felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3583 commits 5 branches 0 tags 16 MiB
Commit graph

3583 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alexandre Pujol
fc45e5ee66
feat(fsp): add initial sd-umount. 2025-06-17 00:18:39 +02:00
Alexandre Pujol
d01b7ce7d6
chore: cleanup linter issue. 2025-06-16 23:42:30 +02:00
Alexandre Pujol
390a8b1b01
build: add the fsp-debug build command. 2025-06-16 23:20:03 +02:00
Alexandre Pujol
1118d2ffc5
build: use the base-strict abstraction automatically. 2025-06-16 23:17:45 +02:00
Alexandre Pujol
7dd860f277
feat(profile): minor update & cosmetic. 2025-06-16 23:15:07 +02:00
Alexandre Pujol
eeebcf91f3
feat(abs): add base-strict. 
For now, it is only a restructuring of the base abstraction with awareness of the apparmor.d architecture.
 2025-06-16 23:05:50 +02:00
Alexandre Pujol
34f9a53a3b
ci: start dropping ci tests on ubuntu 22.04. 2025-06-16 22:53:36 +02:00
Alexandre Pujol
011de3c301
feat(profile): flatpak: ensure remote can be added/removed. 
see #690
 2025-06-16 22:48:16 +02:00
Alexandre Pujol
8fa7c49a65
feat(profile): add firefox crashhelper 2025-06-16 22:42:11 +02:00
Alexandre Pujol
b88cf164ec
feat(profile): gnome-shell: allow some basic tools needed by some extensions. 
fix #705
 2025-06-16 22:38:37 +02:00
Alexandre Pujol
5ae1cc854d
fix(profile): pacman: add integration witn limine. 
fix #756
 2025-06-16 22:20:13 +02:00
Alexandre Pujol
07007f93c4
fix(fsp): ignore not yet used mappings. 2025-06-16 22:06:55 +02:00
Alexandre Pujol
2941334b7c
fix(profile): brave flag & stacked helper. 
fix #763
 2025-06-16 22:04:55 +02:00
Alexandre Pujol
110f4ea40e
feat(abs): mesa: add /var/cache as fallback location. 2025-06-16 22:01:40 +02:00
Alexandre Pujol
d3aa4ae4a1
fix(abs): ensure generic app can run widevine. 
fix #764
 2025-06-16 22:01:08 +02:00
Alexandre Pujol
4cb6de3d2d
fix(profile): ufw: allow kmod. 
fix #765
 2025-06-16 21:50:22 +02:00
Alexandre Pujol
8118bf3d23
fix: pinentry gtk need access to its cmdline. 
fix #768
 2025-06-16 21:48:07 +02:00
Alexandre Pujol
5e14271f76
Merge FSP: rewrite the systemd profiles #753 
* dev: (49 commits)
  fix: use mappings/sudo in su.
  build: justfile: add group.
  tests: update sbin.list
  fix: linter check.
  fix: add gpartedbin back to sbin.list.
  tests: show error line in sbin check.
  feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).
  tests: remove symbolic link from sbin.
  test: add some security checks.
  tests: add more check for sbin path
  tests: rewrite and expand the profile check to more files.
  feat(tunable): add the archive_path variable.
  feat(profile): update gnome profiles.
  feat(fsp): small fsp improvement.
  feat(abs): minor improvement & cosmetic.
  feat(profile): add profiles for whoopsie.
  feat(profile): add initial profile for systemd-initctl.
  feat(profile): minor fsp related improvment.
  feat(fsp): setup RBAC mapping in auth enabled profiles.
  build: ignore all rule in abi3.
  ...
 2025-06-16 21:41:08 +02:00
valoq
1f7e019500 clean desktop abstraction 2025-06-12 16:26:39 +02:00
valoq
5216cbdcde add more xkeyboard-config-2 ressources 2025-06-12 16:26:39 +02:00
valoq
c947fe6c6c complete xkeyboard-config-2 permissions 2025-06-12 16:26:39 +02:00
valoq
cdd45bcd60 add xkeyboard-config-2 ressources 2025-06-12 16:26:39 +02:00
Alexandre Pujol
3291d9a370
fix: use mappings/sudo in su. 2025-06-11 22:56:18 +02:00
Alexandre Pujol
e3bd48bd75
build: justfile: add group. 2025-06-11 22:55:17 +02:00
Alexandre Pujol
a4737546f7
tests: update sbin.list 2025-06-10 23:58:24 +02:00
Alexandre Pujol
65f9644753
fix: linter check. 2025-06-10 23:37:59 +02:00
Alexandre Pujol
edcbaa1b94
fix: add gpartedbin back to sbin.list. 2025-06-10 23:01:24 +02:00
Alexandre Pujol
f0355f36b9
tests: show error line in sbin check. 2025-06-05 00:36:30 +02:00
Alexandre Pujol
6ed873aad3
feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin). 2025-06-05 00:35:43 +02:00
Alexandre Pujol
c8f2a435f8
tests: remove symbolic link from sbin. 2025-06-02 23:59:41 +02:00
Alexandre Pujol
f579940ae7
test: add some security checks. 2025-06-02 20:41:20 +02:00
Alexandre Pujol
fff0df39ba
tests: add more check for sbin path 
Also look for path that should not use sbin.
 2025-06-01 23:59:14 +02:00
Alexandre Pujol
71a473712c
tests: rewrite and expand the profile check to more files. 
Rewrite: Speed up the checking by not using grep anymore and only using bash, also make it parallel

