Commit Graph

2193 Commits

Author SHA1 Message Date
Alexandre Pujol
96b8f96137
feat(profiles): general update. 2023-08-22 23:23:47 +01:00
Alexandre Pujol
7273bde534
feat(aa-log): update default tunables according to guideline. 2023-08-22 23:09:34 +01:00
Alexandre Pujol
5516eef952
fix(aa-log): profile template. 2023-08-22 22:59:12 +01:00
Alexandre Pujol
f4ba16861f
feat(aa-log): minor apparmor profile struct tweak. 2023-08-22 22:58:35 +01:00
Alexandre Pujol
261778dbb3
revertL dbus session unix address. 2023-08-22 18:54:39 +01:00
Alexandre Pujol
360230b2a5
feat(profiles): general update. 2023-08-21 23:32:10 +01:00
Alexandre Pujol
6756ca8138
fix(abs): gstreamer cache structure. 2023-08-21 23:27:35 +01:00
Alexandre Pujol
3c6898db5a
fix(tunables): pci devices path. 2023-08-21 23:27:00 +01:00
Alexandre Pujol
0ed036efd5
feat(firefox): minor firefox update. 2023-08-21 23:23:08 +01:00
Alexandre Pujol
5dbc42aaab
feat(abs): update some abstractions. 2023-08-21 23:21:14 +01:00
Alexandre Pujol
310f36f433
feat(tunables): some variables tweak definition. 2023-08-21 23:10:31 +01:00
Alexandre Pujol
1c1bb66e9e
build: update make lint. 2023-08-19 21:55:48 +01:00
Alexandre Pujol
5badb6f32c
feat(tunables): add a new @{rand10} variable. 2023-08-19 14:33:07 +01:00
Alexandre Pujol
10d852ca1d
doc: update variables ref & minor improvment. 2023-08-19 14:32:08 +01:00
Alexandre Pujol
5704d1ba20
feat(profiles): various profile fixes. 2023-08-19 14:01:50 +01:00
Alexandre Pujol
1dbced42ed
feat(tunables): add a new @{pci} variable. 2023-08-18 22:35:32 +01:00
Alexandre Pujol
275d6b6e62
feat(profiles): replace old [0-9]* glob by @{int}
Beware some [0-9]* glob are actually not proper @{int}.
2023-08-18 17:09:53 +01:00
Alexandre Pujol
8ea4491a56
fix(abs): some block device use more than int as identifier. 2023-08-18 15:24:22 +01:00
Alexandre Pujol
a3f21425e5
fix: remove unused go import. 2023-08-17 23:36:46 +01:00
Alexandre Pujol
9650df00e3
feat(aa-log): add -r option to convert the log into rules. 2023-08-17 23:14:11 +01:00
Alexandre Pujol
d06a474b0c
feat(aa-log): parse log file to AA object to allow easy print. 2023-08-17 23:12:46 +01:00
Alexandre Pujol
574891d445
feat(aa-log): add AppArmorProfile.String using a template. 2023-08-17 23:11:11 +01:00
Alexandre Pujol
4f40cb6d78
feat(aa-log): add a new constructors for aa rules. 2023-08-17 23:05:07 +01:00
Alexandre Pujol
a8470dfa38
feat(aa-log): add a new apparmor profile struct
Also rewrite variables resolution to this new struct.
2023-08-17 23:00:52 +01:00
Alexandre Pujol
b2d093e125
feat(abs): restric abstraction by using new @{int} and @{rand} variables. 2023-08-17 21:24:02 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables
* 'tunables' of https://github.com/nobody43/apparmor.d:
  dbus temp tails
  Update apparmor.d
  Update gdm-runtime-config
  more unrelated changes
  adjust date-time
  random tails
  rename to int, convert more profiles
  fixes
  tunables
2023-08-17 20:01:53 +01:00
curiosityseeker
7b018a60bd
Update pacman (#193)
* Update pacman

`@{exec_path} mr,` is causing the following errors:

```
ALLOWED pacman exec owner /usr/bin/pacman -> pacman//null-/usr/bin/pacman comm=bash requested_mask=x denied_mask=x
ALLOWED pacman//null-/usr/bin/pacman file_inherit owner /dev/pts/4 comm=pacman requested_mask=wr denied_mask=wr
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/bin/pacman comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/lib/ld-linux-x86-64.so.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r

etc.
```
`@{exec_path} mrix,`  fixes it. 

