mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,260 Commits 7 Branches 0 Tags 14 MiB
9c0f4dd6a7
Commit Graph

2260 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexandre Pujol
9c0f4dd6a7
fix(aa-log): grep journal logs over apparmor instead of AVC for wider compatibility. 2024-05-03 12:34:08 +01:00
Alexandre Pujol
dfdf50a3d3
fix(build): add msedge to the overwritten list. 2024-05-03 12:32:22 +01:00
Alexandre Pujol
3a90d82a1e
feat: remove the deprecated ucf profile. 2024-05-02 22:27:00 +01:00
Alexandre Pujol
3f69b9fec4
feat(profile): use the new @{tmp} variable. 
It is only used with the owner statement.
 2024-05-02 22:12:02 +01:00
Alexandre Pujol
0bbbe71422
feat(tunable): add the new @{tmp} variable 
Mostly used to handle libpam-tmpdir. See #318 #320
 2024-05-02 21:42:33 +01:00
Alexandre Pujol
511ba6c6a9
feat(aa-log): filter journactl log 2024-05-01 18:25:11 +01:00
Alexandre Pujol
db87c56f37
feat(profile): general update. 2024-05-01 14:22:42 +01:00
Alexandre Pujol
4d9ea026c7
feat(abs): add the fish shell abstraction. 2024-05-01 13:49:51 +01:00
Alexandre Pujol
12c4ab122b
feat(profile): add gnome-firmware. 2024-05-01 12:32:31 +01:00
Alexandre Pujol
e1e96d90dc
feat(profile): add gnome-maps. 2024-05-01 12:30:14 +01:00
Alexandre Pujol
8c84d74fe6
feat(profile): add gnome-weather. 2024-05-01 12:29:48 +01:00
Alexandre Pujol
0787ef9906
feat(profile): add sync. 2024-05-01 12:26:09 +01:00
Alexandre Pujol
19c192685d
feat(profile): add uuidgen. 2024-05-01 12:25:42 +01:00
Alexandre Pujol
01dd9ebb0c
feat(profile): general update. 2024-05-01 12:25:01 +01:00
Alexandre Pujol
a1d6d318cc
feat(profile): tweak the new msedge profiles a bit. 2024-05-01 12:11:43 +01:00
Jose Maldonado aka Yukiteru
fd590e9199 Fix exec_path in profiles for Edge and copyright headers 2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru
0a941e7d87 Fix for access video devices and opensc in Chromium profile 
This commit fix two issues for abstractions/app/chromium

1.- Access to /dev/video (not merged in last commit)
2.- Access to /etc/opensc/opensc.conf in Debian (and derivates)
 2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru
d0ea5f50a3 New profile for Microsoft Edge and better support in abstractions/app/chromium 
This commit add new profile for Microsoft Edge browser and variants (beta,dev).
The new profile is based in actual chrome profile. Tested with actual Edge, in
Debian Stable and enforced rules. All ok using GPU Rasterization and Vulkan, not
HWAccel for encoding video because this is very unstable yet in all Chromium based
browsers.

Add support for libpam-tmpdir for abstractions/app/chromium and all browser using
this absctractions (Chrome, Chromium, Edge, and others). This fix access and use
of browser with libpam-tmpdir installed (Debian and Whonix)

