Commit graph

263 commits

Author SHA1 Message Date
Alexandre Pujol
1df176cf7b
feat: small update and minor fixes. 2024-03-05 18:29:44 +00:00
Alexandre Pujol
06abeac2ee
feat(profile): general update. 2024-02-29 21:45:42 +00:00
Alexandre Pujol
ae9f7e7442
build: add initial build support for ubuntu 24.04 2024-02-28 17:35:14 +00:00
Alexandre Pujol
c900bd873b
build: update & cleanup flags files. 2024-02-28 15:41:29 +00:00
Alexandre Pujol
2cd14aa6bb
chore: add missing and update copyright year. 2024-02-07 00:16:21 +01:00
Alexandre Pujol
952f74b7c4
build: unix-chkpwd has been upstreamed in opensure. 2024-02-01 18:42:24 +00:00
Alexandre Pujol
4234c54f52
feat(profile): add keyboxd. 2024-01-27 19:43:12 +00:00
Alexandre Pujol
72ade58c98
feat(profile): add dbus-broker. 2024-01-27 19:39:54 +00:00
Alexandre Pujol
9a65da3605
feat(profile): apply profile guideline on secure-time-sync. 2024-01-24 21:03:49 +00:00
Alexandre Pujol
8f825473c6
feat(profile): apply profile guideline on sing-box. 2024-01-24 20:58:23 +00:00
Alexandre Pujol
46cb726834
feat(profile): add dbus-broker-launch. 2024-01-21 13:27:19 +00:00
Alexandre Pujol
243e4efb09
build: cleanup flags definition. 2024-01-21 11:57:26 +00:00
Alexandre Pujol
d2fc3c3325
fix(profile): merge flatpak-bwrap & flatpak-app.
See #264
2023-12-15 18:07:18 +00:00
Alexandre Pujol
b8fc5a96a5
fix(ci): my bad. 2023-12-10 15:48:32 +00:00
Alexandre Pujol
d2078fcb3a
feat(profile): general update. 2023-12-10 15:27:44 +00:00
Alexandre Pujol
41a7cb0f5c
fix: build deb in container. 2023-12-10 14:36:29 +00:00
Alexandre Pujol
5e93de2ec2
build: add support for whonix in docker script. 2023-12-10 13:23:11 +00:00
Alexandre Pujol
bc0e0c79bc
build: better whonix build. 2023-12-09 16:17:05 +00:00
Alexandre Pujol
386402ed70
feat(profile): add some new profiles. 2023-12-09 11:39:10 +00:00
Alexandre Pujol
a9c864fe60
feat(profile): initial support for whonix. 2023-12-09 11:25:38 +00:00
Alexandre Pujol
d81bce5559
feat(profile): general update. 2023-12-08 18:01:39 +00:00
Alexandre Pujol
0568ef0d45
feat(profile): add structure for some cups profile.
They are empty, and forced into complain mode.
2023-12-06 20:06:49 +00:00
Alexandre Pujol
c0bab81e45
feat(profile): add some network deps profile. 2023-12-06 20:03:28 +00:00
Alexandre Pujol
5af4d3c921
fix(profiles): modernise plank & kstart
- Still wip profile
- Should enable additional DE to boot
2023-11-29 22:29:41 +00:00
Alexandre Pujol
fade97486d
feat(profile): add udev child & low-memory profiles. 2023-11-27 19:32:50 +00:00
Alexandre Pujol
cdfa76924b
feat(profile): add dleyna profiles. 2023-11-27 19:27:44 +00:00
Alexandre Pujol
4c689dbad9
feat(profile): add gdm init profiles. 2023-11-27 19:25:34 +00:00
Alexandre Pujol
b8c2380da4
feat(profile): add epiphany providers. 2023-11-27 19:23:35 +00:00
Alexandre Pujol
aa1553388b
feat(flatpak): add flatpak integration.
- Add flatpak profile
- Add flatpak-bwrap subprofile: it manage the sandbox creation & has some larger access.
- Add flatpak-app, default profile for sandboxed app.

See Full system policy #252
2023-11-26 23:19:09 +00:00
Alexandre Pujol
e41779f576
feat(full): add default bwrap profiles.
On  full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application.
It is not enabled by default as the sandbox profile is quite large.

Also integrate with the gnome app that use bwrap as sandbox manager.

