Commit Graph

2313 Commits

Author SHA1 Message Date
Alexandre Pujol
379c46e4e0
ci(github): add build on ubuntu 24.04 2024-05-08 20:10:17 +01:00
Alexandre Pujol
bed9545082
feat(profile): general update. 2024-05-08 20:08:41 +01:00
Alexandre Pujol
da7747e0fe
feat(tunable): add all int, hex and read variable from 2 to 64. 2024-05-08 18:27:16 +01:00
Alexandre Pujol
7963a65a88
feat(profile): add support for terminal in flatpak app.
- Sandbox's security is managed by flatpak
- The app stays confined under the (not really strict) flatpak-app profile
- User shell runs unconfined (under the `user_unconfined` profile)

Running terminal as a flatpak app provides less security than as a normal app.
This is because the shell runs as user_unconfined profile that will purposely
not transition to any other profile. While a shell from a classic terminal will
transition to any profile it can, and thus would get restricted. In other words,
running `apt` inside flatpak would run under the `user_unconfined` while it
would use the `apt` profile outside the sandbox.

fix #314
2024-05-08 15:48:14 +01:00
Alexandre Pujol
538a73e21e
feat(profile): add user_unconfined profile & reorganise pam profiles. 2024-05-08 15:34:39 +01:00
Alexandre Pujol
de9e98bdf7
fix: flags manifest format. 2024-05-07 17:49:47 +01:00
Alexandre Pujol
66c8f42d94
feat(tunable): add the new @{user} variable 2024-05-07 17:41:34 +01:00
Alexandre Pujol
1842f8a4d5
feat(profile): add some new profile (2). 2024-05-07 17:32:36 +01:00
Alexandre Pujol
fe1e3c3be8
feat(profile): add some new profile. 2024-05-07 17:25:43 +01:00
Alexandre Pujol
239d5efe63
feat(profile): general update. 2024-05-07 16:19:29 +01:00
Alexandre Pujol
4ada6f5879
feat(profile): improve dpkg deb & split. 2024-05-07 16:12:29 +01:00
Alexandre Pujol
9a2f4b5dbe
feat(abs): improve some common user abstraction. 2024-05-07 16:10:09 +01:00
Alexandre Pujol
eb4beb04dc
build: update flags manifest. 2024-05-07 16:06:02 +01:00
Alexandre Pujol
37bb51ccb5
fix: remove duplicate program name. 2024-05-07 15:57:57 +01:00
Jose Maldonado aka Yukiteru
1c6f7dd1c2 Fix recent error in abstractions/thumbnails-cache-read
Sorry, in the previous commit I introduced an error in
abstractions/thumbnails-cache-read that prevented this abstractions
from working correctly after a restart and complete reload of
the profiles (after a new installation from Git).

This commit fixes the bug and with it must also pass the repository tests.
2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru
92a370210d Fix exec for exim4 for anacron (default config Debian Stable)
On default installation on Debian Stable (12) anacron run tasks
and when finish all them, run exim4 for send info via mail.

The actual profile don´t permit this behaviour and fail sending
info for all task finished for mail configurated.
2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru
0d5655ba76 Noise reduction in exim4 profile
exim4 profile access to /proc/sys/net/ipv6/conf/all/disable_ipv6
in read mode searching information over IPv6 connection in the host.

In the actual profile this access is denied, this change fix this
and reduce noise in log.
2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru
2f3c4574ec Fix access to thumbnail cache dirs in abstractions
gsd-housekeepin in GNOME have access to @{user_cache_dirs} for
searching thumbnail files and executing one task
for cleaning these files every day.

The actual abstractions/thumbnails-cache-write fail in granted
this access, specially to various folders in
the thumbnail cache (ex: fail folder).

