apparmor.d

mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-12 05:05:11 +01:00

Author	SHA1	Message	Date
Alexandre Pujol	032d805666	feat(profile): general update.	2023-12-10 14:34:38 +00:00
Alexandre Pujol	c84af9e698	feat(profiles): add torbrowser profiles.	2023-12-09 16:21:06 +00:00
Alexandre Pujol	ccf4b4df06	feat(profiles): add some whonix specific profiles. Dev only, they may be moved into whonix repo later.	2023-12-09 16:19:42 +00:00
Alexandre Pujol	29b0e3e2e3	feat(profile): general update.	2023-12-09 16:14:22 +00:00
Alexandre Pujol	386402ed70	feat(profile): add some new profiles.	2023-12-09 11:39:10 +00:00
Alexandre Pujol	ed1ea18a9e	feat(profile): general update.	2023-12-09 11:28:23 +00:00
Alexandre Pujol	a9c864fe60	feat(profile): initial support for whonix.	2023-12-09 11:25:38 +00:00
Alexandre Pujol	f4505dd97d	feat(dbus): add new dbus abstraction.	2023-12-08 18:07:07 +00:00
Alexandre Pujol	c54d72543e	feat(profile): update flatpak.	2023-12-08 18:03:47 +00:00
Alexandre Pujol	d81bce5559	feat(profile): general update.	2023-12-08 18:01:39 +00:00
Alexandre Pujol	52e52f06db	feat(abs): unify app launcher abstraction.	2023-12-08 17:53:51 +00:00
Alexandre Pujol	9e402987c6	feat(tunables): add paths tunable To track common path of some major software.	2023-12-08 17:51:08 +00:00
Alexandre Pujol	bb947318a5	feat(profile): use the @{pci} varibale when possible.	2023-12-08 17:46:05 +00:00
Alexandre Pujol	013f1c5a83	feat(dbus): improve gnome-shell dbus rules.	2023-12-08 17:39:36 +00:00
Alexandre Pujol	853668e492	feat(dbus): improve dbus integration.	2023-12-08 17:38:21 +00:00
Alexandre Pujol	55a1fb6f9c	refractor(dbus): remove old dbus additions.	2023-12-06 22:03:54 +00:00
Alexandre Pujol	1cf268b770	refractor(dbus): use the new bus-{systemd,session} abstractions.	2023-12-06 21:56:59 +00:00
Alexandre Pujol	9861f005d4	feat(dbus): rewrite dbus rule for gnome-shell.	2023-12-06 20:23:15 +00:00
Alexandre Pujol	17c3faf09d	fix: issue in dbus rule.	2023-12-06 20:16:55 +00:00
Alexandre Pujol	4bddfd8690	refractor(dbus): bus/x -> bus-x.	2023-12-06 20:14:53 +00:00
Alexandre Pujol	0568ef0d45	feat(profile): add structure for some cups profile. They are empty, and forced into complain mode.	2023-12-06 20:06:49 +00:00
Alexandre Pujol	c0bab81e45	feat(profile): add some network deps profile.	2023-12-06 20:03:28 +00:00
Alexandre Pujol	a777161846	feat(profile): add initial structure some snap tools.	2023-12-06 20:02:15 +00:00
Alexandre Pujol	cc133e5f57	feat(profile): general update.	2023-12-06 20:00:40 +00:00
Alexandre Pujol	1307250250	feat(dbus): rewrite some dbus rules (9).	2023-12-06 19:55:48 +00:00
Alexandre Pujol	3425419f0e	feat(dbus): rename dbus abstractions.	2023-12-06 19:38:47 +00:00
Alexandre Pujol	401606b1aa	feat(dbus): add more dbus abstraction.	2023-12-06 19:21:06 +00:00
Alexandre Pujol	799b778480	feat(dbus): rename all new dbus abstractions. Use the dbus name as abstraction name.	2023-12-06 19:19:55 +00:00
Alexandre Pujol	aa1491a3c0	feat(dbus): add new unified main dbus abstraction. specify the aa profile in the peer label.	2023-12-06 19:10:23 +00:00
Alexandre Pujol	6a3cc952e1	feat(dbus): rewrite some dbus rules (8).	2023-12-05 21:27:03 +00:00
Alexandre Pujol	c4b48b06e2	feat(dbus): add login-session dbus abstraction.	2023-12-05 21:04:50 +00:00
