mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-12 05:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1875 commits 6 branches 0 tags 16 MiB
Commit graph

1394 commits

Author SHA1 Message Date
Alexandre Pujol
ae99433595
feat(full): simplify the service profiles. 2023-11-22 20:04:17 +00:00
Alexandre Pujol
04513af863
feat: cleanup child-systemctl 2023-11-22 18:43:43 +00:00
Alexandre Pujol
23be43ebd0
feat(full): improve how systemd handle services 2023-11-22 18:42:23 +00:00
Alexandre Pujol
908aba0385
feat(profiles): add some ubuntu specific profiles. 2023-11-19 21:42:31 +00:00
Alexandre Pujol
e29e839c62
feat(profiles): update apt related profiles. 2023-11-19 21:40:12 +00:00
Alexandre Pujol
07e7810d15
feat(full): add some services profile. 2023-11-19 21:39:36 +00:00
Alexandre Pujol
f43f950c90
feat(full): improve systemd-user profile. 2023-11-19 21:35:53 +00:00
Alexandre Pujol
59140f5411
feat(full): improve systemd profile. 
See https://apparmor.pujol.io/development/structure/#full-system-policy
 2023-11-19 21:31:57 +00:00
monsieuremre
83a2a1cbf9
Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249) 
* full-policy

* change path

* change

* big fix

* Delete apparmor.d/groups/_full/systemd

* Update and rename full-policy to systemd
 2023-11-19 20:54:09 +00:00
Alexandre Pujol
f0cdadbdaf
feat(abs): improve mesa abstraction. 2023-11-19 15:39:02 +00:00
Alexandre Pujol
d1c8471b1d
fix: rule compilation. 2023-11-19 11:39:24 +00:00
Alexandre Pujol
88555a12d0
feat(profiles): add initial userns rule. 
Require apparmor 4 to be enabled.
 2023-11-19 11:19:24 +00:00
Alexandre Pujol
2143fb03af
feat(full): add new systemd variable. 2023-11-19 11:13:40 +00:00
Alexandre Pujol
b79a1fcd31
feat(profile): general update. 
Also include some preparation for the systemd profile.
 2023-11-19 11:08:35 +00:00
Alexandre Pujol
e8fcc12c98
feat(profiles): cleanup dbus daemon related profile. 2023-11-13 23:10:00 +00:00
Alexandre Pujol
e99f7de703
fix(profiles): fix slow startup of gnome 
at-spi-bus-launcher  starts the accessibility bus.
We need to ensure all buses are initally started by the same profile,
otherwise  the accessibility fail to start.