Revisit the way result are shown.

Expand: Also scan for mapping files and abstaction completion. Adapt the scan accordingly.
 2025-06-01 23:58:02 +02:00
Alexandre Pujol
55e4b27c2b
feat(tunable): add the archive_path variable. 2025-06-01 16:02:20 +02:00
Alexandre Pujol
eb84df319d
feat(profile): update gnome profiles. 2025-06-01 16:00:38 +02:00
Alexandre Pujol
86202b0fbf
feat(fsp): small fsp improvement. 2025-06-01 15:53:37 +02:00
Alexandre Pujol
8452eb44f1
feat(abs): minor improvement & cosmetic. 2025-06-01 15:48:38 +02:00
Alexandre Pujol
af82a9caa6
feat(profile): add profiles for whoopsie. 2025-05-31 13:52:42 +02:00
Alexandre Pujol
d76bc0b3be
feat(profile): add initial profile for systemd-initctl. 2025-05-31 13:50:20 +02:00
Alexandre Pujol
6c6e1c3456
feat(profile): minor fsp related improvment. 2025-05-31 13:49:16 +02:00
Alexandre Pujol
2282128cbd
feat(fsp): setup RBAC mapping in auth enabled profiles. 2025-05-31 13:43:57 +02:00
Alexandre Pujol
d9e6e686e0
build: ignore all rule in abi3. 2025-05-30 01:44:09 +02:00
Alexandre Pujol
e771ef77b8
tests(packer): update base images content. 2025-05-30 00:18:39 +02:00
Alexandre Pujol
89a1714610
fix(profile): a few linting fixes. 2025-05-30 00:14:54 +02:00
Alexandre Pujol
3d76c98c4b
feat(profile): add more systemd-generator profiles. 2025-05-30 00:05:34 +02:00
Alexandre Pujol
d9cfef3e5d
refractor(profile): move systemd generators to their own group 2025-05-30 00:03:11 +02:00
Alexandre Pujol
60b9127916
feat(profile): update pipewire profiles. 2025-05-29 23:53:47 +02:00
Alexandre Pujol
32a9806219
feat(fsp): update systemd user drop in files with AppArmorProfile set to the target profile. 2025-05-29 23:52:40 +02:00
Alexandre Pujol
9325dd5ca0
feat(profile): revisit systemd-udevd and ensure most program get transitionned confined. 2025-05-29 23:43:19 +02:00
Alexandre Pujol
581a55c726
feat(profile): update systemd-homework/homed as they get stacked. 2025-05-29 23:40:49 +02:00