Alexandre Pujol	538ec25001	feat(dbus): rewrite some dbus rules (7).	2023-12-05 21:01:26 +00:00
Alexandre Pujol	081c8a4fa1	feat(abs): add gnome-strict abstraction.	2023-12-05 20:50:22 +00:00
Alexandre Pujol	319b976beb	feat(profile): general update.	2023-12-05 20:45:13 +00:00
Alexandre Pujol	bf973760fd	feat(dbus): update some abs (2)	2023-12-05 20:37:31 +00:00
Alexandre Pujol	5d6c5e7baa	feat(dbus): update some abs.	2023-12-05 20:32:02 +00:00
Alexandre Pujol	95b62568b1	feat(dbus): add new dbus abstraction	2023-12-05 20:30:34 +00:00
Alexandre Pujol	94ff73c51b	fix: ensure all ibus deamon can run. Fix #260	2023-12-05 13:07:59 +00:00
Alexandre Pujol	c066ef0036	feat(dbus): rewrite some dbus rules (6).	2023-12-05 00:19:43 +00:00
Alexandre Pujol	da3b5103e4	feat(dbus): rewrite some dbus rules (5).	2023-12-04 21:54:45 +00:00
Alexandre Pujol	f5862c9862	feat(dbus): update common dbus abs.	2023-12-04 21:28:10 +00:00
Alexandre Pujol	8162c0aa2a	feat(dbus): add more dbus abstraction (2)	2023-12-04 21:27:18 +00:00
Alexandre Pujol	7f81da3a71	feat(profile): allow custom GUI launcher to start in xinit. See #259	2023-12-04 20:22:34 +00:00
Alexandre Pujol	16c2bf5662	feat(dbus): add more dbus abstraction.	2023-12-04 18:58:03 +00:00
Alexandre Pujol	2432414ae2	feat(dbus): rewrite some dbus rules (4).	2023-12-04 18:52:10 +00:00
Alexandre Pujol	dd1d9107e8	feat(profile): general update.	2023-12-03 16:57:50 +00:00
Alexandre Pujol	1edf507abf	feat(dbus): rewrite some dbus rules (4).	2023-12-03 16:53:25 +00:00
Alexandre Pujol	2af165403a	feat(dbus): rewrite some dbus rules (3).	2023-12-02 16:05:40 +00:00
Alexandre Pujol	92ebab604a	feat(dbus): add more dbus abstractions.	2023-12-02 15:52:00 +00:00
Alexandre Pujol	6810f4b050	fix(profile): add config dir on yt-dlp fix #258	2023-12-01 21:57:01 +00:00
Alexandre Pujol	3fc787e073	fix(profile): add cache dir for MPV. See #257	2023-12-01 21:53:59 +00:00
Alexandre Pujol	505770cd5a	feat(dbus): rewrite some dbus rules (2).	2023-12-01 21:53:09 +00:00
Alexandre Pujol	6d1ff256af	feat(dbus): rewrite some dbus rules (1).	2023-12-01 20:58:21 +00:00
Alexandre Pujol	d6888a65c4	feat(dbus): add initial polkit abstraction.	2023-12-01 20:42:41 +00:00
Alexandre Pujol	7f38dd255e	feat(profile): general update.	2023-12-01 13:22:45 +00:00
Alexandre Pujol	952ef478c0	fix(profile): brave-sandbox lib_dirs path. See: #255	2023-12-01 11:13:34 +00:00
Alexandre Pujol	4382a34b9e	feat(profile): add rfkill on networkd. See #256	2023-12-01 11:09:46 +00:00
Alexandre Pujol	8e45076077	feat(abs): add initial version of dbus abs.	2023-11-30 23:35:54 +00:00
Alexandre Pujol	d75fa9bbd5	feat(dbus): dbus rules cleanup (3)	2023-11-30 23:20:29 +00:00
Alexandre Pujol	cd391bae01	feat(dbus): dbus rules cleanup (2)	2023-11-30 22:42:49 +00:00
Alexandre Pujol	8a49f2ebe1	feat(dbus): dbus rules cleanup (1) - move common rule to abs - ensure peer name or label are always present - try to make rule more standard/easier to read	2023-11-30 22:39:44 +00:00
Alexandre Pujol	9517800a9d	feat(dbus): simple dbus rules cleaning.	2023-11-30 21:32:50 +00:00
Alexandre Pujol	dd06e3da65	feat(profile): modernise the calibre profile.	2023-11-30 21:25:41 +00:00