See #74, #80 & #235
 2023-11-13 22:59:10 +00:00
Alexandre Pujol
d3084839d1
feat(profiles): improve support for debian over gnome. 2023-11-13 22:14:54 +00:00
Alexandre Pujol
31edd15e8a
feat(profiles): improve kde integration. 2023-11-13 22:11:12 +00:00
Alexandre Pujol
6f98bb9bfb
feat(abs): add more possible resolv.conf path in nameservice. 
Used a lot by debian.
 2023-11-13 19:32:04 +00:00
Alexandre Pujol
f0a2cb3897
feat(profiles): general update. 2023-11-11 22:02:47 +00:00
Alexandre Pujol
02115a194b
chore: cleanup abstraction' headers. 2023-11-11 20:25:55 +00:00
Alexandre Pujol
758991f67b
feat(profiles): general update. 2023-11-09 17:31:45 +00:00
Alexandre Pujol
ee658c41a6
refractor(profiles): improve child profile structure. 2023-11-09 17:29:34 +00:00
Alexandre Pujol
499b9e785d
feat(full): update full system structure. 
- Aims to be compatible with full-policy profile
- Required by systemd
 2023-11-09 17:27:19 +00:00
Jeroen Rijken
d042526ca4 signal to socket 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:32:07 +01:00
Jeroen Rijken
c5998d37a2 Add kstart, XDG KDE updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:32:07 +01:00
Jeroen Rijken
eaf9bdb32b Plank profile 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:31:32 +01:00
Jeroen Rijken
90e98b6b56 containerd and KDE updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:31:32 +01:00
Alexandre Pujol
84ecf85c0b
feat(profiles): add dell cctk. 2023-10-26 22:40:21 +01:00
Alexandre Pujol
471b544d99
feat(profiles): better integration with not existing profile. 2023-10-26 22:38:39 +01:00
Alexandre Pujol
0031c9e86f
feat(profiles): minor dbus improvment. 2023-10-26 22:37:56 +01:00
Alexandre Pujol
aa7fe16a20
feat(profile): improve opensuse integration. 
See #208
 2023-10-20 23:50:26 +01:00
Alexandre Pujol
4276ede03c
feat(profile): rewrite update-ca-certificates. 2023-10-20 23:43:36 +01:00
Alexandre Pujol
ed7585c3d0
refractor(profile): clean some dbus rules. 2023-10-20 23:15:39 +01:00
Alexandre Pujol
e26302b155
feat(profile): general update. 2023-10-20 23:13:11 +01:00
curiosityseeker
04cae35e6e
Update pacman-key (#230) 2023-10-20 21:50:56 +00:00
curiosityseeker
38648bcba1
Update pipewire (#231) 
Necessary after the recent pipewire update, otherwise audio devices are no longer available.
 2023-10-20 11:36:09 +00:00
Alexandre Pujol
ec5311413a
fix(tunables): better mountdirs. 2023-10-16 22:48:36 +01:00
Alexandre Pujol
e43ce58de1
feat(profiles): improve kde integration. 
See #208
 2023-10-16 22:48:13 +01:00
Alexandre Pujol
5f47df0b79
feat(profiles): general update. 2023-10-13 00:05:53 +01:00
Alexandre Pujol
387f2f91fc
fix(profiles): fix brave entry point. 2023-10-13 00:03:29 +01:00
Alexandre Pujol
f5e3c86c6c
feat(profile): improve kde integration 
See #208
 2023-10-09 21:13:40 +01:00
Alexandre Pujol
1cfe802172
feat(profile): support open suse path for git. 
See #208
 2023-10-09 21:01:49 +01:00
Alexandre Pujol
b5fbef8eef
feat(profiles): general update. 2023-10-08 14:00:21 +01:00
Alexandre Pujol
352c444ae6
feat(profiles): general update. 2023-10-01 16:06:28 +01:00
Alexandre Pujol
ab0ee1a317
feat(profiles): add initial version of passim passimd. 2023-10-01 13:10:17 +01:00
Alexandre Pujol
70dc9b7844
feat(profile): remove the atom profile. 2023-09-29 19:47:08 +01:00
Alexandre Pujol
2aace6bccb
feat(profile): improve kde integration. 2023-09-29 19:33:09 +01:00
curiosityseeker
047c819e8c Update fontconfig-cache-write 2023-09-29 19:28:51 +01:00
curiosityseeker
3d1c8e8b22 Update kwin_wayland 2023-09-29 19:28:51 +01:00
curiosityseeker
901cd72199 Update kwin_wayland 2023-09-29 19:28:51 +01:00
curiosityseeker
4eaa560dd2 Update systemd-logind 2023-09-29 19:28:51 +01:00
curiosityseeker
45cfd7a145 Update kwin_wayland 2023-09-29 19:28:51 +01:00
curiosityseeker
4a62b3c46b Update systemd-logind 2023-09-29 19:28:51 +01:00
curiosityseeker
65d0513ebb Update kde-powerdevil 2023-09-29 19:28:51 +01:00
curiosityseeker
db71240aca Update xkbcomp 2023-09-29 19:28:51 +01:00
curiosityseeker
a0e8801f7c Update uname 2023-09-29 19:28:51 +01:00
curiosityseeker
2438497385 Update which 2023-09-29 19:28:51 +01:00
curiosityseeker
2ec1f7daa1 Update kwin_wayland 2023-09-29 19:28:51 +01:00
Alexandre Pujol
c8ee832c11
feat(profile): general update 2023-09-29 19:25:30 +01:00
Alexandre Pujol
24affe46f2
fix(abs): SSD Nvme devices pci path. 2023-09-18 19:08:07 +01:00
Alexandre Pujol
c12f089af3
fix(tunables): ensure pci devices are correctly catched. 
It is less restrictive, but is is guaranted to work.
 2023-09-17 21:58:30 +01:00
Alexandre Pujol
d3f05fb334
chore: cosmetic 2023-09-17 21:55:11 +01:00
Alexandre Pujol
2d76c6fc31
refractor(profiles): change variable stryle in thunderbird. 2023-09-15 22:03:51 +01:00
Alexandre Pujol
0713599eb4
feat(profiles): update vlc profile. 2023-09-15 22:02:45 +01:00
Alexandre Pujol
6a78b17d23
feat(profiles): general update. 2023-09-15 22:01:08 +01:00
Alexandre Pujol
f7d1931bdf
feat(dbus): improve dbus introspectable rules. 2023-09-15 18:14:39 +01:00
Alexandre Pujol
2d2693bd99
refractor(profiles): unify the name of the local variables. 2023-09-13 20:55:20 +01:00
Alexandre Pujol
57f914d7fd
feat(profiles): ensure some major program can launch from dbus-daemon-launch-helper 
See: #216
 2023-09-12 23:15:57 +01:00
Alexandre Pujol
6f8ad7ab81
fix: profile compilation. 2023-09-12 23:00:40 +01:00
Alexandre Pujol
6db83003c7
feat(profiles): general update. 2023-09-12 22:59:07 +01:00
Alexandre Pujol
6c397882ad
feat(dbus): update dbus rules. 2023-09-12 22:55:24 +01:00
Alexandre Pujol
600a71a6b1
refractor: move vlc profile. 2023-09-12 22:49:20 +01:00
Alexandre Pujol
9a8a919b6c
feat(kde): add baloorunner. 2023-09-11 21:33:19 +01:00
Jose Maldonado
9fec58db35
Fix access to /tmp folders for Firefox ESR in Debian (#215) 
Firefox ESR in Debian Stable require access to additional folders in
/tmp when use a configuration with multiple profiles.
 2023-09-11 16:51:01 +00:00
Jose Maldonado aka Yukiteru
4aaa9379a1 Update ignore and better defaults for mpv 
Add access to GPU ids (amdgpu) for hwaccel in mpv, and
better defaults for user_config.

