Commit Graph

2160 Commits

Author SHA1 Message Date
Alexandre Pujol
ff849b9f09
feat(profile): general update. 2024-03-05 18:00:36 +00:00
Alexandre Pujol
70963a50b6
feat(profile): start implementing systemctl subprofile instead of using child-systemctl. 2024-03-05 17:45:02 +00:00
Alexandre Pujol
a7e37528d5
feat(profile): update some browser based profiles. 2024-03-05 17:39:36 +00:00
Alexandre Pujol
bc69b193ea
feat(abs): minor update to abs definitions. 2024-03-05 17:37:38 +00:00
Alexandre Pujol
c66d3bf9f4
feat(profile): general update. 2024-03-05 16:58:16 +00:00
Alexandre Pujol
faa40c8cde
feat(fsp): cleanup main systemd profiles. 2024-03-05 16:53:34 +00:00
Alexandre Pujol
62f1f7df6e
feat(fsp): allow signal from system-user for some user app. 2024-03-05 00:25:39 +00:00
Alexandre Pujol
3c77da8f7d
feat(fsp): improve the systemd profiles. 2024-03-05 00:20:05 +00:00
Alexandre Pujol
c80449719e
feat(fsp): rewrite mount rules for systemd. 2024-03-05 00:18:40 +00:00
Alexandre Pujol
1699260a87
fear(fsp): expand systemd-service for more services. 2024-03-05 00:16:24 +00:00
Alexandre Pujol
89cd3d023b
fix: entrypoint for systemd-cryptsetup. 2024-03-04 23:27:21 +00:00
Alexandre Pujol
8ea0964724
feat(fsp): restrict @{run} for systemd. 2024-03-04 22:02:43 +00:00
Alexandre Pujol
532162f302
feat(abs): improve mount rule for bwrap. 2024-03-04 12:55:32 +00:00
Alexandre Pujol
f1b01d03cd
feat(profile): add gnome-desktop-thumbnailers. 2024-03-04 12:54:39 +00:00
Alexandre Pujol
0533e03756
feat(abs): add some dbus access to bwrap-app.
See #302
2024-03-03 23:15:19 +00:00
Alexandre Pujol
b91cf4da41
feat(abs): cleanup bwrap mount rule as it is not maintainable to restrict more. 2024-03-03 23:11:27 +00:00
Alexandre Pujol
0ffa51aca4
feat(abs): rewrite bwrap mount rules. 2024-03-03 12:08:30 +00:00
Alexandre Pujol
af0c87f712
feat(abs): add the initial version of the systemctl abstraction. 2024-03-03 12:03:16 +00:00
Alexandre Pujol
7e8f854b16
feat(abs): deny apparmor/.null in the base abstraction. 2024-03-03 11:51:39 +00:00
Jeroen Rijken
ba6172bb8c Review points
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
346285720d Small updates
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
0332c9cb1b Git SSH agent
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
a2a149e0b7 New abstraction uim
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
f807d5a190 Deduplicate and revert
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
13079bbd7e name to label
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
23fa2b36ab Remove curly brackets
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
af4038867a Syntax fixes
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
04cf3d3850 Various fixes
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
c177ca09ed Typo
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
b0655e9993 Fixes and profile updates
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Jeroen Rijken
b532dd6827 Update various profiles
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-03-02 16:05:34 +00:00
Alexandre Pujol
92a1d9f65f
feat(profile): general update. 2024-03-01 22:35:49 +00:00
Alexandre Pujol
81c55160e6
build(debian): fix a few lintian issues. 2024-03-01 00:17:19 +00:00
Alexandre Pujol
86898ec673
feat(aa-log): update order of impression. 2024-02-29 23:37:50 +00:00
Alexandre Pujol
65386321c2
feat(aa-log): update shell paths. 2024-02-29 23:14:01 +00:00
Alexandre Pujol
19b27a26c0
feat(aa-log): do not filter out addresses from the log. 2024-02-29 23:13:15 +00:00
Alexandre Pujol
3d4dd5c91a
feat(aa-log): correctly handle remount rule from mount log. 2024-02-29 23:12:19 +00:00
Alexandre Pujol
06abeac2ee
feat(profile): general update. 2024-02-29 21:45:42 +00:00
Alexandre Pujol
cd09dc7688
feat(abs): update dbus absractions. 2024-02-29 21:38:49 +00:00
Alexandre Pujol
f76051f114
feat(profile): add some unix rules with local address. 2024-02-29 21:15:59 +00:00
Alexandre Pujol
956c282794
feat(abs): add apps to the launcher-user abs. 2024-02-29 21:06:32 +00:00
Alexandre Pujol
717496e7df
fix: cleanup go code. 2024-02-29 00:38:29 +00:00
Alexandre Pujol
ffb189ef65
feat(profile): general update. 2024-02-29 00:32:40 +00:00
Alexandre Pujol
e616b9b3fc
feat(aa-log): ensure unix rule are not confused with network unix rule.
Both are technically the same, we simply prioritize `unix` to `network unix`.
2024-02-29 00:20:37 +00:00
Alexandre Pujol
e3daaf3d4c
feat(aa-log): ensure rule access is always present. 2024-02-29 00:19:26 +00:00
Alexandre Pujol
45a6e0bf21
fix(build): ensure the displace file get cleaned when not needed. 2024-02-29 00:03:39 +00:00
Alexandre Pujol
1f3b812cfb
feat(profile): add the loupe profile. 2024-02-28 23:52:57 +00:00
Alexandre Pujol
cda8f30c29
feat(profile): start using the new bwrap abs. 2024-02-28 23:52:15 +00:00
Alexandre Pujol
cbbb2b4a3e
fix(profile): better libdir for snap based profiles. 2024-02-28 23:47:47 +00:00
Alexandre Pujol
741980f8ab
feat(abs): use @{pci} in pci path. 2024-02-28 23:32:34 +00:00