Alexandre Pujol	796cf32076	feat(profile): better kde integration. See #237	2023-11-30 19:04:59 +00:00
Alexandre Pujol	c27ec457d0	feat(profile): cleanup some dbus path/interfaces	2023-11-30 00:29:37 +00:00
Alexandre Pujol	459fe7c905	feat(profile): use the new bus/atspi abstraction in the profiles.	2023-11-30 00:22:34 +00:00
Alexandre Pujol	fe0cb4b48d	feat(profile): some cleanup in thunderbird.	2023-11-29 22:58:35 +00:00
Alexandre Pujol	5af4d3c921	fix(profiles): modernise plank & kstart - Still wip profile - Should enable additional DE to boot	2023-11-29 22:29:41 +00:00
Alexandre Pujol	f06f01a36a	Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update * 'feat/update' of https://github.com/Jeroen0494/apparmor.d: signal to socket Add kstart, XDG KDE updates Plank profile containerd and KDE updates	2023-11-29 22:20:29 +00:00
Alexandre Pujol	f5e7cd7d0c	feat(abs): add some common dbus rules.	2023-11-29 22:10:23 +00:00
Alexandre Pujol	94f18ed6c1	feat(abs): add new atspi dbus abstraction.	2023-11-29 22:09:05 +00:00
Alexandre Pujol	60e4a01a76	feat(abs): add some files into the base abstaction.	2023-11-29 17:50:26 +00:00
Alexandre Pujol	34630b2adf	fix(profile): private-files abs already included in private-files-strict. See `c8fd896`	2023-11-28 11:04:26 +00:00
Alexandre Pujol	a48daa9c9e	fix(profile): reduce the number of profile transition. See: `209688f`	2023-11-28 10:57:48 +00:00
Alexandre Pujol	209688fe86	feat(profile): general update.	2023-11-27 19:35:42 +00:00
Alexandre Pujol	fade97486d	feat(profile): add udev child & low-memory profiles.	2023-11-27 19:32:50 +00:00
Alexandre Pujol	cdfa76924b	feat(profile): add dleyna profiles.	2023-11-27 19:27:44 +00:00
Alexandre Pujol	c8fd896a0b	feat(profile): add nautilus previewer.	2023-11-27 19:26:13 +00:00
Alexandre Pujol	4c689dbad9	feat(profile): add gdm init profiles.	2023-11-27 19:25:34 +00:00
Alexandre Pujol	b8c2380da4	feat(profile): add epiphany providers.	2023-11-27 19:23:35 +00:00
Alexandre Pujol	52278490ab	feat(profile): general update.	2023-11-27 19:00:18 +00:00
Alexandre Pujol	319bea17c3	fix(full): fix pivot_root rule.	2023-11-27 18:56:39 +00:00
Alexandre Pujol	aa1553388b	feat(flatpak): add flatpak integration. - Add flatpak profile - Add flatpak-bwrap subprofile: it manage the sandbox creation & has some larger access. - Add flatpak-app, default profile for sandboxed app. See Full system policy #252	2023-11-26 23:19:09 +00:00
Alexandre Pujol	e41779f576	feat(full): add default bwrap profiles. On full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application. It is not enabled by default as the sandbox profile is quite large. Also integrate with the gnome app that use bwrap as sandbox manager. Update other related profiles See Full system policy #252	2023-11-26 23:12:35 +00:00
Alexandre Pujol	3da0ad2572	feat(full): add bwrap-app abstraction.	2023-11-26 23:08:02 +00:00
Alexandre Pujol	d8ff8c8cd6	feat(kde): add some kde profiles.	2023-11-26 23:07:02 +00:00
Alexandre Pujol	c2bc6f26ae	feat(profile): update kde profiles.	2023-11-26 23:05:01 +00:00
Alexandre Pujol	8250e202a0	feat(profile): general update.	2023-11-26 21:24:40 +00:00
Alexandre Pujol	cd1de59aad	feat(abs): improve audio abstraction.	2023-11-24 18:17:26 +00:00
Alexandre Pujol	ef1023156e	feat(profile): minor kde improvment on opensuse. see #208	2023-11-23 11:19:38 +00:00
