Commit Graph

2625 Commits

Author SHA1 Message Date
Jose Maldonado aka Yukiteru
0d5655ba76 Noise reduction in exim4 profile
exim4 profile access to /proc/sys/net/ipv6/conf/all/disable_ipv6
in read mode searching information over IPv6 connection in the host.

In the actual profile this access is denied, this change fix this
and reduce noise in log.
2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru
2f3c4574ec Fix access to thumbnail cache dirs in abstractions
gsd-housekeepin in GNOME have access to @{user_cache_dirs} for
searching thumbnail files and executing one task
for cleaning these files every day.

The actual abstractions/thumbnails-cache-write fail in granted
this access, specially to various folders in
the thumbnail cache (ex: fail folder).

These changes fix this access. For convenience
abstractions/thumbnails-cache-read, have the same access
structure also for files/folders, but only read permissions.
2024-05-07 15:55:09 +01:00
Alexandre Pujol
18d1ee66a2
feat(profile): update zram generator. 2024-05-07 13:19:41 +01:00
Alexandre Pujol
7cb006d20c
feat(tunable): add torbrowser download dir. 2024-05-07 00:05:20 +01:00
Alexandre Pujol
03dd5fe4cd
feat(profile): improve xfce profiles stack. 2024-05-07 00:04:07 +01:00
Alexandre Pujol
6e86bf3914
build(whonix): add flags file. 2024-05-06 23:54:10 +01:00
Alexandre Pujol
c84b48b0b4
feat(profile): add torbrowser-updater. 2024-05-06 23:53:17 +01:00
Alexandre Pujol
eeb990a934
feat(profile): add some whonix specific profiles. 2024-05-06 23:52:38 +01:00
Alexandre Pujol
c5ed997b6d
feat(profile): improve whonix specific profiles. 2024-05-06 23:51:46 +01:00
Alexandre Pujol
301ffb6065
fix(profile): link rule format. 2024-05-06 20:53:29 +01:00
Alexandre Pujol
f567c0eff7
fix(profile): do not use aa:exec in flatpak-app to avoid conflicting x. 2024-05-06 20:49:30 +01:00
Alexandre Pujol
c2d786200f
feat(profile): cleanup xsession logs. 2024-05-06 20:47:08 +01:00
Alexandre Pujol
4b4e14b1d6
fix(profile): various fix & cleanup 2024-05-06 20:33:01 +01:00
Alexandre Pujol
e2c69f18fa
Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update
* 'feat/update' of https://github.com/Jeroen0494/apparmor.d:
  Cleanup
  Remove temp
  Various updates all over
  Various profile updates
2024-05-06 20:08:13 +01:00
Alex
f75e5047df
Merge branch 'main' into feat/update 2024-05-06 19:56:11 +01:00
Alexandre Pujol
9f7d53c692
fix(tunable): definition of msedge_lib_dirs 2024-05-06 19:32:12 +01:00
Alexandre Pujol
f607fee8e1
feat(tunable): limit suse multiarch on opensuse. 2024-05-06 19:26:04 +01:00
Alexandre Pujol
88387956de
feat(tunable): add gvfs dir to MOUNTS. 2024-05-06 19:25:31 +01:00
Alexandre Pujol
9924da261f
feat(tunable): reorganise program & path defintions. 2024-05-06 19:25:07 +01:00
Alexandre Pujol
3b41ee93dc
feat(tunable): add the user defined private directories
- Add @{XDG_PRIVATE_DIR} & @{user_private_dirs}
- This directories are denied in file browser and search engine.
2024-05-06 19:21:04 +01:00
Jose Maldonado
8224ac2b3f
Fix access to OpenSC configuration (#326) 2024-05-06 18:16:39 +00:00
Alexandre Pujol
89f896a0fd
feat(profile): cleanup flatpak share access. 2024-05-05 18:17:52 +01:00
Alexandre Pujol
0ffd70319b
feat(tunable): add @{hex16} 2024-05-05 17:49:45 +01:00
Alexandre Pujol
d544c386f7
fix(profile): ensure PAM & systemd-homed compatibility.
see #321
2024-05-05 17:42:32 +01:00
Alexandre Pujol
81f0163086
feat(aa): cleanup, fix import and add some unit tests. 2024-05-05 14:19:25 +01:00
Alexandre Pujol
3ad55927bf
feat(aa): add basic rules getter 2024-05-05 14:11:00 +01:00
Alexandre Pujol
ad81c39e31
feat(aa): remove now unsused rule.Sort method. 2024-05-05 14:10:14 +01:00
Alexandre Pujol
305d06dbe0
feat(aa): rewrite variable handling. 2024-05-05 14:09:00 +01:00
Alexandre Pujol
28f4294774
feat(aa): move the all rule to its own file. 2024-05-05 13:57:15 +01:00
Fusion future
bfd9e9e3d6
plasmashell: add local wallpaper rules (#324)
Allow plasmashell to access wallpapers in the cache folder and the user
share folder.
2024-05-05 11:47:59 +00:00
Fusion future
06619cef0a
plasmashell: add flatpak mime folder (#325)
It's read by the krunner plugin.
2024-05-05 11:47:40 +00:00
Alexandre Pujol
1e79d27232
feat(aa): rename identation variables. 2024-05-04 23:54:39 +01:00
Alexandre Pujol
5943e9a24d
test(aa): cleanup unit tests. 2024-05-04 23:45:36 +01:00
Alexandre Pujol
f763d31a07
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-04 23:41:47 +01:00
Alexandre Pujol
a5c4eab0cf
feat(aa): make preamble rule classic aa rules. 2024-05-04 23:25:55 +01:00
Alexandre Pujol
d69dcad46d
feat(profile): add epiphany.
Fix  #322
2024-05-04 13:19:03 +01:00
Alexandre Pujol
9dba91296a
fix: typo in abs name. 2024-05-04 00:24:41 +01:00
Alexandre Pujol
f38f1ad651
feat(profile): improve kde profiles. 2024-05-04 00:21:03 +01:00
Alexandre Pujol
683bfed4ad
feat(profile): modernise some profiles. 2024-05-04 00:14:07 +01:00
Alexandre Pujol
40abc98201
feat(profile): general update. 2024-05-03 18:16:12 +01:00
Alexandre Pujol
b636b4b3e9
feat(aa-log): improve the journalctl filter. 2024-05-03 13:01:10 +01:00
Alexandre Pujol
9c0f4dd6a7
fix(aa-log): grep journal logs over apparmor instead of AVC for wider compatibility. 2024-05-03 12:34:08 +01:00
Alexandre Pujol
dfdf50a3d3
fix(build): add msedge to the overwritten list. 2024-05-03 12:32:22 +01:00
Alexandre Pujol
3a90d82a1e
feat: remove the deprecated ucf profile. 2024-05-02 22:27:00 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable.
It is only used with the owner statement.
2024-05-02 22:12:02 +01:00
Alexandre Pujol
0bbbe71422
feat(tunable): add the new @{tmp} variable
Mostly used to handle libpam-tmpdir. See #318 #320
2024-05-02 21:42:33 +01:00
Alexandre Pujol
511ba6c6a9
feat(aa-log): filter journactl log 2024-05-01 18:25:11 +01:00
Alexandre Pujol
db87c56f37
feat(profile): general update. 2024-05-01 14:22:42 +01:00
Alexandre Pujol
4d9ea026c7
feat(abs): add the fish shell abstraction. 2024-05-01 13:49:51 +01:00
Alexandre Pujol
12c4ab122b
feat(profile): add gnome-firmware. 2024-05-01 12:32:31 +01:00