mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 14:55:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
2797 commits 6 branches 0 tags 16 MiB
Commit graph

468 commits

Author SHA1 Message Date
Alexandre Pujol
d480156e09
feat(profile): general update. 2024-07-06 23:46:06 +01:00
Alexandre Pujol
62e18d04d7
feat(profile): general update. 2024-07-04 22:22:48 +01:00
Alexandre Pujol
f9a93ab67e
feat(profile): general update. 2024-06-29 23:05:45 +01:00
Alexandre Pujol
ae71b323c2
feat(profile): general update. 2024-06-23 11:25:17 +01:00
Alexandre Pujol
58c07e5ea5
feat(profile): general update. 2024-06-20 17:57:30 +01:00
Alexandre Pujol
13b35b156e
feat(abs): add the app/kmod abstraction. 2024-06-16 21:50:48 +01:00
Alexandre Pujol
cb4f3af58e
feat(profile): add ddcutil 2024-06-16 20:07:41 +01:00
REmerald
41b1489b76 fix: add vim syntax to remaining files 
Add vim syntax modeline to files which didn't have it for some reason.
Continuation of #396.
 2024-06-16 17:32:21 +01:00
REmerald
293217aee2
fix(profiles-a-f): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 21:59:31 +01:00
REmerald
72b11e5d05
feat(profiles-a-f): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor
 2024-06-15 21:59:31 +01:00
Alexandre Pujol
faab4928ed
feat(profile): general update. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
79eed4b93d
feat(profile): improve sqlite temp file definition. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
035e1da7b2
feat(abs): add udevadm app abstraction. 2024-06-15 21:59:31 +01:00
valoq
d7e09d88fd complete browsers 2024-06-13 13:38:42 +01:00
valoq
7b69b696fb use strict abstraction 2024-06-13 13:38:42 +01:00
valoq
cc9e7fdde1 add preview tools 2024-06-13 13:38:42 +01:00
Alexandre Pujol
d283ef5196
feat(profile): general update. 2024-06-10 23:58:44 +01:00
Alexandre Pujol
5c8dda1ced
feat(profile): remove rule moved in the base or nameservice abstraction. 2024-06-08 22:49:28 +01:00
Alexandre Pujol
503e83a896
fix: steam support on flatpak. 
fix #368
 2024-06-07 17:10:54 +01:00
valoq
0565558fe0 complete atool 2024-06-06 11:40:18 +01:00
Alexandre Pujol
8b60e56002
feat(profile): general update. 2024-06-04 20:13:40 +01:00
Alexandre Pujol
951bf6a840
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  fix(systemd-oomd): add `app.slice` and `session.slice` paths
  polkit-kde-authentication-agent update (#345)
  add multiple profiles (#341)
 2024-06-03 19:06:35 +01:00
Alexandre Pujol
a1fe682e7a
feat(profile): update btop. 2024-06-03 18:34:55 +01:00
valoq
bb772167f0
add multiple profiles (#341) 
* add multiple profiles
 2024-05-31 10:47:01 +00:00
Alexandre Pujol
3f688be7a0
feat(profile): general update. 2024-05-30 21:03:39 +01:00
Alexandre Pujol
89abbae6bd
Merge branch 'feat/aa' 
Improve go apparmor lib.

* aa: (62 commits)
  feat(aa): handle appending value to defined variables.
  chore(aa): cosmetic.
  fix: userspace prebuild test.
  chore: cleanup unit test.
  feat(aa): improve log conversion.
  feat(aa): move conversion function to its own file & add unit tests.
  fix: go linter issue & not defined variables.
  tests(aa): improve aa unit tests.
  tests(aa): improve rules unit tests.
  feat(aa): ensure the prebuild jobs are working.
  feat(aa): add more unit tests.
  chore(aa): cleanup.
  feat(aa): Move sort, merge and format methods to the rules interface.
  feat(aa): add the hat template.
  feat(aa): add the Kind struct to manage aa rules.
  feat(aa): cleanup rules methods.
  feat(aa): add function to resolve include preamble.
  feat(aa): updaqte mount flags order.
  feat(aa): update default tunable selection.
  feat(aa): parse apparmor preamble files.
  ...
 2024-05-30 19:29:34 +01:00
Alexandre Pujol
bc216176a3
fix: go linter issue & not defined variables. 2024-05-30 12:28:12 +01:00
Alexandre Pujol
c785b41451
feat(profile): general update. 2024-05-18 22:35:05 +01:00
Alexandre Pujol
1739c07ca1
feat(profile): general update. 2024-05-11 17:38:43 +01:00
Jose Maldonado aka Yukiteru
60ba9ae965 Fix and optimizations for flameshot profile 
Profile simplification PATH and better use for abstractions.
Add permission for @{user_cache_dirs}
 2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru
3748a13710 Fix access to translations and /tmp in run-time 
Flameshot access to /usr/share/flameshot for search translations for UI.
And have access to /tmp for create tempfile for other apps (ex: send image to GIMP)
 2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru
31cb3e962d Enable flameshot profile 
I tested in enforce mode the flameshot profile and
fix a little problem with access resources for this app.

