Add changes from aa-log -r.
Add attach_disconnected.
Add profile to main.flags, it was missing there for some reason.
There's some uncertainty about some lines, see comments.
Improve go apparmor lib.
* aa: (62 commits)
feat(aa): handle appending value to defined variables.
chore(aa): cosmetic.
fix: userspace prebuild test.
chore: cleanup unit test.
feat(aa): improve log conversion.
feat(aa): move conversion function to its own file & add unit tests.
fix: go linter issue & not defined variables.
tests(aa): improve aa unit tests.
tests(aa): improve rules unit tests.
feat(aa): ensure the prebuild jobs are working.
feat(aa): add more unit tests.
chore(aa): cleanup.
feat(aa): Move sort, merge and format methods to the rules interface.
feat(aa): add the hat template.
feat(aa): add the Kind struct to manage aa rules.
feat(aa): cleanup rules methods.
feat(aa): add function to resolve include preamble.
feat(aa): updaqte mount flags order.
feat(aa): update default tunable selection.
feat(aa): parse apparmor preamble files.
...
Flameshot access to /usr/share/flameshot for search translations for UI.
And have access to /tmp for create tempfile for other apps (ex: send image to GIMP)
- Sandbox's security is managed by flatpak
- The app stays confined under the (not really strict) flatpak-app profile
- User shell runs unconfined (under the `user_unconfined` profile)
Running terminal as a flatpak app provides less security than as a normal app.
This is because the shell runs as user_unconfined profile that will purposely
not transition to any other profile. While a shell from a classic terminal will
transition to any profile it can, and thus would get restricted. In other words,
running `apt` inside flatpak would run under the `user_unconfined` while it
would use the `apt` profile outside the sandbox.
fix#314
On default installation on Debian Stable (12) anacron run tasks
and when finish all them, run exim4 for send info via mail.
The actual profile don´t permit this behaviour and fail sending
info for all task finished for mail configurated.