Alexandre Pujol	31bc5a6053	feat(profiles): general update.	2023-11-22 21:37:09 +00:00
Alexandre Pujol	a49d83993a	feat(profile): add snapd-apparmor	2023-11-22 20:58:05 +00:00
Alexandre Pujol	c62b45964d	feat(profile): add e2scrub_all.	2023-11-22 20:56:42 +00:00
Alexandre Pujol	17d187e93b	feat(profiles): ensure apparmor_parser works with snap.	2023-11-22 20:55:47 +00:00
Alexandre Pujol	e247a3949e	feat(systemd): add initial version of all missing generator.	2023-11-22 20:55:01 +00:00
Alexandre Pujol	07acb8043b	feat(profiles): rename all systemd generator.	2023-11-22 20:51:10 +00:00
Alexandre Pujol	ba1cad7f73	feat(profile): improve child-open.	2023-11-22 20:12:59 +00:00
Alexandre Pujol	9ab0745e2d	feat(full): add default fallback profile. See #252	2023-11-22 20:12:20 +00:00
Alexandre Pujol	da51cdba64	feat(profiles): improve freedesktop profiles.	2023-11-22 20:07:31 +00:00
Alexandre Pujol	6c6646e1f6	feat(profiles): minor kde additions.	2023-11-22 20:06:39 +00:00
Alexandre Pujol	ae99433595	feat(full): simplify the service profiles.	2023-11-22 20:04:17 +00:00
Alexandre Pujol	04513af863	feat: cleanup child-systemctl	2023-11-22 18:43:43 +00:00
Alexandre Pujol	23be43ebd0	feat(full): improve how systemd handle services	2023-11-22 18:42:23 +00:00
Alexandre Pujol	908aba0385	feat(profiles): add some ubuntu specific profiles.	2023-11-19 21:42:31 +00:00
Alexandre Pujol	e29e839c62	feat(profiles): update apt related profiles.	2023-11-19 21:40:12 +00:00
Alexandre Pujol	07e7810d15	feat(full): add some services profile.	2023-11-19 21:39:36 +00:00
Alexandre Pujol	f43f950c90	feat(full): improve systemd-user profile.	2023-11-19 21:35:53 +00:00
Alexandre Pujol	59140f5411	feat(full): improve systemd profile. See https://apparmor.pujol.io/development/structure/#full-system-policy	2023-11-19 21:31:57 +00:00
monsieuremre	83a2a1cbf9	Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249 ) * full-policy * change path * change * big fix * Delete apparmor.d/groups/_full/systemd * Update and rename full-policy to systemd	2023-11-19 20:54:09 +00:00
Alexandre Pujol	f0cdadbdaf	feat(abs): improve mesa abstraction.	2023-11-19 15:39:02 +00:00
Alexandre Pujol	d1c8471b1d	fix: rule compilation.	2023-11-19 11:39:24 +00:00
Alexandre Pujol	88555a12d0	feat(profiles): add initial userns rule. Require apparmor 4 to be enabled.	2023-11-19 11:19:24 +00:00
Alexandre Pujol	2143fb03af	feat(full): add new systemd variable.	2023-11-19 11:13:40 +00:00
Alexandre Pujol	b79a1fcd31	feat(profile): general update. Also include some preparation for the systemd profile.	2023-11-19 11:08:35 +00:00
Alexandre Pujol	e8fcc12c98	feat(profiles): cleanup dbus daemon related profile.	2023-11-13 23:10:00 +00:00
Alexandre Pujol	e99f7de703	fix(profiles): fix slow startup of gnome at-spi-bus-launcher starts the accessibility bus. We need to ensure all buses are initally started by the same profile, otherwise the accessibility fail to start. See #74, #80 & #235	2023-11-13 22:59:10 +00:00
Alexandre Pujol	d3084839d1	feat(profiles): improve support for debian over gnome.	2023-11-13 22:14:54 +00:00
Alexandre Pujol	31edd15e8a	feat(profiles): improve kde integration.	2023-11-13 22:11:12 +00:00