All work OK in Debian Stable.
 2024-05-11 12:10:59 +01:00
Alexandre Pujol
2b6fb63245
feat(profile): add foliate. 2024-05-08 21:15:27 +01:00
Alexandre Pujol
bed9545082
feat(profile): general update. 2024-05-08 20:08:41 +01:00
Alexandre Pujol
7963a65a88
feat(profile): add support for terminal in flatpak app. 
- Sandbox's security is managed by flatpak
- The app stays confined under the (not really strict) flatpak-app profile
- User shell runs unconfined (under the `user_unconfined` profile)

Running terminal as a flatpak app provides less security than as a normal app.
This is because the shell runs as user_unconfined profile that will purposely
not transition to any other profile. While a shell from a classic terminal will
transition to any profile it can, and thus would get restricted. In other words,
running `apt` inside flatpak would run under the `user_unconfined` while it
would use the `apt` profile outside the sandbox.

fix #314
 2024-05-08 15:48:14 +01:00
Alexandre Pujol
66c8f42d94
feat(tunable): add the new @{user} variable 2024-05-07 17:41:34 +01:00
Alexandre Pujol
1842f8a4d5
feat(profile): add some new profile (2). 2024-05-07 17:32:36 +01:00
Alexandre Pujol
fe1e3c3be8
feat(profile): add some new profile. 2024-05-07 17:25:43 +01:00
Alexandre Pujol
239d5efe63
feat(profile): general update. 2024-05-07 16:19:29 +01:00
Jose Maldonado aka Yukiteru
92a370210d Fix exec for exim4 for anacron (default config Debian Stable) 
On default installation on Debian Stable (12) anacron run tasks
and when finish all them, run exim4 for send info via mail.

The actual profile don´t permit this behaviour and fail sending
info for all task finished for mail configurated.
 2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru
0d5655ba76 Noise reduction in exim4 profile 
exim4 profile access to /proc/sys/net/ipv6/conf/all/disable_ipv6
in read mode searching information over IPv6 connection in the host.

In the actual profile this access is denied, this change fix this
and reduce noise in log.
 2024-05-07 15:55:09 +01:00
Alexandre Pujol
f567c0eff7
fix(profile): do not use aa:exec in flatpak-app to avoid conflicting x. 2024-05-06 20:49:30 +01:00
Alex
f75e5047df
Merge branch 'main' into feat/update 2024-05-06 19:56:11 +01:00
Alexandre Pujol
683bfed4ad
feat(profile): modernise some profiles. 2024-05-04 00:14:07 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable. 
It is only used with the owner statement.
 2024-05-02 22:12:02 +01:00
Alexandre Pujol
db87c56f37
feat(profile): general update. 2024-05-01 14:22:42 +01:00
Alexandre Pujol
01dd9ebb0c
feat(profile): general update. 2024-05-01 12:25:01 +01:00
Jeroen Rijken
e8eadcc7ec Cleanup 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-04-28 16:25:45 +02:00
Jeroen Rijken
8b3613fa48 Various updates all over 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-04-28 16:08:03 +02:00
Alexandre Pujol
a63201486b
feat(profile): update flatpak profiles stack. 2024-04-28 13:51:57 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Jose Maldonado aka Yukiteru
5c35b1d69c Fix profiles for support Qt5CT and Qt6CT 
This fix the next profiles

