felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3882 commits 5 branches 0 tags 16 MiB
Commit graph

22 commits

Author SHA1 Message Date
Alexandre Pujol
4f1fddd2fb
feat(profile): use natural transition instead of systemd drop in config when possible. 
As we can transition to the good profile naturally, do not use systemd for it.

This bypass the apparmor error:
`change_profile unprivileged unconfined converted to stacking`.

Note: we cannot do the same for dbus-system and dbus-session are they have the same binary.
 2025-08-30 14:25:43 +02:00
Alexandre Pujol
32a9806219
feat(fsp): update systemd user drop in files with AppArmorProfile set to the target profile. 2025-05-29 23:52:40 +02:00
Alexandre Pujol
1aa0142a6a
feat(fsp): add/update systemd drop in files with AppArmorProfile set to the target profile. 2025-05-29 23:20:32 +02:00
Alexandre Pujol
8f3f3816ed
feat(fsp): systemd drop in files: configure stacked profile 
It comes as a replacement of old and unsecure config that was disabling the nnp flag.
The new solution is:
1. Safe
2. Scalable  as hundred of profile could be configured this way
 2025-05-26 23:31:35 +02:00
Alexandre Pujol
01a1af6c1b
feat(systemd): ensure dbus service are started after apparmor. 2024-10-06 20:19:09 +01:00
Alexandre Pujol
7cbf8a8f9b
fix: do not force early load of userdbd as it can cause issues. 2024-03-21 23:22:08 +00:00
Alexandre Pujol
d41f289e2a
feat: ensure the dbus services start with the good profile. 
As the entrypoin is the same for system & session bus, it is required to use
systemd to select the profile.
 2024-03-16 21:52:38 +00:00
Alexandre Pujol
a66ff700a2
build: split systemd drop file in function of their purpose. 
default: ensure a service use a given profile
early: ensure a service start after apparmor.
 2024-03-15 16:17:19 +00:00
Alexandre Pujol
9f0306a8ac
feat(build): ensure thge a0t-spi-dbus service start with the good profile. 2024-03-13 16:21:28 +00:00
Alexandre Pujol
9fb4f7b8fd
feat(fsp): add nnp execption. 2024-02-10 01:11:19 +00:00
monsieuremre
f6a40d23df Delete systemd/full/system/user@.service 2024-02-08 16:04:20 +00:00
Alexandre Pujol
c006371e5b
feat(fsp): rewrite systemd-user profile. 
Works fine when fsp is not enabled, still has issue in fsp mode.
 2024-02-06 22:41:12 +01:00
Alexandre Pujol
18dbc60ff0
feat(full): add some systemd dropin files. 2024-01-21 12:29:56 +00:00
Alexandre Pujol
d2078fcb3a
feat(profile): general update. 2023-12-10 15:27:44 +00:00
Alexandre Pujol
96ea9d17ae
feat(full): disable nnp flag on some services. 2023-11-19 14:32:57 +00:00
Alexandre Pujol
f564347580
refractor: move default systemd drop in files. 2023-11-19 14:20:14 +00:00
Alexandre Pujol
3ddf2f273a
feat(systemd): Set profile name for ibus gnome service. 2022-10-15 23:16:30 +01:00
Alexandre Pujol
493f3c5583
refactor: systemd -> systemd/system 2022-10-15 23:14:58 +01:00
Alexandre Pujol
027a506eec
feat(systemd): simplify service overwride. 2022-10-04 21:18:07 +01:00
Alexandre Pujol
b3a28da5e5
fix(profiles): do not confine udevd by default as it may break the boot. 2022-06-26 16:41:41 +01:00
nobodysu
539caaaf8c systemd-timesyncd.service 2022-01-19 21:52:07 +03:00
Alexandre Pujol
ea6edea2e1
Ensure some systemd services do not start before apparmor rules are loaded. 2021-04-02 10:34:59 +01:00