Update gitnore and debian/control
 2023-09-11 10:03:51 +01:00
Alexandre Pujol
b9fb4b72d2
fix: minor profiles fixes. 2023-09-10 12:41:47 +01:00
Alexandre Pujol
e381aace56
feat(profiles): ensure child-open is available. 2023-09-10 12:10:14 +01:00
Alexandre Pujol
3147f7d59a
feat(snap): do not confine snap. 
Curently ignored because of some incompatibilities with snap-confine.

snap-confine is more important to confine than snap itself.
 2023-09-10 12:07:35 +01:00
curiosityseeker
aaed7a25da
Various updates (#209) 2023-09-10 10:59:26 +00:00
nobody43
5d7ce06a62 scratch that 2023-09-10 11:58:13 +01:00
nobody43
d414083113 Debian 12 Gnome DE 2023-09-10 11:58:13 +01:00
Jose Maldonado aka Yukiteru
0687c32df2 Add a Music Player Daemon profile 
This is a simple Music Player Daemon (mpd) profile. Tested in my
workstation (actually this is my setup for music) using Debian Stable.
 2023-09-10 11:00:27 +01:00
Jose Maldonado aka Yukiteru
43ade39bbd Fix access to /tmp/user/@{uid} in Debian Stable 
Firefox require access to /tmp/user/@{uid}/ for downloads in Firefox ESR
for actual Debian Stable (FirefoxESR-102.15.0esr-1-deb12u1)
 2023-09-10 11:00:27 +01:00
Alexandre Pujol
f008e9c6cf
feat: remove some useless or deprecated profiles 2023-09-07 17:59:29 +01:00
Alexandre Pujol
6b159fe918
feat: cleanup ignored profile list. 2023-09-07 17:58:47 +01:00
Alexandre Pujol
1fb2de0acd
feat(profiles): general update. 2023-09-05 23:36:46 +01:00
Alexandre Pujol
7b4979cc63
feat(profiles): update snap profiles. 2023-09-05 23:33:58 +01:00
Alexandre Pujol
245db40b2d
fix(abs): update pci path for disk acess. 2023-09-05 23:32:11 +01:00
Alexandre Pujol
19c1bcc2c7
fix(tunable): pci id are hex. 2023-09-05 23:23:06 +01:00
Alexandre Pujol
7c24dde028
feat(profile): rewrite profile for vscode (wip). 2023-09-05 19:15:01 +01:00
Alexandre Pujol
73ff7efe60
refractor(profile): merge swapon & swapoff 2023-09-05 19:09:11 +01:00
Alexandre Pujol
9a614a3502
feat(profiles): improve opensuse integration. 
See:  #208
 2023-09-05 16:53:50 +01:00
Alexandre Pujol
155ef6bef1
feat(profiles): general update. 2023-09-05 16:42:06 +01:00
Alexandre Pujol
1fb5475ad1
fix(profiles): compatibilty with some dist. 
See #191
 2023-09-05 16:36:20 +01:00
Alexandre Pujol
a3cacccd90
fix(profiles): ensure some profile do not break when sandboxed. 
See #191
 2023-09-05 16:34:22 +01:00
Alexandre Pujol
e169ea5ccf
fix(profiles): ensure entry points for snap work. 2023-09-05 13:59:37 +01:00
curiosityseeker
41525621aa
Various updates (#204) 2023-09-04 13:58:07 +00:00
glitsj16
090349bed2
xdg-user-dirs.d/apparmor.d: ftx typo (#207) 2023-09-04 08:58:29 +00:00
Alexandre Pujol
ad13a1a0c3
feat(profiles): remove profile for wget. 2023-09-03 20:28:31 +01:00
Alexandre Pujol
ca2469c470
feat(profiles): add aa-teardown 2023-09-03 20:27:32 +01:00
Alexandre Pujol
b2fa7bacb8
feat(profiles): general update. 2023-09-01 22:50:43 +01:00
Alexandre Pujol
0c151259d2
feat(profiles): update kde group. 2023-09-01 22:47:37 +01:00
Alexandre Pujol
aea0034fcc
chore: various cosmetic changes. 2023-09-01 19:26:52 +01:00
curiosityseeker
c2bb733624
Various updates (#201) 2023-09-01 18:09:45 +00:00
curiosityseeker
86b1ee4df2
Updating sddm, plasmashell, kwin_wayland, startplasma, kscreenlocker-greet and mesa and wayland abstractions (#200) 
* Update sddm

* Update plasmashell

* Update kwin_wayland

* Update kscreenlocker-greet

* Update startplasma

* Update complete

Needed by various applications, e.g. kwin_wayland.

