felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3907 commits 5 branches 0 tags 16 MiB
Commit graph

391 commits

Author SHA1 Message Date
Alexandre Pujol
8c33125b5e
build: add missing server build task. 2025-09-06 23:46:12 +02:00
Alexandre Pujol
64d71ffb6e
build: attach: ensure we don't recursivelly call ourself. 2025-09-06 23:45:08 +02:00
Alexandre Pujol
5484f84764
tests(build): add tests for the stacked-dbus build task. 2025-09-06 23:32:06 +02:00
Alexandre Pujol
ab7cba2da6
build: add early support for server version of the package. 2025-09-06 22:16:40 +02:00
Alexandre Pujol
470025c090
build(debian): update list of profile to hide. 
Nb: we cannot use these profiles as they would break with apparmor.d profiles (they don't expect confined peer).
 2025-09-06 19:39:18 +02:00
Alexandre Pujol
7c6f776757
build: set default att to "" when not enabled. 
It fixes various issues with multiple / that are not collapsed in they canonical form in file rules

See https://gitlab.com/apparmor/apparmor/-/issues/450#note_2158840105
 2025-09-01 15:12:30 +02:00
Alexandre Pujol
4f9d2703d4
build: separate the base-strict abs from the re-attach builder. 
Enable the use of the base-strict abs on all setup.
 2025-09-01 15:07:01 +02:00
Alexandre Pujol
bd7ae9bb56
chore: improve comment in type definition. 2025-08-31 21:23:40 +02:00
Alexandre Pujol
57251820e1
build: improve support for aa 5.0 2025-08-29 20:48:01 +02:00
Alexandre Pujol
2bb42bfca2
build: add support for apparmor 5.0 (current master branch) 2025-08-29 20:14:12 +02:00
Alexandre Pujol
068d205e13
fix(prebuild): removce ineffectual assignment. 2025-08-25 00:02:12 +02:00
Alexandre Pujol
7aae9f0dd7
build: add stacked-dbus builder 
Resolve peer label variable in dbus rules. It create a full dbus rule by item in a variable when it is used a peer label.

For ubuntu with apparmor 4.1+

See https://gitlab.com/apparmor/apparmor/-/issues/537#note_2699570190
 2025-08-24 23:30:54 +02:00
Alexandre Pujol
107820975d
feat(aa): add file kind. 2025-08-24 23:18:41 +02:00
Alexandre Pujol
157c365b26
fix(aa): ensure tokenization helper cleanup data. 2025-08-24 23:17:10 +02:00
Alexandre Pujol
7d1f885209
test(aa): add testdata for network rule. 2025-08-24 23:15:21 +02:00
Alexandre Pujol
43f30333c6
feat(aa): add support for prompt and priority rule. 2025-08-24 23:14:52 +02:00
Alexandre Pujol
3a17dd3310
feat(aa): add support for advanced network rule. 2025-08-24 23:08:41 +02:00
Alexandre Pujol
bfcf9f846c
build: support for unconfined flag. 2025-08-24 22:52:35 +02:00
Alexandre Pujol
9b7c1acb1b
build: cosmetic on build task name. 2025-08-24 22:52:08 +02:00
Alexandre Pujol
eb2def65a1
feat(abs): move some dbus abs to the session subfolder. 2025-08-24 21:47:00 +02:00
Alexandre Pujol
4e70cb4c91
fix(profile): workaround in apparmor issue for attached path. 
See https://gitlab.com/apparmor/apparmor/-/issues/450
Fix #815
 2025-08-17 11:57:36 +02:00
Alexandre Pujol
e55ace4e0a
fix(profile): issue with re-attached paths 
- Add missing att on some profiles
- Fix alias / -> //
- Fix aa-log att variable resolution

