felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2290 commits 5 branches 0 tags 16 MiB
Commit graph

362 commits

Author SHA1 Message Date
Jose Maldonado
8224ac2b3f
Fix access to OpenSC configuration (#326) 2024-05-06 18:16:39 +00:00
Alexandre Pujol
9dba91296a
fix: typo in abs name. 2024-05-04 00:24:41 +01:00
Alexandre Pujol
683bfed4ad
feat(profile): modernise some profiles. 2024-05-04 00:14:07 +01:00
Alexandre Pujol
40abc98201
feat(profile): general update. 2024-05-03 18:16:12 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable. 
It is only used with the owner statement.
 2024-05-02 22:12:02 +01:00
Alexandre Pujol
db87c56f37
feat(profile): general update. 2024-05-01 14:22:42 +01:00
Alexandre Pujol
a1d6d318cc
feat(profile): tweak the new msedge profiles a bit. 2024-05-01 12:11:43 +01:00
Jose Maldonado aka Yukiteru
fd590e9199 Fix exec_path in profiles for Edge and copyright headers 2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru
d0ea5f50a3 New profile for Microsoft Edge and better support in abstractions/app/chromium 
This commit add new profile for Microsoft Edge browser and variants (beta,dev).
The new profile is based in actual chrome profile. Tested with actual Edge, in
Debian Stable and enforced rules. All ok using GPU Rasterization and Vulkan, not
HWAccel for encoding video because this is very unstable yet in all Chromium based
browsers.

Add support for libpam-tmpdir for abstractions/app/chromium and all browser using
this absctractions (Chrome, Chromium, Edge, and others). This fix access and use
of browser with libpam-tmpdir installed (Debian and Whonix)

Fix a denied access to RADV user cache (Vulkan-amdgpu) in abstractions/app/chromium
(Vulkan is optional in Chromium-based browser, but the backend is
perfectly usable now).
 2024-05-01 11:40:32 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Jose Maldonado
b4e5837bb9
Fix access to /tmp using libpam-tmpdir in Debian (#318) 
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.

Those rules for the directory

/tmp/user/@{uid}/<affected_program>

In the case of qBitorrent this applies to the following directory:

/tmp/user/@{uid}/.qBitorrent

This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.

Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)
 2024-04-28 10:27:39 +00:00
Jose Maldonado aka Yukiteru
d88e88767e Fix minitube profile for support Qt5CT and Qt6CT 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ed52e44cd Fix support for Qt5CT and Qt6CT in profiles-m-r 
This fix the next apps/binaries

*megasync
*merkaator
*mkvtoolnix-gui
*pinentry-qt
*psi
*psi-plus
*qnapi
*qpdfview
*qtox
*quiterss
*rpi-imager
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
c733d6b9c2 Modifications for qbittorrent profile and qt5.d abstractions 
This modifications allow read system and user qt5ct configs for better
integrations with other DEs (not-KDE).
 2024-04-26 00:16:25 +01:00
Alexandre Pujol
b3a5fb1ce5
fix: enable pam-tmpdir-helper for all distribution. 
fix #316
 2024-04-25 12:10:29 +01:00
Alexandre Pujol
095254864f
feat(profile): general update. 2024-04-03 21:04:18 +01:00
Alexandre Pujol
6dd0c36e9a
feat: prefix variables that refer to a profile 2024-04-02 13:41:08 +01:00
Alexandre Pujol
751bc683d9
fix(profile): ensure mutt pager can read its local storage. 
Revert some mutt related change from 0619f4dcec

