felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3847 commits 5 branches 0 tags 16 MiB
Commit graph

3847 commits

This branch
This branch
All branches
Author SHA1 Message Date
curiosityseeker
4d15570ff1 Update grub-mkrelpath 
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-08-20T16:43@{busname}.488Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-08-18T13:49@{busname}.739Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_2025-04-11T11@{busname}:58.643Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.byRQTjiteL/@_backup_@{int16}5/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-08-20T16:43@{busname}.488Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-08-18T13:49@{busname}.739Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_2025-04-11T11@{busname}:58.643Z/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
ALLOWED grub-mkrelpath open /tmp/grub-btrfs.Xj00SFNAa3/@_backup_@{int16}5/boot/ comm=grub-mkrelpath requested_mask=r denied_mask=r
 2025-08-22 17:40:39 +02:00
curiosityseeker
5d7646d9cc Update mandb 
ALLOWED mandb exec @{bin}/bzip2 -> mandb//null-@{bin}/bzip2 comm=mandb requested_mask=x denied_mask=x
ALLOWED mandb//null-@{bin}/bzip2 file_inherit /usr/share/man/man8/grub-btrfsd.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 file_inherit /var/cache/man/52062 comm=bzip2 requested_mask=wr denied_mask=wr
ALLOWED mandb//null-@{bin}/bzip2 file_mmap @{bin}/bzip2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 getattr /usr/share/man/man8/grub-btrfsd.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 file_inherit /usr/share/man/man8/grub-btrfs.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
ALLOWED mandb//null-@{bin}/bzip2 getattr /usr/share/man/man8/grub-btrfs.8.bz2 comm=bzip2 requested_mask=r denied_mask=r
 2025-08-22 14:42:20 +02:00
Alexandre Pujol
f3d209e42a
feat(profile): ensure nautilus can access root files. 2025-08-19 22:58:46 +02:00
Alexandre Pujol
c806ec44eb
feat(profile): update virt profiles. 2025-08-19 22:56:07 +02:00
Alexandre Pujol
5e5fde7741
feat(abs): add the sqlite abstraction. 2025-08-19 21:43:20 +02:00
Alexandre Pujol
24f629d326
fix(profile): few fixes related to reattached paths. 
See #816
 2025-08-17 21:43:23 +02:00
Alexandre Pujol
952c4e91a1
feat(aa): add aa --enforce and aa --complain. 
These are small dev tools, not installed by default.
 2025-08-17 20:50:00 +02:00
Alexandre Pujol
7f9664c51f
feat(profile): add profile for mpris-proxy. 2025-08-17 17:51:10 +02:00
Alexandre Pujol
ba16e3c340
feat(profile): cleanup log from well known programs. 2025-08-17 17:20:08 +02:00
Alexandre Pujol
4dba131fb3
feat(profile): parser: move sysctl to its own subprofile. 2025-08-17 17:16:24 +02:00
Alexandre Pujol
7e79d5abef
feat(profile): improve support for ubuntu & kubuntu. 2025-08-17 17:15:24 +02:00
Alexandre Pujol
523522dd1d
feat(profile): improve kde profiles. 2025-08-17 17:05:38 +02:00
Alexandre Pujol
edc2755d61
feat(profile): kde: add initial dbus definition. 2025-08-17 17:03:17 +02:00
Alexandre Pujol
58aea2b00d
build: update flag manifest. 2025-08-17 11:59:06 +02:00
Alexandre Pujol
4e70cb4c91
fix(profile): workaround in apparmor issue for attached path. 
See https://gitlab.com/apparmor/apparmor/-/issues/450
Fix #815
 2025-08-17 11:57:36 +02:00
Alexandre Pujol
52e9ae9fd6
fix(profile): define missing domain. 2025-08-17 00:29:21 +02:00
Alexandre Pujol
9110a70124
tests: add debian/ubuntu based tests images. 
Also some cleanup of tests resources.
 2025-08-17 00:16:31 +02:00
Alexandre Pujol
7c427aaae6
build: do not overwrite steam. 2025-08-17 00:10:34 +02:00
Alexandre Pujol
d3507e24b9
fix(build): ensure post install script do not fail. 2025-08-17 00:09:28 +02:00
Alexandre Pujol
e55ace4e0a
fix(profile): issue with re-attached paths 
- Add missing att on some profiles
- Fix alias / -> //
- Fix aa-log att variable resolution