*Birdtray
*Convertall
*Fritzing
 2024-04-27 23:51:48 +01:00
Alexandre Pujol
e4c3f1f076
fix: flatpak-app was too strict for some app. 
See #314
 2024-04-25 13:26:11 +01:00
Alexandre Pujol
3c6102e919
feat(profile): general update. 2024-04-09 23:48:33 +01:00
Alexandre Pujol
69f90c5a11
feat(profile): use gnome abs in common gnome app. 2024-04-09 23:42:03 +01:00
Alexandre Pujol
9aa9f26507
feat(profile): general update. 2024-04-05 23:55:21 +01:00
Alexandre Pujol
c359c0a2fd
feat(profile): add alsactl. 2024-04-03 21:56:58 +01:00
Alexandre Pujol
095254864f
feat(profile): general update. 2024-04-03 21:04:18 +01:00
Alexandre Pujol
6dd0c36e9a
feat: prefix variables that refer to a profile 2024-04-02 13:41:08 +01:00
Alexandre Pujol
534b10b261
feat(profile): rewrite some electron based profiles using the new electron abs. 2024-03-30 14:54:21 +00:00
Alexandre Pujol
2fc2394bad
feat(abs): rewrite user-read/user-write. 
See #307
 2024-03-28 16:47:40 +00:00
Alexandre Pujol
197c1bd78a
feat(profile): general update. 2024-03-27 21:53:11 +00:00
Alexandre Pujol
b88b8b8c26
refractor(abs): move common and app abstraction to their own abstractions subfolder. 
As the number of abstraction is increasing, it is valuable to separate "base" abstractions to programs specific ones.
 2024-03-27 15:11:21 +00:00
Alexandre Pujol
8c516ea788
feat(profile): general update. 2024-03-22 22:13:42 +00:00
Alexandre Pujol
a5f71675ea
feat(profile): general update. 2024-03-22 19:45:13 +00:00
Alexandre Pujol
828f282fc3
feat(profile): cleanup unix_chpwd already present in abs. 2024-03-22 13:11:49 +00:00
Alexandre Pujol
325068b705
feat(profile): all electron based software need userns. 2024-03-22 11:49:00 +00:00
Alexandre Pujol
6c38e90b5e
feat(profile): update dbus directive format. 2024-03-21 23:03:08 +00:00
Alexandre Pujol
7b880a5142
feat(profile): general update. 2024-03-20 00:04:39 +00:00
Alexandre Pujol
bf613f59a5
feat(profile): replace @{md5} by @{hex32}. 2024-03-19 21:26:12 +00:00
Alexandre Pujol
77945674a5
feat(profile): general update. 2024-03-18 14:31:01 +00:00
Alexandre Pujol
bf22e0770f
feat(profile): improve integration with opensuse. 2024-03-17 22:47:36 +00:00
Alexandre Pujol
0c5e71f971
feat(profile): cleanup some rules already included in abs. 2024-03-16 21:40:35 +00:00
Alexandre Pujol
c6717d2bab
feat(profile): use new dbus profile in dbus label. 2024-03-16 13:10:25 +00:00
Alexandre Pujol
cf4e47f10f
feat(profile): general update. 2024-03-15 16:07:53 +00:00
Alexandre Pujol
bdeb62d17d
feat(profile): add some missing dbus own definition. 2024-03-15 15:03:42 +00:00
Alexandre Pujol
467c38724a
feat(profile): clean superfluous openssl abstraction includes 
apparmor.d equivalent of https://gitlab.com/apparmor/apparmor/-/merge_requests/1179
 2024-03-12 16:00:44 +00:00
Alexandre Pujol
9c859cec9d
feat(profile): modernize some profiles. 2024-03-12 15:48:43 +00:00
Alexandre Pujol
81b9de3aff
feat(profile): use the new audio-client abs in profiles. 2024-03-12 15:44:40 +00:00
Alexandre Pujol
e4c0f683d2
feat(profile): replace old audio abstraction by the new stack. 2024-03-12 15:39:10 +00:00
Alexandre Pujol
0eeefb5f09
feat(profile): general update. 2024-03-11 22:47:22 +00:00
Alexandre Pujol
68fbd81e17
feat(profile): general update. 2024-03-10 21:21:00 +00:00
Alexandre Pujol
7882ae2153
feat(profile): remove rule moved to the base abstraction. 2024-03-10 20:01:58 +00:00
Alexandre Pujol
beaf1bad16
feat(profile): general update. 2024-03-10 19:35:04 +00:00
Alexandre Pujol
ff849b9f09
feat(profile): general update. 2024-03-05 18:00:36 +00:00
Alexandre Pujol
c66d3bf9f4
feat(profile): general update. 2024-03-05 16:58:16 +00:00
Alexandre Pujol
62f1f7df6e
feat(fsp): allow signal from system-user for some user app. 2024-03-05 00:25:39 +00:00
Alexandre Pujol
7e8f854b16
feat(abs): deny apparmor/.null in the base abstraction. 2024-03-03 11:51:39 +00:00
Jeroen Rijken
ba6172bb8c Review points 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
f807d5a190 Deduplicate and revert 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
23fa2b36ab Remove curly brackets 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
04cf3d3850 Various fixes 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
b0655e9993 Fixes and profile updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
b532dd6827 Update various profiles 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Alexandre Pujol
92a1d9f65f
feat(profile): general update. 2024-03-01 22:35:49 +00:00
Alexandre Pujol
06abeac2ee
feat(profile): general update. 2024-02-29 21:45:42 +00:00
Alexandre Pujol
cda8f30c29
feat(profile): start using the new bwrap abs. 2024-02-28 23:52:15 +00:00
Alexandre Pujol
555b5e3c3f
feat(profile): general update. 2024-02-28 17:17:20 +00:00
Alexandre Pujol
d187514fd3
feat(profile): add new userns rule. 2024-02-28 15:39:18 +00:00
Alexandre Pujol
175d243c54
refractor: rename element -> element-desktop. 2024-02-28 15:37:52 +00:00