Commits for new profiles for `checkrebuild` and `pkgfile`  will follow.

* Fix pacman update

* Update apparmor.d/groups/pacman/pacman

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
2023-08-17 18:49:56 +00:00
curiosityseeker
c2c745888c Update complete
Move entries from child-open to this abstraction.
2023-08-17 19:43:29 +01:00
curiosityseeker
2299eb00f6 Partially revert change in child-open 2023-08-17 19:43:29 +01:00
curiosityseeker
f2511210af Update complete
Adding `kde-open`
2023-08-17 19:43:29 +01:00
curiosityseeker
c409fe84d2 Create complete
`child-open` includes the `xdg-open` abstraction which in turn includes the `kde-open5` abstraction which contains `/usr/bin/kde-open5 rix,` but NOT `/usr/bin/kde-open rix,`causing an error.
2023-08-17 19:43:29 +01:00
curiosityseeker
9da2809695 Update child-open
Adding gwenview and libreoffice
2023-08-17 19:43:29 +01:00
curiosityseeker
6fc8cd3e60
Brave: adjust @{exec_path} (#161)
The path in Ubuntu is:
/opt/brave.com/brave/brave

The path in Arch is:
/opt/brave-bin/brave

That's why Brave was not confined on Arch.
2023-08-17 18:41:13 +00:00
ShellCode
cc8210a1bd
Fix xdg user dirs (#186)
* Rename XDG_*_HOME to XDG_*_DIR for consistent naming

* tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override
2023-08-17 18:28:10 +00:00
Alexandre Pujol
e821470d0d
fix: go test. 2023-08-17 19:15:21 +01:00
Alexandre Pujol
e0f79b9c9a
feat(aa-log): resolve all main apparmor vars in log.
This also deprecate the anonymize option
2023-08-17 19:12:02 +01:00
Alexandre Pujol
5ee31716ae
feat(profile): split evince profiles in multiple files. 2023-08-17 18:47:53 +01:00
Alexandre Pujol
f3ab8d2c71
refractor: rename some vscode related profile 2023-08-17 18:47:01 +01:00
Alexandre Pujol
555b53192c
fix: ensure some required flags are set. 2023-08-17 18:45:41 +01:00
Alexandre Pujol
3f8d559dcc
feat(profiles): add some thunderbird related profiles. 2023-08-17 18:45:10 +01:00
Alexandre Pujol
5d47dfba95
feat(profiles): general update. 2023-08-17 18:43:56 +01:00
Alexandre Pujol
f7b9ff959a
feat(profiles): rewrite the signal-desktop profile. 2023-08-17 18:37:36 +01:00
Alexandre Pujol
5911c43930
Merge branch 'main' of github.com:roddhjav/apparmor.d
* 'main' of github.com:roddhjav/apparmor.d:
  fix: signal-desktop (#195)
2023-08-17 18:35:50 +01:00
Cyril Levis
b49bd32564
fix: signal-desktop (#195)
issue: https://github.com/roddhjav/apparmor.d/issues/194
2023-08-14 15:55:02 +00:00
Alexandre Pujol
1db6f5f67c
feat(profiles): improve ibus entry point. 2023-08-13 21:19:16 +01:00
Alexandre Pujol
09943156bc
feat(profiles): add multipath profiles
See #134

Signed-off-by: @cboltz
2023-08-13 20:06:08 +01:00
Alexandre Pujol
a2c35b07a5
fix: libvirtd profile. 2023-08-06 16:45:39 +02:00
Alexandre Pujol
03cf850666
feat(profile): support for diverse wayland compositors.
See #165
2023-08-06 16:31:49 +02:00
Alexandre Pujol
1cac6715db
feat(profiles): general update. 2023-08-06 16:30:38 +02:00
Alexandre Pujol
cdc10fdb31
feat(profiles): general update.
See #134
2023-08-06 16:06:17 +02:00