Update other related profiles

See Full system policy #252
2023-11-26 23:12:35 +00:00
Alexandre Pujol
d8ff8c8cd6
feat(kde): add some kde profiles. 2023-11-26 23:07:02 +00:00
Alexandre Pujol
a49d83993a
feat(profile): add snapd-apparmor 2023-11-22 20:58:05 +00:00
Alexandre Pujol
07acb8043b
feat(profiles): rename all systemd generator. 2023-11-22 20:51:10 +00:00
Alexandre Pujol
9ab0745e2d
feat(full): add default fallback profile.
See #252
2023-11-22 20:12:20 +00:00
Alexandre Pujol
23be43ebd0
feat(full): improve how systemd handle services 2023-11-22 18:42:23 +00:00
Alexandre Pujol
e84750453c
fix: dpkg build. 2023-11-19 23:04:43 +00:00
Alexandre Pujol
908aba0385
feat(profiles): add some ubuntu specific profiles. 2023-11-19 21:42:31 +00:00
Alexandre Pujol
dd767f13c0
chore: update flags list. 2023-11-19 21:39:04 +00:00
Alexandre Pujol
59140f5411
feat(full): improve systemd profile.
See https://apparmor.pujol.io/development/structure/#full-system-policy
2023-11-19 21:31:57 +00:00
Alexandre Pujol
d64ef39bd1
build: minor fixes. 2023-11-19 21:04:58 +00:00
Alexandre Pujol
1b48e419f4
build(suse): add systemd-userdbd drop in file. 2023-11-19 15:38:36 +00:00
Alexandre Pujol
9e04743156
build: do not use rsync to synchronise file anymore. 2023-11-19 14:47:55 +00:00
Alexandre Pujol
a66debd2fb
build(dpkg): ignore libvirt profiles. 2023-11-13 22:22:40 +00:00
Alexandre Pujol
5760c0129c
build: add ignore file for whonix. 2023-11-09 20:53:30 +00:00
Alexandre Pujol
3ab5046d5d
build: ignore non suse profiles on other dists. 2023-11-09 20:53:03 +00:00
Alexandre Pujol
18da36238e
build: add some flags definition. 2023-11-09 20:51:34 +00:00
Alexandre Pujol
84ecf85c0b
feat(profiles): add dell cctk. 2023-10-26 22:40:21 +01:00
Alexandre Pujol
cdf601ca5c
build: minor improvements. 2023-10-21 21:51:23 +01:00
Alexandre Pujol
4276ede03c
feat(profile): rewrite update-ca-certificates. 2023-10-20 23:43:36 +01:00
Alexandre Pujol
958cc671b2
build: ignore chronyd profile on apt dist. 2023-10-08 13:57:23 +01:00
Alexandre Pujol
92bfdfa64a
build: do not install the man profile as it is provided by apparmor itself. 2023-10-01 14:27:48 +01:00
Alexandre Pujol
b122d9424f
feat(profiles): enforce some stable profiles. 2023-10-01 13:20:59 +01:00
Alexandre Pujol
ab0ee1a317
feat(profiles): add initial version of passim passimd. 2023-10-01 13:10:17 +01:00
Alexandre Pujol
2aace6bccb
feat(profile): improve kde integration. 2023-09-29 19:33:09 +01:00
Alexandre Pujol
4047921300
fix(build): update backport repo. 2023-09-20 23:08:17 +01:00
Alexandre Pujol
1eda792122
chore: cosmetic. 2023-09-20 19:01:52 +01:00
Alexandre Pujol
b34356ca03
build(rpm): add apparmor-profiles as deps. 2023-09-19 20:37:07 +01:00
Alexandre Pujol
cd48bb5ba0
fix(rpm): remove unused config dir. 2023-09-19 20:22:33 +01:00
Alexandre Pujol
55d46631da
ci: add rpm pkg build. 2023-09-19 20:16:55 +01:00
Alexandre Pujol
0797debd1d
build: add rpm packaging files. 2023-09-19 19:04:12 +01:00
Alexandre Pujol
975f7e0d6d
refractort: dists/build -> dists/docker 2023-09-18 17:26:28 +01:00
Alexandre Pujol
9a8a919b6c
feat(kde): add baloorunner. 2023-09-11 21:33:19 +01:00
Alexandre Pujol
b9fb4b72d2
fix: minor profiles fixes. 2023-09-10 12:41:47 +01:00
curiosityseeker
aaed7a25da
Various updates (#209) 2023-09-10 10:59:26 +00:00
nobody43
03384ab0d0 flags 2023-09-10 11:58:13 +01:00
Alexandre Pujol
6b159fe918
feat: cleanup ignored profile list. 2023-09-07 17:58:47 +01:00
Alexandre Pujol
7c24dde028
feat(profile): rewrite profile for vscode (wip). 2023-09-05 19:15:01 +01:00
curiosityseeker
41525621aa
Various updates (#204) 2023-09-04 13:58:07 +00:00
Alexandre Pujol
aea0034fcc
chore: various cosmetic changes. 2023-09-01 19:26:52 +01:00
Alexandre Pujol
a30d3dd415
feat(profiles): add element-desktop. 2023-08-27 15:42:30 +01:00
Alexandre Pujol
28af1fd642
chore: cleanup flags file. 2023-08-27 15:35:01 +01:00
Alexandre Pujol
22e57b3620
feat(profiles): apply guideline on some profile. Update flags list. 2023-08-27 15:30:18 +01:00
Alexandre Pujol
7a5096e7d8
feat(profiles): add inital version of dolphin. 2023-08-27 15:24:54 +01:00
Alexandre Pujol
ad3e5a5dcf
feat(profiles): add protonmail-bridge. 2023-08-27 15:17:36 +01:00
Alexandre Pujol
8cfe2780d4
feat(profiles): rewrite the spotify profile. 2023-08-27 15:00:02 +01:00
Alexandre Pujol
b0eed1ae39
feat(profiles): add transmission-gtk 2023-08-27 14:59:02 +01:00
Alexandre Pujol
4d79af2203
feat(profiles): add gnome-extension-gsconnect 2023-08-27 14:57:50 +01:00
Alexandre Pujol
5704d1ba20
feat(profiles): various profile fixes. 2023-08-19 14:01:50 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables
* 'tunables' of https://github.com/nobody43/apparmor.d:
  dbus temp tails
  Update apparmor.d
  Update gdm-runtime-config
  more unrelated changes
  adjust date-time
  random tails
  rename to int, convert more profiles
  fixes
  tunables
2023-08-17 20:01:53 +01:00
Alexandre Pujol
555b53192c
fix: ensure some required flags are set. 2023-08-17 18:45:41 +01:00
Alexandre Pujol
3f8d559dcc
feat(profiles): add some thunderbird related profiles. 2023-08-17 18:45:10 +01:00
Alexandre Pujol
09943156bc
feat(profiles): add multipath profiles
See #134

