felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4008 commits 5 branches 0 tags 16 MiB
Commit graph

178 commits

Author SHA1 Message Date
Alexandre Pujol
d9ff4aecd7
build: add test build target. 2025-09-14 15:24:49 +02:00
Alexandre Pujol
f61f200427
build: ignore more abstraction for the server edition. 2025-09-07 23:52:11 +02:00
Alexandre Pujol
b45e1f36fe
build: add support for downstream project in some prepare tasks. 2025-09-07 22:59:00 +02:00
Alexandre Pujol
6400bc725c
tests: update some unit tests to the last changes. 2025-09-07 21:20:32 +02:00
Alexandre Pujol
8c33125b5e
build: add missing server build task. 2025-09-06 23:46:12 +02:00
Alexandre Pujol
64d71ffb6e
build: attach: ensure we don't recursivelly call ourself. 2025-09-06 23:45:08 +02:00
Alexandre Pujol
5484f84764
tests(build): add tests for the stacked-dbus build task. 2025-09-06 23:32:06 +02:00
Alexandre Pujol
ab7cba2da6
build: add early support for server version of the package. 2025-09-06 22:16:40 +02:00
Alexandre Pujol
470025c090
build(debian): update list of profile to hide. 
Nb: we cannot use these profiles as they would break with apparmor.d profiles (they don't expect confined peer).
 2025-09-06 19:39:18 +02:00
Alexandre Pujol
7c6f776757
build: set default att to "" when not enabled. 
It fixes various issues with multiple / that are not collapsed in they canonical form in file rules

See https://gitlab.com/apparmor/apparmor/-/issues/450#note_2158840105
 2025-09-01 15:12:30 +02:00
Alexandre Pujol
4f9d2703d4
build: separate the base-strict abs from the re-attach builder. 
Enable the use of the base-strict abs on all setup.
 2025-09-01 15:07:01 +02:00
Alexandre Pujol
bd7ae9bb56
chore: improve comment in type definition. 2025-08-31 21:23:40 +02:00
Alexandre Pujol
57251820e1
build: improve support for aa 5.0 2025-08-29 20:48:01 +02:00
Alexandre Pujol
2bb42bfca2
build: add support for apparmor 5.0 (current master branch) 2025-08-29 20:14:12 +02:00
Alexandre Pujol
068d205e13
fix(prebuild): removce ineffectual assignment. 2025-08-25 00:02:12 +02:00
Alexandre Pujol
7aae9f0dd7
build: add stacked-dbus builder 
Resolve peer label variable in dbus rules. It create a full dbus rule by item in a variable when it is used a peer label.