Fix a denied access to RADV user cache (Vulkan-amdgpu) in abstractions/app/chromium
(Vulkan is optional in Chromium-based browser, but the backend is
perfectly usable now).
 2024-05-01 11:40:32 +01:00
Alexandre Pujol
065f2233ac
feat(abs): ensure pam-tmpdir-helper is allowed in the auth abs for all distribution. 2024-04-29 11:58:55 +01:00
Alexandre Pujol
af4ee0df00
fix(ci): build tests. 2024-04-28 17:50:07 +01:00
Alexandre Pujol
d2523a434a
doc: update supported DE. 2024-04-28 17:47:07 +01:00
Alexandre Pujol
608b599caf
doc: add a note on debian based install. 2024-04-28 17:34:38 +01:00
Alexandre Pujol
aa94ce1740
build: ensure KDE Neon is in the supported dist list. 
See #312
 2024-04-28 17:17:29 +01:00
Alexandre Pujol
c7fb47e97a
build: remove directive text not applied on build. 2024-04-28 14:22:00 +01:00
Alexandre Pujol
2aa8986a21
feat(profile): update gvfsd-recent. 2024-04-28 13:57:27 +01:00
Alexandre Pujol
454daa9602
feat(profile): restrict torbrowser. 2024-04-28 13:53:25 +01:00
Alexandre Pujol
a63201486b
feat(profile): update flatpak profiles stack. 2024-04-28 13:51:57 +01:00
Alexandre Pujol
65d0cfafe4
feat(profile): general update. 2024-04-28 13:50:48 +01:00
Alexandre Pujol
e44b0613c7
build: ensure compatibility with ubuntu 24.04 2024-04-28 13:33:07 +01:00
Alexandre Pujol
f2c45d7507
ci: exclude paths lib from the tests. 2024-04-28 12:23:47 +01:00
Alexandre Pujol
d1fb9574cb
feat(aa-log): speed up log generation. 2024-04-28 12:06:40 +01:00
Jose Maldonado
b4e5837bb9
Fix access to /tmp using libpam-tmpdir in Debian (#318) 
In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR
for PAM sessions are affected by much stronger rules and permissions,
providing additional security to the environment.

Those rules for the directory

/tmp/user/@{uid}/<affected_program>

In the case of qBitorrent this applies to the following directory:

/tmp/user/@{uid}/.qBitorrent

This PR fixes the bug and allows qBittorrent to work correctly
under these conditions.

Note: This PR would also have positive effects on Whonix, which uses
libpam-tmpdir according to this link
(https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)
 2024-04-28 10:27:39 +00:00
Alexandre Pujol
fc64028097
chore(lint): do not lint the path helper lib. 2024-04-28 00:48:17 +01:00
Alexandre Pujol
00f6d88cb8
fix: add missings paths import. 2024-04-28 00:44:23 +01:00
Alexandre Pujol
ac8eec933b
fix: keep go 1.21. 2024-04-28 00:39:24 +01:00
Alexandre Pujol
cbddd56f39
chore: update go sum. 2024-04-28 00:37:07 +01:00
Alexandre Pujol
926e146dad
chore: use internal paths lib. 2024-04-28 00:36:16 +01:00
Alexandre Pujol
f66789d381
chore: include build dep go-paths-helper. 
See #305
 2024-04-28 00:30:59 +01:00
Alexandre Pujol
0cd0262bed
chore: update go mod deps. 2024-04-28 00:04:42 +01:00
Jose Maldonado aka Yukiteru
2f3d55e924 Fix out-of-scope in abstractions/video and bad use abstraction in chromium 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
d88e88767e Fix minitube profile for support Qt5CT and Qt6CT 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
df52a5aa50 Fix support for Qt5CT and Qt6CT in profiles-s-z 
This fix the next apps/binaries

*smplayer
*smtube
*strawberry
*thunderbird
*transmission-qt
*usbguard-applet-qt
*vidcutter
*vlc
*wpa-gui
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ed52e44cd Fix support for Qt5CT and Qt6CT in profiles-m-r 
This fix the next apps/binaries

*megasync
*merkaator
*mkvtoolnix-gui
*pinentry-qt
*psi
*psi-plus
*qnapi
*qpdfview
*qtox
*quiterss
*rpi-imager
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
917a754206 Fix suppport for Qt5CT and Qt6CT in profiles-g-l 
This fix support for this profiles

*kanyremote
*keepassxc
*linssid
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
5c35b1d69c Fix profiles for support Qt5CT and Qt6CT 
This fix the next profiles

*Birdtray
*Convertall
*Fritzing
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
72784f4cbc Fix support for Qt5CT and Qt6CT in kde groups profiles 
This fix support in this apps/binaries

*kio_http
*kiod
*kscreenlocker
*kwalletd
*kwalletmanager
*kwin_wayland
*sddm-greeter
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
7ba5adc6f2 Fix qt5ct and qt6ct support in freedesktop group profiles 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
35f947aaa9 Fix Calibre group profile 
Forgotten qt5ct line in Calibre group profile.
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
d26b86c5d7 Fix support for Qt5 and Qt5 in apps groups 
This changes fix access to qt5ct and qt6ct for:

*Calibre
*Flameshot
*Telegram
 2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru
004572349d Fix support for Qt5 and Qt6 in Akonadi group 2024-04-27 23:51:48 +01:00