felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3925 commits 5 branches 0 tags 16 MiB
Commit graph

3925 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alexandre Pujol
5cc5a019d4
feat(profile): snap: add support for dev version. 2025-08-31 17:40:42 +02:00
Alexandre Pujol
9a4d878557
refractor(abs): add screensaver abs, move bus screensaver abs. 2025-08-31 17:38:00 +02:00
Alexandre Pujol
9ee2605026
tests(packer): simplify pkg install script. 2025-08-31 13:29:11 +02:00
Alexandre Pujol
a3426fef8c
feat: precise nvidia devices number. 2025-08-31 13:23:48 +02:00
Alexandre Pujol
45faf0eee0
fix(tunable): add missing lightdm_state_dirs tunable. 2025-08-30 19:57:09 +02:00
Alexandre Pujol
ac6eac1333
feat(profile): cleanup usage of mime abs. 2025-08-30 19:47:07 +02:00
Alexandre Pujol
f5e2572457
feat(profile): cleanup usage of icons abs. 2025-08-30 19:37:47 +02:00
Alexandre Pujol
4f1fddd2fb
feat(profile): use natural transition instead of systemd drop in config when possible. 
As we can transition to the good profile naturally, do not use systemd for it.

This bypass the apparmor error:
`change_profile unprivileged unconfined converted to stacking`.

Note: we cannot do the same for dbus-system and dbus-session are they have the same binary.
 2025-08-30 14:25:43 +02:00
Alexandre Pujol
d6ddbf104c
refractor(profile): always use the gschemas abstraction. 2025-08-30 12:56:05 +02:00
Alexandre Pujol
0ada92da32
refractor(abs): gsettings -> gschemas. 2025-08-30 12:35:04 +02:00
Alexandre Pujol
b5020eac89
tests(packer): remobe sudo alias 2025-08-30 12:22:01 +02:00
Alexandre Pujol
94f01c68f6
feat(tunable): update home dir for gdm & add desktop_state_dirs. 2025-08-30 11:48:11 +02:00
Alexandre Pujol
1122f28cac
tests(packer): cleanup package install process. 
- apparmor restart is handled by the package
- it is a dev version, so it could fail.
 2025-08-30 11:46:40 +02:00
Alexandre Pujol
2bae05d309
feat(abs): add varianttable to apt common. 2025-08-30 11:05:19 +02:00
Alexandre Pujol
a3fde24b3d
feat: add aliases for all coreutils. 2025-08-29 23:58:39 +02:00
Alexandre Pujol
57251820e1
build: improve support for aa 5.0 2025-08-29 20:48:01 +02:00
Alexandre Pujol
2bb42bfca2
build: add support for apparmor 5.0 (current master branch) 2025-08-29 20:14:12 +02:00
Alexandre Pujol
be0d481068
feat(profile): remove common/systemd from systemd-detect-virt. 2025-08-29 19:56:41 +02:00
Alexandre Pujol
5d1ef40877
feat(profile): add some missing proc access. 
Due to recent changes in base-strict.
 2025-08-29 19:55:42 +02:00
Alexandre Pujol
61d8cee932
feat(profile): ssh: cleanup. 2025-08-28 21:27:58 +02:00
Alexandre Pujol
c9813dc34f
feat(abs): improve dbus rules in open & common gnome abs. 2025-08-28 21:26:17 +02:00
Alexandre Pujol
5faca8461d
feat(abs): remove user-dirs from recently-used abs. 2025-08-28 21:23:59 +02:00
Alexandre Pujol
e50e87bd61
feat(abs): update base additions. 2025-08-28 21:23:14 +02:00
Alexandre Pujol
544204e511
feat(abs): add the user-dirs abstraction. 2025-08-28 21:22:22 +02:00
Alexandre Pujol
4db65834a4
feat(abs): glibc: restrict auxv maps and statux to owner. 2025-08-28 21:15:42 +02:00
Alexandre Pujol
81d020173d
feat(profile): general update. 2025-08-28 21:09:09 +02:00
Alexandre Pujol
cf96e7b1d0
feat(profile): smal snap improvements. 2025-08-28 00:39:28 +02:00
Alexandre Pujol
749ae318fc
feat(profile): aa uses word8 as bug files. 2025-08-28 00:35:35 +02:00
valoq
ec2c0b1c8e add default path for plain use 2025-08-27 23:55:09 +02:00
valoq
9a302147bd fix typo 2025-08-27 23:55:09 +02:00
valoq
06f1c0538e remove whitespace 2025-08-27 23:55:09 +02:00
valoq
aec7d41a25 add profiles for wayland screen capture tools 2025-08-27 23:55:09 +02:00
Stoppedpuma
eedbc2223c cider-review-fixes 2025-08-27 23:54:10 +02:00
Stoppedpuma
f5970fcc67 Remove tabs 2025-08-27 23:54:10 +02:00
Stoppedpuma
98034784e9 Add cider profile 2025-08-27 23:54:10 +02:00
Stoppedpuma
1d51b1436d Small documentation improvements 2025-08-27 10:30:56 +02:00
Alexandre Pujol
7ecc84d3b0
feat(tunable): add pp tunable, improve dbus tunables. 2025-08-25 00:04:15 +02:00
Alexandre Pujol
068d205e13
fix(prebuild): removce ineffectual assignment. 2025-08-25 00:02:12 +02:00
Alexandre Pujol
bc270954d4
feat(abs): add missing bus abs. 2025-08-24 23:53:12 +02:00
Alexandre Pujol
2fcf4c5011
ci(github): remove test now enabled by default. 2025-08-24 23:38:15 +02:00
Alexandre Pujol
7aae9f0dd7
build: add stacked-dbus builder 
Resolve peer label variable in dbus rules. It create a full dbus rule by item in a variable when it is used a peer label.

For ubuntu with apparmor 4.1+

See https://gitlab.com/apparmor/apparmor/-/issues/537#note_2699570190
 2025-08-24 23:30:54 +02:00
Alexandre Pujol
107820975d
feat(aa): add file kind. 2025-08-24 23:18:41 +02:00
Alexandre Pujol
157c365b26
fix(aa): ensure tokenization helper cleanup data. 2025-08-24 23:17:10 +02:00
Alexandre Pujol
7d1f885209
test(aa): add testdata for network rule. 2025-08-24 23:15:21 +02:00
Alexandre Pujol
43f30333c6
feat(aa): add support for prompt and priority rule. 2025-08-24 23:14:52 +02:00
Alexandre Pujol
3a17dd3310
feat(aa): add support for advanced network rule. 2025-08-24 23:08:41 +02:00
Alexandre Pujol
bfcf9f846c
build: support for unconfined flag. 2025-08-24 22:52:35 +02:00
Alexandre Pujol
9b7c1acb1b
build: cosmetic on build task name. 2025-08-24 22:52:08 +02:00
Alexandre Pujol
1724040229
feat(profile): various ubuntu based improvements. 2025-08-24 22:15:51 +02:00
Alexandre Pujol
f21fecc25a
feat(profile): update possible path for browserpass. 2025-08-24 22:07:09 +02:00