* Mesa rules for sddm
 2023-08-30 18:48:25 +00:00
Alexandre Pujol
266db5d030
chore: cosmetic. 2023-08-27 15:50:51 +01:00
Alexandre Pujol
993d490a62
feat(profiles): add aa-complain. 2023-08-27 15:47:49 +01:00
Alexandre Pujol
a30d3dd415
feat(profiles): add element-desktop. 2023-08-27 15:42:30 +01:00
Alexandre Pujol
22e57b3620
feat(profiles): apply guideline on some profile. Update flags list. 2023-08-27 15:30:18 +01:00
Alexandre Pujol
7a5096e7d8
feat(profiles): add inital version of dolphin. 2023-08-27 15:24:54 +01:00
Alexandre Pujol
ad3e5a5dcf
feat(profiles): add protonmail-bridge. 2023-08-27 15:17:36 +01:00
Alexandre Pujol
8cfe2780d4
feat(profiles): rewrite the spotify profile. 2023-08-27 15:00:02 +01:00
Alexandre Pujol
b0eed1ae39
feat(profiles): add transmission-gtk 2023-08-27 14:59:02 +01:00
Alexandre Pujol
4d79af2203
feat(profiles): add gnome-extension-gsconnect 2023-08-27 14:57:50 +01:00
Alexandre Pujol
75ef5ef6ad
feat(profiles): general update. 2023-08-27 14:54:04 +01:00
Alexandre Pujol
19331acaa9
feat(profiles): improve dbus related rules. 2023-08-27 14:46:49 +01:00
Alexandre Pujol
2db6b12a9b
chore: cosmetic on snap profiles. 2023-08-27 14:42:13 +01:00
Alexandre Pujol
eb1c03949f
feat(abs): improve some abstraction. 2023-08-27 14:40:56 +01:00
Alexandre Pujol
ec3c5cd62e
feat(profiles): improve kde integration. 2023-08-27 14:32:08 +01:00
Alexandre Pujol
41e0ac6ba8
feat(profiles): rewrite dpkg profile. 2023-08-27 13:30:01 +01:00
curiosityseeker
7f4cef2fff
Kwin wayland, kwin wayland wrapper and sddm (#198) 
* Update kwin_wayland

Please check the udev rules and change them if needed - I'm not familiar with them.

* Update kwin_wayland_wrapper

* Update sddm

* Update kwin_wayland_wrapper

Reverting change for @{run}/user/@{uid}

* Update kwin_wayland: Correct udev rule

* Update kwin_wayland: adding the wayland abs

* Update sddm: reverting owner /tmo rules

* Update sddm: reverting /usr/share/X11/xkb rule

* Update sddm: adding the mesa abs

* Update kwin_wayland: order udev rules
 2023-08-27 11:19:13 +00:00
Alexandre Pujol
393f7001dc
fix(aa-log): profile template. 
See #182
 2023-08-26 11:32:56 +01:00
Alexandre Pujol
d80b758968
feat(abs): modernize disk-read/write abs. 2023-08-24 19:34:21 +01:00
Alexandre Pujol
25782cb925
feat(abs): devices-usb - remove unneeded udev rule. 2023-08-24 19:32:45 +01:00
Alexandre Pujol
07cfbcd952
feat(profiles): modernize udev access. 2023-08-24 19:31:54 +01:00
Alexandre Pujol
73cb5a4545
feat(profiles): add kwin_wayland. 2023-08-23 18:14:22 +01:00
curiosityseeker
80b2124807
kded5, plasmashell, startplasma and sddm updates (#197) 
* Update kded5