Alexandre Pujol	6f98bb9bfb	feat(abs): add more possible resolv.conf path in nameservice. Used a lot by debian.	2023-11-13 19:32:04 +00:00
Alexandre Pujol	f0a2cb3897	feat(profiles): general update.	2023-11-11 22:02:47 +00:00
Alexandre Pujol	02115a194b	chore: cleanup abstraction' headers.	2023-11-11 20:25:55 +00:00
Alexandre Pujol	758991f67b	feat(profiles): general update.	2023-11-09 17:31:45 +00:00
Alexandre Pujol	ee658c41a6	refractor(profiles): improve child profile structure.	2023-11-09 17:29:34 +00:00
Alexandre Pujol	499b9e785d	feat(full): update full system structure. - Aims to be compatible with full-policy profile - Required by systemd	2023-11-09 17:27:19 +00:00
Jeroen Rijken	d042526ca4	signal to socket Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:32:07 +01:00
Jeroen Rijken	c5998d37a2	Add kstart, XDG KDE updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:32:07 +01:00
Jeroen Rijken	eaf9bdb32b	Plank profile Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:31:32 +01:00
Jeroen Rijken	90e98b6b56	containerd and KDE updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:31:32 +01:00
Alexandre Pujol	84ecf85c0b	feat(profiles): add dell cctk.	2023-10-26 22:40:21 +01:00
Alexandre Pujol	471b544d99	feat(profiles): better integration with not existing profile.	2023-10-26 22:38:39 +01:00
Alexandre Pujol	0031c9e86f	feat(profiles): minor dbus improvment.	2023-10-26 22:37:56 +01:00
Alexandre Pujol	aa7fe16a20	feat(profile): improve opensuse integration. See #208	2023-10-20 23:50:26 +01:00
Alexandre Pujol	4276ede03c	feat(profile): rewrite update-ca-certificates.	2023-10-20 23:43:36 +01:00
Alexandre Pujol	ed7585c3d0	refractor(profile): clean some dbus rules.	2023-10-20 23:15:39 +01:00
Alexandre Pujol	e26302b155	feat(profile): general update.	2023-10-20 23:13:11 +01:00
curiosityseeker	04cae35e6e	Update pacman-key (#230 )	2023-10-20 21:50:56 +00:00
curiosityseeker	38648bcba1	Update pipewire (#231 ) Necessary after the recent pipewire update, otherwise audio devices are no longer available.	2023-10-20 11:36:09 +00:00
Alexandre Pujol	ec5311413a	fix(tunables): better mountdirs.	2023-10-16 22:48:36 +01:00
Alexandre Pujol	e43ce58de1	feat(profiles): improve kde integration. See #208	2023-10-16 22:48:13 +01:00
Alexandre Pujol	5f47df0b79	feat(profiles): general update.	2023-10-13 00:05:53 +01:00
Alexandre Pujol	387f2f91fc	fix(profiles): fix brave entry point.	2023-10-13 00:03:29 +01:00
Alexandre Pujol	f5e3c86c6c	feat(profile): improve kde integration See #208	2023-10-09 21:13:40 +01:00
Alexandre Pujol	1cfe802172	feat(profile): support open suse path for git. See #208	2023-10-09 21:01:49 +01:00
Alexandre Pujol	b5fbef8eef	feat(profiles): general update.	2023-10-08 14:00:21 +01:00
Alexandre Pujol	352c444ae6	feat(profiles): general update.	2023-10-01 16:06:28 +01:00
Alexandre Pujol	ab0ee1a317	feat(profiles): add initial version of passim passimd.	2023-10-01 13:10:17 +01:00
Alexandre Pujol	70dc9b7844	feat(profile): remove the atom profile.	2023-09-29 19:47:08 +01:00
Alexandre Pujol	2aace6bccb	feat(profile): improve kde integration.	2023-09-29 19:33:09 +01:00
curiosityseeker	047c819e8c	Update fontconfig-cache-write	2023-09-29 19:28:51 +01:00
curiosityseeker	3d1c8e8b22	Update kwin_wayland	2023-09-29 19:28:51 +01:00

1 2 3 4 5 ...

1394 commits