Alexandre Pujol
d1fb9574cb
feat(aa-log): speed up log generation.
2024-04-28 12:06:40 +01:00
Jose Maldonado
b4e5837bb9
Fix access to /tmp using libpam-tmpdir in Debian ( #318 )
...
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.
Those rules for the directory
/tmp/user/@{uid}/<affected_program>
In the case of qBitorrent this applies to the following directory:
/tmp/user/@{uid}/.qBitorrent
This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.
Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488 )
2024-04-28 10:27:39 +00:00
Alexandre Pujol
fc64028097
chore(lint): do not lint the path helper lib.
2024-04-28 00:48:17 +01:00
Alexandre Pujol
00f6d88cb8
fix: add missings paths import.
2024-04-28 00:44:23 +01:00
Alexandre Pujol
ac8eec933b
fix: keep go 1.21.
2024-04-28 00:39:24 +01:00
Alexandre Pujol
cbddd56f39
chore: update go sum.
2024-04-28 00:37:07 +01:00
Alexandre Pujol
926e146dad
chore: use internal paths lib.
2024-04-28 00:36:16 +01:00
Alexandre Pujol
f66789d381
chore: include build dep go-paths-helper.
...
See #305
2024-04-28 00:30:59 +01:00
Alexandre Pujol
0cd0262bed
chore: update go mod deps.
2024-04-28 00:04:42 +01:00
Jose Maldonado aka Yukiteru
2f3d55e924
Fix out-of-scope in abstractions/video and bad use abstraction in chromium
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
d88e88767e
Fix minitube profile for support Qt5CT and Qt6CT
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
df52a5aa50
Fix support for Qt5CT and Qt6CT in profiles-s-z
...
This fix the next apps/binaries
*smplayer
*smtube
*strawberry
*thunderbird
*transmission-qt
*usbguard-applet-qt
*vidcutter
*vlc
*wpa-gui
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ed52e44cd
Fix support for Qt5CT and Qt6CT in profiles-m-r
...
This fix the next apps/binaries
*megasync
*merkaator
*mkvtoolnix-gui
*pinentry-qt
*psi
*psi-plus
*qnapi
*qpdfview
*qtox
*quiterss
*rpi-imager
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
917a754206
Fix suppport for Qt5CT and Qt6CT in profiles-g-l
...
This fix support for this profiles
*kanyremote
*keepassxc
*linssid
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
5c35b1d69c
Fix profiles for support Qt5CT and Qt6CT
...
This fix the next profiles
*Birdtray
*Convertall
*Fritzing
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
72784f4cbc
Fix support for Qt5CT and Qt6CT in kde groups profiles
...
This fix support in this apps/binaries
*kio_http
*kiod
*kscreenlocker
*kwalletd
*kwalletmanager
*kwin_wayland
*sddm-greeter
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ba5adc6f2
Fix qt5ct and qt6ct support in freedesktop group profiles
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
35f947aaa9
Fix Calibre group profile
...
Forgotten qt5ct line in Calibre group profile.
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
d26b86c5d7
Fix support for Qt5 and Qt5 in apps groups
...
This changes fix access to qt5ct and qt6ct for:
*Calibre
*Flameshot
*Telegram
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
004572349d
Fix support for Qt5 and Qt6 in Akonadi group
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
5d1fae1121
Better support for video devices (ex: webcam)
...
Actually, Wirepumbler profile fail to access to /dev/video devices
this update fix this problem.
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
3291fa7f8f
Better support for Qt in abstractions/chromium
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
4355f707db
Add support for qt5ct and qt6ct
2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
4874bd8c7e
Fix path in abstractions/qt5
2024-04-26 00:16:25 +01:00
Jose Maldonado aka Yukiteru
0adb00212a
Changes for use @{user_config_dirs} for abstractions/qt5.d integration
2024-04-26 00:16:25 +01:00
Jose Maldonado aka Yukiteru
c733d6b9c2
Modifications for qbittorrent profile and qt5.d abstractions
...
This modifications allow read system and user qt5ct configs for better
integrations with other DEs (not-KDE).
2024-04-26 00:16:25 +01:00
Alexandre Pujol
068373405f
feat(aa): add some missing rule template.
2024-04-25 14:01:04 +01:00
Alexandre Pujol
e4c3f1f076
fix: flatpak-app was too strict for some app.
...
See #314
2024-04-25 13:26:11 +01:00
Alexandre Pujol
b3a5fb1ce5
fix: enable pam-tmpdir-helper for all distribution.
...
fix #316
2024-04-25 12:10:29 +01:00
Alexandre Pujol
978daa446b
feat(aa-log): update aa module to last changes.
2024-04-24 21:58:15 +01:00
Alexandre Pujol
8a8808194b
refractor(aa): move base rule & qualifier to their own file.
2024-04-24 13:31:22 +01:00
Alexandre Pujol
8bb6f07950
feat(prebuilt): update aa usage to the last changes.
2024-04-23 21:43:22 +01:00
Alexandre Pujol
de73c9b706
test(aa): improve some internal unit test.
...
Thanks to the last changes...
2024-04-23 21:38:52 +01:00
Alexandre Pujol
a0b5362589
refractor(aa): update test structure.
2024-04-23 21:35:23 +01:00
Alexandre Pujol
2923df2a73
refractor(aa): move profile specific method to the profile struct.
2024-04-23 21:32:58 +01:00
Alexandre Pujol
120db93396
feat(aa): refractor apparmor templates to the last changes.
2024-04-23 21:27:35 +01:00
Alexandre Pujol
5483668574
feat(aa): add a string method to all rule struct.
2024-04-23 21:26:09 +01:00
Alexandre Pujol
e9fa0660f8
feat(aa): add define parameter for variables.
2024-04-23 21:18:44 +01:00
Alexandre Pujol
c719a0a109
feat(aa): ensure accesses are slice of string.
2024-04-23 21:17:25 +01:00
Alexandre Pujol
a2910122d2
fix: do not use the wrong profile.
2024-04-23 19:18:42 +01:00
Alexandre Pujol
c97886d960
feat(aa): continue refractoring the aa structure.
2024-04-19 22:43:02 +01:00
Alexandre Pujol
8ef858ad35
feat(aa): refractor template to allow multiple templates.
2024-04-17 18:02:41 +01:00
Alexandre Pujol
890275fb22
feat(aa): rename the main profile struct.
2024-04-16 21:51:56 +01:00
Alexandre Pujol
af6d4d698e
fix: clean redundant x transition.
...
See #312
2024-04-15 18:25:24 +01:00
Alexandre Pujol
4b753210e7
feat(aa): modify the apparmor struct to support multiple profiles and subprofile.
2024-04-15 14:09:04 +01:00
Alexandre Pujol
507002c660
feat(aa): rename the main file template.
2024-04-15 13:32:20 +01:00
Alexandre Pujol
ab4feda5ba
feat(aa): improve apparmor struct.
2024-04-14 23:58:34 +01:00
Alexandre Pujol
4c6122598e
fix: add missing systemd-notify profile.
2024-04-13 12:21:47 +01:00
Alexandre Pujol
ea1736083a
chore: use slices from standard library.
2024-04-12 20:07:05 +01:00
Alexandre Pujol
8b68132f0e
fix(build): add a simple check to ensure all resolved variables are defined.
2024-04-11 00:15:08 +01:00