* Update startplasma

* Update plasmashell

* Update sddm
 2023-08-23 12:54:28 +00:00
Alexandre Pujol
96b8f96137
feat(profiles): general update. 2023-08-22 23:23:47 +01:00
Alexandre Pujol
261778dbb3
revertL dbus session unix address. 2023-08-22 18:54:39 +01:00
Alexandre Pujol
360230b2a5
feat(profiles): general update. 2023-08-21 23:32:10 +01:00
Alexandre Pujol
6756ca8138
fix(abs): gstreamer cache structure. 2023-08-21 23:27:35 +01:00
Alexandre Pujol
3c6898db5a
fix(tunables): pci devices path. 2023-08-21 23:27:00 +01:00
Alexandre Pujol
0ed036efd5
feat(firefox): minor firefox update. 2023-08-21 23:23:08 +01:00
Alexandre Pujol
5dbc42aaab
feat(abs): update some abstractions. 2023-08-21 23:21:14 +01:00
Alexandre Pujol
310f36f433
feat(tunables): some variables tweak definition. 2023-08-21 23:10:31 +01:00
Alexandre Pujol
5badb6f32c
feat(tunables): add a new @{rand10} variable. 2023-08-19 14:33:07 +01:00
Alexandre Pujol
5704d1ba20
feat(profiles): various profile fixes. 2023-08-19 14:01:50 +01:00
Alexandre Pujol
1dbced42ed
feat(tunables): add a new @{pci} variable. 2023-08-18 22:35:32 +01:00
Alexandre Pujol
275d6b6e62
feat(profiles): replace old [0-9]* glob by @{int} 
Beware some [0-9]* glob are actually not proper @{int}.
 2023-08-18 17:09:53 +01:00
Alexandre Pujol
8ea4491a56
fix(abs): some block device use more than int as identifier. 2023-08-18 15:24:22 +01:00
Alexandre Pujol
b2d093e125
feat(abs): restric abstraction by using new @{int} and @{rand} variables. 2023-08-17 21:24:02 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables 
* 'tunables' of https://github.com/nobody43/apparmor.d:
  dbus temp tails
  Update apparmor.d
  Update gdm-runtime-config
  more unrelated changes
  adjust date-time
  random tails
  rename to int, convert more profiles
  fixes
  tunables
 2023-08-17 20:01:53 +01:00
curiosityseeker
7b018a60bd
Update pacman (#193) 
* Update pacman

`@{exec_path} mr,` is causing the following errors:

```
ALLOWED pacman exec owner /usr/bin/pacman -> pacman//null-/usr/bin/pacman comm=bash requested_mask=x denied_mask=x
ALLOWED pacman//null-/usr/bin/pacman file_inherit owner /dev/pts/4 comm=pacman requested_mask=wr denied_mask=wr
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/bin/pacman comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/lib/ld-linux-x86-64.so.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r

etc.
```
`@{exec_path} mrix,`  fixes it. 

Commits for new profiles for `checkrebuild` and `pkgfile`  will follow.

* Fix pacman update

* Update apparmor.d/groups/pacman/pacman

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2023-08-17 18:49:56 +00:00
curiosityseeker
c2c745888c Update complete 
Move entries from child-open to this abstraction.
 2023-08-17 19:43:29 +01:00
curiosityseeker
2299eb00f6 Partially revert change in child-open 2023-08-17 19:43:29 +01:00
curiosityseeker
f2511210af Update complete 
Adding `kde-open`
 2023-08-17 19:43:29 +01:00
curiosityseeker
c409fe84d2 Create complete 
`child-open` includes the `xdg-open` abstraction which in turn includes the `kde-open5` abstraction which contains `/usr/bin/kde-open5 rix,` but NOT `/usr/bin/kde-open rix,`causing an error.
 2023-08-17 19:43:29 +01:00
curiosityseeker
9da2809695 Update child-open 
Adding gwenview and libreoffice
 2023-08-17 19:43:29 +01:00
curiosityseeker
6fc8cd3e60
Brave: adjust @{exec_path} (#161) 
The path in Ubuntu is:
/opt/brave.com/brave/brave

The path in Arch is:
/opt/brave-bin/brave

That's why Brave was not confined on Arch.
 2023-08-17 18:41:13 +00:00
ShellCode
cc8210a1bd
Fix xdg user dirs (#186) 
* Rename XDG_*_HOME to XDG_*_DIR for consistent naming

* tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override
 2023-08-17 18:28:10 +00:00
Alexandre Pujol
5ee31716ae
feat(profile): split evince profiles in multiple files. 2023-08-17 18:47:53 +01:00
Alexandre Pujol
f3ab8d2c71
refractor: rename some vscode related profile 2023-08-17 18:47:01 +01:00
Alexandre Pujol
3f8d559dcc
feat(profiles): add some thunderbird related profiles. 2023-08-17 18:45:10 +01:00
Alexandre Pujol
5d47dfba95
feat(profiles): general update. 2023-08-17 18:43:56 +01:00
Alexandre Pujol
f7b9ff959a
feat(profiles): rewrite the signal-desktop profile. 2023-08-17 18:37:36 +01:00
Alexandre Pujol
5911c43930
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  fix: signal-desktop (#195)
 2023-08-17 18:35:50 +01:00
Cyril Levis
b49bd32564
fix: signal-desktop (#195) 
issue: https://github.com/roddhjav/apparmor.d/issues/194
 2023-08-14 15:55:02 +00:00
Alexandre Pujol
1db6f5f67c
feat(profiles): improve ibus entry point. 2023-08-13 21:19:16 +01:00
Alexandre Pujol
09943156bc
feat(profiles): add multipath profiles 
See #134