Signed-off-by: @cboltz
2023-08-13 20:06:08 +01:00
ShellCode
0f9b7cb474
Fix #184 (#185)
* Replace @{HOME}/.config with @{user_config_dirs}

* Replace @{HOME}/.cache with @{user_cache_dirs}

* Replace @{HOME}/.local/state with @{user_state_dirs}

* Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d

* Update docs/variables.md

* Replace @{HOME}/.local/share with @{user_share_dirs}

* Replace @{HOME}/.local/lib with @{user_lib_dirs}

* Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d"

This reverts commit 9525003098.
2023-07-27 11:20:19 +00:00
Alexandre Pujol
015db89b4d
fix: do not install code-wrapper profile yet. 2023-07-23 16:22:42 +01:00
Alexandre Pujol
e5ed57c041
fix: ensure flags for plasmashell. 2023-07-20 21:17:47 +01:00
Alexandre Pujol
1424fb5493
feat(profiles): add iio-sensor-proxy 2023-07-20 21:09:18 +01:00
Alexandre Pujol
33a9b062ff
refactor(profiles): do not enable vs code yet. 2023-07-20 20:56:48 +01:00
Alexandre Pujol
db35aa9249
feat(profiles): add firefox glxtest & vaapitest profiles. 2023-07-12 21:59:13 +01:00
Alexandre Pujol
59469b57b4
feat(profiles): general update. 2023-07-09 12:30:09 +01:00
Alexandre Pujol
7deac2c904
feat(profiles): add mutter-x11-frames. 2023-07-08 12:39:24 +01:00
Alexandre Pujol
6715564053
feat(profiles): general update. 2023-07-08 12:37:40 +01:00
Alexandre Pujol
a1946aa171
feat: support for debian 12, drop support for debian 11. 2023-06-18 11:44:56 +01:00
Alexandre Pujol
d4d1b949cd
fix: ensure mount has the disconnected flag.
See #170
2023-06-14 22:31:00 +01:00
Alexandre Pujol
35ca2692c9
feat(kde): add more kde profiles. 2023-04-30 21:50:08 +01:00
Alexandre Pujol
ee10658d09
feat(kde): big kde profiles update. 2023-04-30 21:46:10 +01:00
Alexandre Pujol
c9ef8f55c4
feat(profiles): add firefox-kmozillahelper. 2023-04-30 21:38:59 +01:00
Alexandre Pujol
30e623d73c
fix(profiles): ensure some flags on some profiles. 2023-04-30 15:00:55 +01:00
Alexandre Pujol
1083520225
feat(kde): add initial version for more kde profles. 2023-04-27 22:27:16 +01:00
Alexandre Pujol
e569f907e2
build: etc.d -> multiarch.d as debian does not have etc.d yet. 2023-04-25 21:47:01 +01:00
Alexandre Pujol
7ddba7230d
feat(profiles): update kde integration.
See #134
2023-04-24 18:56:28 +01:00