These changes fix this access. For convenience
abstractions/thumbnails-cache-read, have the same access
structure also for files/folders, but only read permissions.
2024-05-07 15:55:09 +01:00
Alexandre Pujol
18d1ee66a2
feat(profile): update zram generator. 2024-05-07 13:19:41 +01:00
Alexandre Pujol
7cb006d20c
feat(tunable): add torbrowser download dir. 2024-05-07 00:05:20 +01:00
Alexandre Pujol
03dd5fe4cd
feat(profile): improve xfce profiles stack. 2024-05-07 00:04:07 +01:00
Alexandre Pujol
6e86bf3914
build(whonix): add flags file. 2024-05-06 23:54:10 +01:00
Alexandre Pujol
c84b48b0b4
feat(profile): add torbrowser-updater. 2024-05-06 23:53:17 +01:00
Alexandre Pujol
eeb990a934
feat(profile): add some whonix specific profiles. 2024-05-06 23:52:38 +01:00
Alexandre Pujol
c5ed997b6d
feat(profile): improve whonix specific profiles. 2024-05-06 23:51:46 +01:00
Alexandre Pujol
301ffb6065
fix(profile): link rule format. 2024-05-06 20:53:29 +01:00
Alexandre Pujol
f567c0eff7
fix(profile): do not use aa:exec in flatpak-app to avoid conflicting x. 2024-05-06 20:49:30 +01:00
Alexandre Pujol
c2d786200f
feat(profile): cleanup xsession logs. 2024-05-06 20:47:08 +01:00
Alexandre Pujol
4b4e14b1d6
fix(profile): various fix & cleanup 2024-05-06 20:33:01 +01:00
Alexandre Pujol
e2c69f18fa
Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update
* 'feat/update' of https://github.com/Jeroen0494/apparmor.d:
  Cleanup
  Remove temp
  Various updates all over
  Various profile updates
2024-05-06 20:08:13 +01:00
Alex
f75e5047df
Merge branch 'main' into feat/update 2024-05-06 19:56:11 +01:00
Alexandre Pujol
9f7d53c692
fix(tunable): definition of msedge_lib_dirs 2024-05-06 19:32:12 +01:00
Alexandre Pujol
f607fee8e1
feat(tunable): limit suse multiarch on opensuse. 2024-05-06 19:26:04 +01:00
Alexandre Pujol
88387956de
feat(tunable): add gvfs dir to MOUNTS. 2024-05-06 19:25:31 +01:00
Alexandre Pujol
9924da261f
feat(tunable): reorganise program & path defintions. 2024-05-06 19:25:07 +01:00
Alexandre Pujol
3b41ee93dc
feat(tunable): add the user defined private directories
- Add @{XDG_PRIVATE_DIR} & @{user_private_dirs}
- This directories are denied in file browser and search engine.
2024-05-06 19:21:04 +01:00
Jose Maldonado
8224ac2b3f
Fix access to OpenSC configuration (#326) 2024-05-06 18:16:39 +00:00
Alexandre Pujol
89f896a0fd
feat(profile): cleanup flatpak share access. 2024-05-05 18:17:52 +01:00
Alexandre Pujol
0ffd70319b
feat(tunable): add @{hex16} 2024-05-05 17:49:45 +01:00
Alexandre Pujol
d544c386f7
fix(profile): ensure PAM & systemd-homed compatibility.
see #321
2024-05-05 17:42:32 +01:00
Fusion future
bfd9e9e3d6
plasmashell: add local wallpaper rules (#324)
Allow plasmashell to access wallpapers in the cache folder and the user
share folder.
2024-05-05 11:47:59 +00:00
Fusion future
06619cef0a
plasmashell: add flatpak mime folder (#325)
It's read by the krunner plugin.
2024-05-05 11:47:40 +00:00
Alexandre Pujol
d69dcad46d
feat(profile): add epiphany.
Fix  #322
2024-05-04 13:19:03 +01:00
Alexandre Pujol
9dba91296a
fix: typo in abs name. 2024-05-04 00:24:41 +01:00
Alexandre Pujol
f38f1ad651
feat(profile): improve kde profiles. 2024-05-04 00:21:03 +01:00
Alexandre Pujol
683bfed4ad
feat(profile): modernise some profiles. 2024-05-04 00:14:07 +01:00
Alexandre Pujol
40abc98201
feat(profile): general update. 2024-05-03 18:16:12 +01:00
Alexandre Pujol
b636b4b3e9
feat(aa-log): improve the journalctl filter. 2024-05-03 13:01:10 +01:00
Alexandre Pujol
9c0f4dd6a7
fix(aa-log): grep journal logs over apparmor instead of AVC for wider compatibility. 2024-05-03 12:34:08 +01:00
Alexandre Pujol
dfdf50a3d3
fix(build): add msedge to the overwritten list. 2024-05-03 12:32:22 +01:00