Signed-off-by: @cboltz
 2023-08-13 20:06:08 +01:00
Alexandre Pujol
a2c35b07a5
fix: libvirtd profile. 2023-08-06 16:45:39 +02:00
Alexandre Pujol
03cf850666
feat(profile): support for diverse wayland compositors. 
See #165
 2023-08-06 16:31:49 +02:00
Alexandre Pujol
1cac6715db
feat(profiles): general update. 2023-08-06 16:30:38 +02:00
Alexandre Pujol
cdc10fdb31
feat(profiles): general update. 
See #134
 2023-08-06 16:06:17 +02:00
Alexandre Pujol
5938079dfd
fix: missing "startplasma-wayland" profile, but "sddm" tries to transition to it. 
#188
 2023-08-06 10:22:05 +02:00
curiosityseeker
4894d6a3c4
Adding /dev/tty[0-9]* and /dev/pts/[0-9]* to various profiles; update kded5 and reflector (#183) 
* Update update-mime-database

* Update btrfs

* Update update-grub

* Update pacman-hook-depmod

* Update pacman

* Update systemd-sysusers

* Update lscpu

* Update pacman-hook-systemd

* Update pacman-hook-perl

* Update pacman-hook-gtk

* Update needrestart-iucode-scan-versions

* Update reflector

* Update kded5
 2023-07-27 11:23:04 +00:00
ShellCode
0f9b7cb474
Fix #184 (#185) 
* Replace @{HOME}/.config with @{user_config_dirs}

* Replace @{HOME}/.cache with @{user_cache_dirs}

* Replace @{HOME}/.local/state with @{user_state_dirs}

* Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d

* Update docs/variables.md

* Replace @{HOME}/.local/share with @{user_share_dirs}

* Replace @{HOME}/.local/lib with @{user_lib_dirs}

* Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d"

This reverts commit 9525003098.
 2023-07-27 11:20:19 +00:00
curiosityseeker
714971911a
Update needrestart (#181) 2023-07-24 10:31:03 +00:00
Alexandre Pujol
2307c536b3
feat: add XDG_MAIL_DIR variable 2023-07-20 21:19:23 +01:00
Alexandre Pujol
9b4be2d2c4
feat(profiles): rewrite the thunderbird profile. 
Only thunderbird version 115+ is supported.
 2023-07-20 21:12:37 +01:00
Alexandre Pujol
a79f03f038
feat(kde): improve support for kde. 2023-07-20 21:10:19 +01:00
Alexandre Pujol
1424fb5493
feat(profiles): add iio-sensor-proxy 2023-07-20 21:09:18 +01:00
Alexandre Pujol
af1eda51bd
feat(profiles): general update. 2023-07-20 21:07:27 +01:00
Alexandre Pujol
a3d121fe23
feat(kde): improve support for support. 2023-07-20 21:04:22 +01:00
Alexandre Pujol
d2a650f6c6
feat(profiles): improve dbus integration. 2023-07-20 21:00:41 +01:00
Alexandre Pujol
2a4fa1e6de
refactor(profiles): move thunderbird and code profiles. 2023-07-20 20:54:36 +01:00
Alexandre Pujol
ce7209f2a1
feat(kde): improve kde integration (wip). 2023-07-18 22:30:01 +01:00
Alexandre Pujol
9c08b36182
feat(profiles): general update. 2023-07-18 22:28:30 +01:00
Alexandre Pujol
b4311dac65
fix(profiles): add missing firefox_config_dirs. 2023-07-12 22:01:28 +01:00
Alexandre Pujol
db35aa9249
feat(profiles): add firefox glxtest & vaapitest profiles. 2023-07-12 21:59:13 +01:00
Alexandre Pujol
0bf068d3f2
fix: add missing lib vars. 2023-07-09 15:15:20 +01:00
Alexandre Pujol
dab27a492d
feat(profiles): update dhcpcd. 2023-07-09 15:13:59 +01:00
Alexandre Pujol
1f75dc9956
build: update build for new bin & lib variables 2023-07-09 15:09:32 +01:00
Alexandre Pujol
2b2c42d23c
refactor(profiles): use @{bin} and @{lib} in profiles (7) 2023-07-09 14:59:53 +01:00
Alexandre Pujol
7c2c806ffa
refactor(profiles): use @{bin} and @{lib} in profiles (6) 2023-07-09 14:46:56 +01:00
Alexandre Pujol
fcedbbfd95
refactor(profiles): use @{bin} and @{lib} in profiles (5) 2023-07-09 14:34:42 +01:00
Alexandre Pujol
43b0f09b65
refactor(profiles): use @{bin} and @{lib} in profiles (4) 2023-07-09 14:23:22 +01:00
Alexandre Pujol
27daa7c9bb
refactor(profiles): use @{bin} and @{lib} in profiles (3) 2023-07-09 14:09:55 +01:00
Alexandre Pujol
2eed3b725f
refactor(profiles): use @{bin} and @{lib} in profiles (2) 2023-07-09 13:30:27 +01:00
Alexandre Pujol
bb71f49598
refactor(profiles): use @{bin} and @{lib} in profiles (1) 2023-07-09 13:20:25 +01:00
Alexandre Pujol
59469b57b4
feat(profiles): general update. 2023-07-09 12:30:09 +01:00
Alexandre Pujol
1a82f00d2f
feat(profiles): rewrite vscode profile. 2023-07-09 12:26:38 +01:00
Alexandre Pujol
6d7996a2fd
fix: allow thunderbird to be started by gnome. 
fix #175
 2023-07-08 12:58:58 +01:00
Alexandre Pujol
501d0afa35
feat(profiles): akonadi update. 2023-07-08 12:44:05 +01:00
Alexandre Pujol
7deac2c904
feat(profiles): add mutter-x11-frames. 2023-07-08 12:39:24 +01:00
Alexandre Pujol
6715564053
feat(profiles): general update. 2023-07-08 12:37:40 +01:00
Alexandre Pujol
62cb1d9b96
feat: improve firefox profile 
- New subprofile
- Restric udev/data
 2023-07-08 12:30:01 +01:00
Alexandre Pujol
2e69fa0a01
feat: remove unsuported profiles. 2023-07-08 12:28:47 +01:00
Alexandre Pujol
03753373a9
fix: discord entrypoint. 
fix  #174
 2023-07-08 12:28:07 +01:00
curiosityseeker
10bd4973c5
General update (#172) 
* Update akonadi_mailfilter_agent