For ubuntu with apparmor 4.1+

See https://gitlab.com/apparmor/apparmor/-/issues/537#note_2699570190
 2025-08-24 23:30:54 +02:00
Alexandre Pujol
bfcf9f846c
build: support for unconfined flag. 2025-08-24 22:52:35 +02:00
Alexandre Pujol
9b7c1acb1b
build: cosmetic on build task name. 2025-08-24 22:52:08 +02:00
Alexandre Pujol
eb2def65a1
feat(abs): move some dbus abs to the session subfolder. 2025-08-24 21:47:00 +02:00
Alexandre Pujol
4e70cb4c91
fix(profile): workaround in apparmor issue for attached path. 
See https://gitlab.com/apparmor/apparmor/-/issues/450
Fix #815
 2025-08-17 11:57:36 +02:00
Alexandre Pujol
b0c661931a
fix(build): fsp regex. 2025-08-15 18:23:05 +02:00
Alexandre Pujol
483c0c107d
build: enable re-attach disconnected path by default 
Ignored on Ubuntu 25.04 and abi3.0
 2025-08-15 18:22:07 +02:00
Alexandre Pujol
a5aa13923b
build: add support for building multiple version of the package. 2025-08-12 16:11:10 +02:00
Alexandre Pujol
b2910ae593 tests(check): add support for '#aa:lint ignore' inline directive to disable linting. 2025-08-04 12:47:01 +02:00
Alexandre Pujol
1118d2ffc5
build: use the base-strict abstraction automatically. 2025-06-16 23:17:45 +02:00
Alexandre Pujol
5e14271f76
Merge FSP: rewrite the systemd profiles #753 
* dev: (49 commits)
  fix: use mappings/sudo in su.
  build: justfile: add group.
  tests: update sbin.list
  fix: linter check.
  fix: add gpartedbin back to sbin.list.
  tests: show error line in sbin check.
  feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).
  tests: remove symbolic link from sbin.
  test: add some security checks.
  tests: add more check for sbin path
  tests: rewrite and expand the profile check to more files.
  feat(tunable): add the archive_path variable.
  feat(profile): update gnome profiles.
  feat(fsp): small fsp improvement.
  feat(abs): minor improvement & cosmetic.
  feat(profile): add profiles for whoopsie.
  feat(profile): add initial profile for systemd-initctl.
  feat(profile): minor fsp related improvment.
  feat(fsp): setup RBAC mapping in auth enabled profiles.
  build: ignore all rule in abi3.
  ...
 2025-06-16 21:41:08 +02:00
Alexandre Pujol
d9e6e686e0
build: ignore all rule in abi3. 2025-05-30 01:44:09 +02:00
Alexandre Pujol
7243c18ce2
fix(build): conversion from abi4 to abi3. 2025-05-26 23:54:56 +02:00
Alexandre Pujol
c07c5838e4
build: add RBAC filter to the only/exclude directive. 2025-05-26 01:00:08 +02:00
Alexandre Pujol
780ca65953
build(fsp): set stacked variables. 2025-05-26 00:57:37 +02:00
Alexandre Pujol
d9430c68c1
build: improve error message in the stack direcive. 2025-05-26 00:55:48 +02:00
Alexandre Pujol
8d374ed876
feat(fsp): add tunables for the future systemd executor profiles. 2025-05-17 22:25:27 +02:00
Alexandre Pujol
5edde91d44
fix(test): update test to the new value of bin. 2025-05-01 19:56:34 +02:00
Alexandre Pujol
48a37bbf34
build: configure sbin value according to the target distribution. 2025-05-01 14:36:57 +02:00
Alexandre Pujol
6d2147582e build: add mappings to the list of directories without profile files. 2025-04-13 22:46:53 +02:00
Alexandre Pujol
ead2f4e40b
Revert "fix: remove wip workarroind in gstreamer abs." 
This reverts commit 75a8ef2906.
 2025-04-06 16:07:51 +02:00
Alexandre Pujol
99df9cec51
fix(build): fsp configuration. 2025-04-06 15:39:48 +02:00
Alexandre Pujol
75a8ef2906
fix: remove wip workarroind in gstreamer abs. 2025-04-06 14:47:55 +02:00
Alexandre Pujol
9e9036b86d
fix: revert to CopyTo to handle overwrite. 2025-04-06 14:47:01 +02:00
Alexandre Pujol
99f5ed5901
fix: remove now unused variable. 2025-04-06 00:18:01 +02:00
Alexandre Pujol
8d71574e4d
build: improve the use of attached/base. 2025-04-05 21:31:51 +02:00
Alexandre Pujol
7d6f68a95e
feat(abs): automatically use the attached consoles. 2025-04-05 20:55:29 +02:00
Alexandre Pujol
2c3380f9ba
build: use golang CopyFS 
- speed up prebuild sync tasks.
 2025-04-05 00:28:04 +02:00
Alexandre Pujol
984cf28e61
chore: apply some linter recommendations. 2025-04-04 23:45:24 +02:00
Alexandre Pujol
baa3f8f639
build: generalise the use of apparmor version during the build. 2025-03-30 17:06:00 +02:00
Alexandre Pujol
1f55c07692
build: automatically include bus/own-* abstraction when required. 2025-03-23 12:31:43 +01:00
Alexandre Pujol
96e79d9d88
build: add filter for apparmor version. 2025-03-15 00:26:47 +01:00
Alexandre Pujol
e4a7e16ec0
build: add support for apparmor 4.1 
Enabled when prebuild is run with the --version 4.1 argument
 2025-03-14 22:07:59 +01:00
Alexandre Pujol
dcc6c72cbd
build(directive): add the dbus common subdirective for bus abstraction. 2025-03-13 19:08:56 +01:00
Alexandre Pujol
106921df23
fix(build): ensure fsp mode set the systemd profile name correctly. 2025-03-08 14:23:08 +01:00