See #309
 2024-04-01 21:42:58 +01:00
Alexandre Pujol
0619f4dcec
feat(profile): general update. 2024-03-29 19:45:10 +00:00
Alexandre Pujol
adb936e62f
feat(abs): add new shells abstraction. 2024-03-29 18:31:15 +00:00
Alexandre Pujol
2fc2394bad
feat(abs): rewrite user-read/user-write. 
See #307
 2024-03-28 16:47:40 +00:00
Alexandre Pujol
e77f8db40f
feat(abs): add bash-strict. 2024-03-27 22:07:43 +00:00
Alexandre Pujol
197c1bd78a
feat(profile): general update. 2024-03-27 21:53:11 +00:00
Alexandre Pujol
b88b8b8c26
refractor(abs): move common and app abstraction to their own abstractions subfolder. 
As the number of abstraction is increasing, it is valuable to separate "base" abstractions to programs specific ones.
 2024-03-27 15:11:21 +00:00
Alexandre Pujol
8da2fd621a
feat(abs): remove some unused abstractions. 2024-03-24 14:44:58 +00:00
Alexandre Pujol
a5f71675ea
feat(profile): general update. 2024-03-22 19:45:13 +00:00
Alexandre Pujol
87db46113c
feat(profile): cleanup common desktop files. 2024-03-21 23:28:57 +00:00
Alexandre Pujol
5149b55bd0
feat(profile): add only directive. 2024-03-21 23:18:03 +00:00
Alexandre Pujol
6c38e90b5e
feat(profile): update dbus directive format. 2024-03-21 23:03:08 +00:00
Alexandre Pujol
5039dae148
feat(profile): improve kde support on debian. 2024-03-20 16:13:20 +00:00
Alexandre Pujol
3787eb1745
feat(profile): enable desktop user variable everywhere. 
Also restrict access to these files.
 2024-03-19 11:26:57 +00:00
Alexandre Pujol
77945674a5
feat(profile): general update. 2024-03-18 14:31:01 +00:00
Alexandre Pujol
bf22e0770f
feat(profile): improve integration with opensuse. 2024-03-17 22:47:36 +00:00
Alexandre Pujol
0c5e71f971
feat(profile): cleanup some rules already included in abs. 2024-03-16 21:40:35 +00:00
Alexandre Pujol
c6717d2bab
feat(profile): use new dbus profile in dbus label. 2024-03-16 13:10:25 +00:00
Alexandre Pujol
c33cd740c9
feat(profile): start using the sudo abstraction. 2024-03-13 16:17:20 +00:00
Alexandre Pujol
09f1babb7c
chore: improve comments on udev data. 2024-03-13 15:58:28 +00:00
Alexandre Pujol
467c38724a
feat(profile): clean superfluous openssl abstraction includes 
apparmor.d equivalent of https://gitlab.com/apparmor/apparmor/-/merge_requests/1179
 2024-03-12 16:00:44 +00:00
Alexandre Pujol
9c859cec9d
feat(profile): modernize some profiles. 2024-03-12 15:48:43 +00:00
Alexandre Pujol
81b9de3aff
feat(profile): use the new audio-client abs in profiles. 2024-03-12 15:44:40 +00:00
Alexandre Pujol
e4c0f683d2
feat(profile): replace old audio abstraction by the new stack. 2024-03-12 15:39:10 +00:00
Alexandre Pujol
68fbd81e17
feat(profile): general update. 2024-03-10 21:21:00 +00:00
Alexandre Pujol
beaf1bad16
feat(profile): general update. 2024-03-10 19:35:04 +00:00
Alexandre Pujol
ff849b9f09
feat(profile): general update. 2024-03-05 18:00:36 +00:00
Alexandre Pujol
70963a50b6
feat(profile): start implementing systemctl subprofile instead of using child-systemctl. 2024-03-05 17:45:02 +00:00
Alexandre Pujol
c66d3bf9f4
feat(profile): general update. 2024-03-05 16:58:16 +00:00
Jeroen Rijken
b0655e9993 Fixes and profile updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Alexandre Pujol
06abeac2ee
feat(profile): general update. 2024-02-29 21:45:42 +00:00
Alexandre Pujol
555b5e3c3f
feat(profile): general update. 2024-02-28 17:17:20 +00:00
Alexandre Pujol
00051bd2f0
feat(profiles): continue replacing [0-9]* by @{int}. 2024-02-26 21:10:53 +00:00