pujol
984cf28e61
chore: apply some linter recommendations. 2025-04-04 23:45:24 +02:00
Alexandre Pujol
baa3f8f639
build: generalise the use of apparmor version during the build. 2025-03-30 17:06:00 +02:00
Alexandre Pujol
1f55c07692
build: automatically include bus/own-* abstraction when required. 2025-03-23 12:31:43 +01:00
Alexandre Pujol
96e79d9d88
build: add filter for apparmor version. 2025-03-15 00:26:47 +01:00
Alexandre Pujol
e4a7e16ec0
build: add support for apparmor 4.1 
Enabled when prebuild is run with the --version 4.1 argument
 2025-03-14 22:07:59 +01:00
Alexandre Pujol
dcc6c72cbd
build(directive): add the dbus common subdirective for bus abstraction. 2025-03-13 19:08:56 +01:00
Alexandre Pujol
106921df23
fix(build): ensure fsp mode set the systemd profile name correctly. 2025-03-08 14:23:08 +01:00
Alexandre Pujol
03406096ce
feat(dbus): simplify the way to provide unix address for dbus. 2025-03-06 23:46:49 +01:00
Alexandre Pujol
972ae950e4
build: improve the dbus directive. 
- Support for additional interfaces: +=
- Restrict the generated dbus rules
- Add the required unix bind rule.
 2025-02-23 20:53:49 +01:00
Alexandre Pujol
81ecce1ef7
fix(build): test in directive. 2025-02-23 20:17:49 +01:00
Alexandre Pujol
e41c5f6055
build; make the pkgname configurable. 2025-01-17 00:06:35 +01:00
Alexandre Pujol
ba067a0214
build: naming cosmetic. 2025-01-14 23:58:01 +01:00
Alexandre Pujol
9953cf1fbd
build: make synchronise task configurable. 
Required by downtream repository.
 2025-01-14 23:57:19 +01:00
Alexandre Pujol
f1182b27bb
build: do not resolve files in local/ 2025-01-12 20:30:52 +01:00
Alexandre Pujol
fc85b9fc58
build: better division of prebuild stages. 2025-01-12 19:41:47 +01:00
Alexandre Pujol
61939a3bf8
build: disable dummy upstream profile in favor of ours. 2025-01-12 18:22:39 +01:00
Alexandre Pujol
0206e04b3f
build: ensure build task get the proper profile name. 2024-11-11 21:18:16 +00:00
Alexandre Pujol
273485217c
build: add the task to automatically attach disconnected path. 
Not yet enabled on build, as the profiles still require some testing.
 2024-10-12 20:08:21 +01:00
Alexandre Pujol
e90ccd214c
refractor: move CopyTo 
Will be replaced by os.CopyFS with go 1.23
 2024-10-12 15:40:17 +01:00
Alexandre Pujol
982c2c66aa
refractor: rename some path util function. 2024-10-12 15:31:24 +01:00
Alexandre Pujol
ebdeef152c
build: root -> share. 2024-10-11 22:31:06 +01:00
Alexandre Pujol
68127c3859
build: allow to run prebuild outside of this project. 2024-10-09 14:03:54 +01:00
Alexandre Pujol
94703681d9
build: build tasks: dev -> hotfix. 2024-10-08 23:44:13 +01:00