fix #813 #814
 2025-08-17 00:07:53 +02:00
Alexandre Pujol
5ee999536c
feat(abs): reorganize the electron & chromium abs. 2025-08-16 19:23:33 +02:00
Alexandre Pujol
f5a4acd37e
feat(abs): graphics: add cpu_capacity 2025-08-16 19:13:59 +02:00
Alexandre Pujol
ca24da7a2a
build(debian): improve post install scripts. 2025-08-15 19:49:43 +02:00
Alexandre Pujol
e805509803
build: opensuse: improve post install script. 2025-08-15 19:42:44 +02:00
Alexandre Pujol
be341a4ca8
feat(profile): syncthing 2.0 uses sqlite. 2025-08-15 18:43:21 +02:00
Alexandre Pujol
c0de5ff71d
ci: also run the integration tests on manual run. 2025-08-15 18:38:46 +02:00
Alexandre Pujol
b0c661931a
fix(build): fsp regex. 2025-08-15 18:23:05 +02:00
Alexandre Pujol
483c0c107d
build: enable re-attach disconnected path by default 
Ignored on Ubuntu 25.04 and abi3.0
 2025-08-15 18:22:07 +02:00
Alexandre Pujol
c51943934e
feat(tunable): add x64 to @{arch} 2025-08-15 18:04:35 +02:00
Alexandre Pujol
c29b4ba536
feat(profile): various security/linter improvement 
- Ignore some rule from the linter
- Move some bin to subprofile
 2025-08-15 18:03:36 +02:00
Alexandre Pujol
aafcd1c861
feat(profile): simplify ssh home path. 2025-08-15 17:21:24 +02:00
Alexandre Pujol
3d329fdef8
feat(profile): minor profiles improvement. 2025-08-15 11:39:35 +02:00
Alexandre Pujol
6739b238ce
feat(abs): base-strict: allow communication to children and stacked profiles. 2025-08-15 11:33:29 +02:00
Alexandre Pujol
7d49a1628e
fix(abs): avahi socket path. 2025-08-15 11:32:27 +02:00
Alexandre Pujol
753d36cfa3
fix(profile): manually deny path in git 
Needed as 44a6bc86e6 raise merged rule with conflicting x modifiers errors.
 2025-08-15 11:29:54 +02:00
Alexandre Pujol
5f368403b3
Revert "feat(tunable): add bin to XDG_BIN_DIR." 
This reverts commit 44a6bc86e6.
 2025-08-15 11:27:34 +02:00
Alexandre Pujol
9c9af1d821
feat(profile): improve integration with ubuntu. 2025-08-15 10:59:20 +02:00
Alexandre Pujol
112d54907e
feat(profile): thunderbird/firefox: move rules needed in both programs. 2025-08-15 10:53:52 +02:00
Alexandre Pujol
20546d37a0
feat(profile): fprintd needs sys_admin 
see #811
 2025-08-15 10:51:48 +02:00
Alexandre Pujol
d09f5d055f
feat(profile): improve dbus definitions. 2025-08-15 10:51:16 +02:00
Alexandre Pujol
b90a2a89fe
feat(abs): app-open: kde opener need system id. 
see #811
 2025-08-15 10:44:10 +02:00
Alexandre Pujol
44a6bc86e6
feat(tunable): add bin to XDG_BIN_DIR. 
So it can get allowed/denied by profile using user_bin_dirs.

see #811
 2025-08-15 10:43:15 +02:00
Alexandre Pujol
e2b1547bf1
feat(profile): ssh: add ssh.hmac 
Similar to newest version of sshd with sshd.hmac

see #811
 2025-08-15 10:41:26 +02:00
Alexandre Pujol
e15bd7bea0
feat(abs): improve vim integration with common editors. 
see #811
 2025-08-15 10:40:17 +02:00
Alexandre Pujol
b1b3ee8321
feat(abs): add tty/drivers to pgrrep/pkill subprofiles. 
see #811
 2025-08-15 10:38:15 +02:00
Alexandre Pujol
d51b386d13
feat(abs): pager: improve integration with opensuse. 
See #811
 2025-08-15 10:36:05 +02:00
Alexandre Pujol
ace53f3002
feat(profile): openvpn need to load module. 
See #811
 2025-08-15 10:35:19 +02:00
Alexandre Pujol
c02674593d
feat(profile): update kde profiles 
see #811
 2025-08-15 10:34:48 +02:00
Alexandre Pujol
e09586e01d
feat(abs): freedesktop: add more path for recently-used files. 
see #811
 2025-08-15 10:30:43 +02:00
Alexandre Pujol
10e57f01a6
feat(abs): add /etc/xdg/menus and session files to kde-strict. 
See #811
 2025-08-15 10:27:44 +02:00