* Update plasmashell

https://github.com/roddhjav/apparmor.d/discussions/168

Adding k, to the "targets" suggested by audit.log

* Update pacman
 2023-07-04 09:55:51 +00:00
Alexandre Pujol
69490ed262
feat: add @{lib} and @{bin} variable def. 2023-07-03 14:11:07 +01:00
Alexandre Pujol
11617131ce
feat(profiles): general update. 2023-07-03 14:09:25 +01:00
curiosityseeker
98e59e9336
Akonadi and plasmashell updates (#163) 
* Update plasmashell

* Update akonadi_akonotes_resource

* Update akonadi_archivemail_agent

* Update akonadi_birthdays_resource

* Update akonadi_contacts_resource

* Update akonadi_control

* Update akonadi_followupreminder_agent

* Update akonadi_ical_resource

* Update akonadi_indexing_agent

* Update akonadi_maildir_resource

* Update akonadi_maildispatcher_agent

* Update akonadi_mailfilter_agent

* Update akonadi_mailmerge_agent

* Update akonadi_migration_agent

* Update akonadi_newmailnotifier_agent

* Update akonadi_sendlater_agent

* Update akonadi_unifiedmailbox_agent

* Revert change

* Revert change

* Revert change

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change

* Revert change

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change

* Revert change

* Revert change

* Removing /usr/share/icons/{,**} again

* Adding the audio abstraction

* Adding the consoles abstraction

* plasmashell: adding back /dev/shm/ r, and /dev/ptmx rw,

* akonadi_mailfilter_agent: removing the user-tmp abstraction

I haven't been able to observe new related requests.