fix #813 #814
 2025-08-17 00:07:53 +02:00
Alexandre Pujol
b0c661931a
fix(build): fsp regex. 2025-08-15 18:23:05 +02:00
Alexandre Pujol
483c0c107d
build: enable re-attach disconnected path by default 
Ignored on Ubuntu 25.04 and abi3.0
 2025-08-15 18:22:07 +02:00
Alexandre Pujol
a5aa13923b
build: add support for building multiple version of the package. 2025-08-12 16:11:10 +02:00
Alexandre Pujol
b2910ae593 tests(check): add support for '#aa:lint ignore' inline directive to disable linting. 2025-08-04 12:47:01 +02:00
Alexandre Pujol
d01b7ce7d6
chore: cleanup linter issue. 2025-06-16 23:42:30 +02:00
Alexandre Pujol
1118d2ffc5
build: use the base-strict abstraction automatically. 2025-06-16 23:17:45 +02:00
Alexandre Pujol
5e14271f76
Merge FSP: rewrite the systemd profiles #753 
* dev: (49 commits)
  fix: use mappings/sudo in su.
  build: justfile: add group.
  tests: update sbin.list
  fix: linter check.
  fix: add gpartedbin back to sbin.list.
  tests: show error line in sbin check.
  feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).
  tests: remove symbolic link from sbin.
  test: add some security checks.
  tests: add more check for sbin path
  tests: rewrite and expand the profile check to more files.
  feat(tunable): add the archive_path variable.
  feat(profile): update gnome profiles.
  feat(fsp): small fsp improvement.
  feat(abs): minor improvement & cosmetic.
  feat(profile): add profiles for whoopsie.
  feat(profile): add initial profile for systemd-initctl.
  feat(profile): minor fsp related improvment.
  feat(fsp): setup RBAC mapping in auth enabled profiles.
  build: ignore all rule in abi3.
  ...
 2025-06-16 21:41:08 +02:00
Alexandre Pujol
d9e6e686e0
build: ignore all rule in abi3. 2025-05-30 01:44:09 +02:00
Alexandre Pujol
7243c18ce2
fix(build): conversion from abi4 to abi3. 2025-05-26 23:54:56 +02:00
Alexandre Pujol
f717ea7383
feat(aa): add a mount flag. 2025-05-26 01:01:08 +02:00
Alexandre Pujol
c07c5838e4
build: add RBAC filter to the only/exclude directive. 2025-05-26 01:00:08 +02:00
Alexandre Pujol
780ca65953
build(fsp): set stacked variables. 2025-05-26 00:57:37 +02:00
Alexandre Pujol
d9430c68c1
build: improve error message in the stack direcive. 2025-05-26 00:55:48 +02:00
Alexandre Pujol
8d374ed876
feat(fsp): add tunables for the future systemd executor profiles. 2025-05-17 22:25:27 +02:00
Alexandre Pujol
5edde91d44
fix(test): update test to the new value of bin. 2025-05-01 19:56:34 +02:00
Alexandre Pujol
48a37bbf34
build: configure sbin value according to the target distribution. 2025-05-01 14:36:57 +02:00
Alexandre Pujol
1c499183f2
feat(aa-log): add support for the sbin variable. 2025-04-28 22:43:33 +02:00
Alexandre Pujol
af070877f2
tests: update unit tests to last changes. 2025-04-28 22:09:28 +02:00
Alexandre Pujol
4d706f3598
build: be more verbose when file sync fail. 2025-04-27 14:30:10 +02:00
Alexandre Pujol
6d2147582e build: add mappings to the list of directories without profile files. 2025-04-13 22:46:53 +02:00
Alexandre Pujol
ead2f4e40b
Revert "fix: remove wip workarroind in gstreamer abs." 
This reverts commit 75a8ef2906.
 2025-04-06 16:07:51 +02:00
Alexandre Pujol
99df9cec51
fix(build): fsp configuration. 2025-04-06 15:39:48 +02:00
Alexandre Pujol
9aaf109383
feat(aa-log): improve log to rule conversion. 2025-04-06 14:51:00 +02:00
Alexandre Pujol
75a8ef2906
fix: remove wip workarroind in gstreamer abs. 2025-04-06 14:47:55 +02:00
Alexandre Pujol
9e9036b86d
fix: revert to CopyTo to handle overwrite. 2025-04-06 14:47:01 +02:00
Alexandre Pujol
99f5ed5901
fix: remove now unused variable. 2025-04-06 00:18:01 +02:00
Alexandre Pujol
8d71574e4d
build: improve the use of attached/base. 2025-04-05 21:31:51 +02:00
Alexandre Pujol
7d6f68a95e
feat(abs): automatically use the attached consoles. 2025-04-05 20:55:29 +02:00