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2023-06-14 21:46:34 +00:00
Jeroen Rijken
96c79417cc Add vscodium & thunderbird 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
d0553ff4f7 Add apt-overlay 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
83bff808dc dpkg updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
a84f0b540c Add unix domain socket 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
5ccd92e12f General update 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
curiosityseeker
0a468caff2 Revert adding the user-tmp abstraction 2023-06-13 17:53:14 +01:00
curiosityseeker
a93c80fac0 Fix kde-powerdevil 
copy and paste error
 2023-06-13 17:53:14 +01:00
curiosityseeker
0bb8937cc2 Update mullvad-daemon 2023-06-13 17:53:14 +01:00
curiosityseeker
6227a51d86 Update kde-powerdevil 2023-06-13 17:53:14 +01:00
curiosityseeker
4deb8f135a Update mount 2023-06-13 17:53:14 +01:00
Alexandre Pujol
a98a86600a
feat(profiles): general update. 2023-06-13 17:15:37 +01:00
Alexandre Pujol
3c41453591
feat: better wayland client integration. 2023-05-27 23:54:53 +01:00
Alexandre Pujol
526dcc3252
feat(profiles): general update. 2023-05-07 20:34:00 +01:00
Vladimir Bauer
b740a1c3e6 allow k for user_publicshare_dirs 
ALLOWED libvirtd file_lock /home/vbauer/Public/archlinux/archlinux-2023.05.03-x86_64.iso comm=qemu-event requested_mask=k denied_mask=k class=file
ALLOWED libvirtd file_lock /home/vbauer/Public/archlinux/archlinux-2023.05.03-x86_64.iso comm=rpc-libvirtd requested_mask=k denied_mask=k class=file
 2023-05-06 19:01:07 +01:00
Alexandre Pujol
fe2edb31d8
feat(abs): qt5 - additional resource. 2023-04-30 21:50:53 +01:00
Alexandre Pujol
35ca2692c9
feat(kde): add more kde profiles. 2023-04-30 21:50:08 +01:00
Alexandre Pujol
ee10658d09
feat(kde): big kde profiles update. 2023-04-30 21:46:10 +01:00
Alexandre Pujol
57e995e4be
feat(apt): improve apt/dpkg integration with ubuntu. 2023-04-30 21:42:42 +01:00
Alexandre Pujol
b45987ee8c
feat(profiles): improve some profiles related to kde (with xorg). 2023-04-30 21:41:23 +01:00
Alexandre Pujol
c9ef8f55c4
feat(profiles): add firefox-kmozillahelper. 2023-04-30 21:38:59 +01:00
Alexandre Pujol
f086f71ba9
feat(firefox): distributions have many paths for ff. 2023-04-30 20:29:22 +01:00
Alexandre Pujol
a95da2e5b8
feat(abs): window_decorations is also needed in gtk abs. 2023-04-30 20:27:45 +01:00
Alexandre Pujol
a1236d583b
feat(kde): add fonts to akonadi & .xinitrc rPix 
See #134
 2023-04-30 14:59:47 +01:00
Alexandre Pujol
fd3e7ba820
fix( libvirtd): add missing resources. 
See #158
 2023-04-30 14:51:09 +01:00
Alexandre Pujol
697e196e42
feat(openvpn): improve integration accross profiles. 
See #157
 2023-04-30 14:49:44 +01:00
curiosityseeker
97a76b4872 Small addition for ...pulse/cookie 2023-04-30 14:26:21 +01:00
curiosityseeker
119c3a27fd More additions for plasmashell 2023-04-30 14:26:21 +01:00
curiosityseeker
570cd70df0 Update plasmashell 2023-04-30 14:26:21 +01:00
curiosityseeker
49b491b803 Update ksmserver 2023-04-30 14:25:22 +01:00
curiosityseeker
72227923c8 run-parts: 0anacron rPUx -> rix, and some other additions 
The rule
`/etc/cron.{hourly,daily,weekly,monthly}/0anacron            rPUx, `

causes the error:
`ALLOWED run-parts exec /etc/cron.hourly/0anacron info="no new privs" comm=run-parts requested_mask=x denied_mask=x class=file error=-1`
 2023-04-30 14:25:22 +01:00
curiosityseeker
2e4788c51e Update run-parts 
Correct include statement
 2023-04-28 17:20:31 +01:00
curiosityseeker
1cf1fc35e3 run-parts: include <nameservice-strict> 2023-04-28 17:20:31 +01:00
curiosityseeker
98badeb77d Update run-parts 2023-04-28 17:20:31 +01:00
curiosityseeker
0560bc18fb Update run-parts 2023-04-28 17:20:31 +01:00
Alexandre Pujol
1083520225
feat(kde): add initial version for more kde profles. 2023-04-27 22:27:16 +01:00
Alexandre Pujol
aca0501d10
feat(kde): update kde profiles. 2023-04-27 22:22:24 +01:00
Alexandre Pujol
ff2aae77b9
feat(kde): update akonadi profiles. 2023-04-27 22:20:46 +01:00
Alexandre Pujol
1e533ec656
feat(profiles): general update. 2023-04-26 18:39:23 +01:00
Alexandre Pujol
ba27ac1f12
fix(firefox): kmozillahelper path. 2023-04-25 23:20:14 +01:00
Alexandre Pujol
11506d5416
feat(abs): improve browser entry point handling. 2023-04-25 23:19:48 +01:00
Alexandre Pujol
e569f907e2
build: etc.d -> multiarch.d as debian does not have etc.d yet. 2023-04-25 21:47:01 +01:00
Alexandre Pujol
ef687d7149
feat(profiles): general update. 2023-04-24 18:58:58 +01:00
Alexandre Pujol
4523a61425
feat(abs): add floppy disk to disk abs. 2023-04-24 18:57:04 +01:00
Alexandre Pujol
7ddba7230d
feat(profiles): update kde integration. 
See #134
 2023-04-24 18:56:28 +01:00
Alexandre Pujol
52d49fa3ec
feat(profiles): update akonadi. 
See #134
 2023-04-24 18:53:36 +01:00
Alexandre Pujol
a4dd6d52cd
feat(profile): improve rootless container support 
See: #101
 2023-04-24 15:43:19 +01:00
Alexandre Pujol
9afb6b93ef
fix: lol 2023-04-24 15:37:23 +01:00