mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,746 Commits 7 Branches 0 Tags 14 MiB
b8fc5a96a5
Commit Graph

1746 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexandre Pujol
aa1553388b
feat(flatpak): add flatpak integration. 
- Add flatpak profile
- Add flatpak-bwrap subprofile: it manage the sandbox creation & has some larger access.
- Add flatpak-app, default profile for sandboxed app.

See Full system policy #252
 2023-11-26 23:19:09 +00:00
Alexandre Pujol
e41779f576
feat(full): add default bwrap profiles. 
On  full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application.
It is not enabled by default as the sandbox profile is quite large.

Also integrate with the gnome app that use bwrap as sandbox manager.

Update other related profiles

See Full system policy #252
 2023-11-26 23:12:35 +00:00
Alexandre Pujol
3da0ad2572
feat(full): add bwrap-app abstraction. 2023-11-26 23:08:02 +00:00
Alexandre Pujol
d8ff8c8cd6
feat(kde): add some kde profiles. 2023-11-26 23:07:02 +00:00
Alexandre Pujol
c2bc6f26ae
feat(profile): update kde profiles. 2023-11-26 23:05:01 +00:00
Alexandre Pujol
8250e202a0
feat(profile): general update. 2023-11-26 21:24:40 +00:00
Alexandre Pujol
4b61abf7ce
build: simplify full system policy generation. 2023-11-26 21:19:16 +00:00
Alexandre Pujol
cd1de59aad
feat(abs): improve audio abstraction. 2023-11-24 18:17:26 +00:00
Alexandre Pujol
ef1023156e
feat(profile): minor kde improvment on opensuse. 
see #208
 2023-11-23 11:19:38 +00:00
Alexandre Pujol
31bc5a6053
feat(profiles): general update. 2023-11-22 21:37:09 +00:00
Alexandre Pujol
a49d83993a
feat(profile): add snapd-apparmor 2023-11-22 20:58:05 +00:00
Alexandre Pujol
c62b45964d
feat(profile): add e2scrub_all. 2023-11-22 20:56:42 +00:00
Alexandre Pujol
17d187e93b
feat(profiles): ensure apparmor_parser works with snap. 2023-11-22 20:55:47 +00:00
Alexandre Pujol
e247a3949e
feat(systemd): add initial version of all missing generator. 2023-11-22 20:55:01 +00:00
Alexandre Pujol
0d124065b9
build: enforce the use on the default profile on full mode. 2023-11-22 20:52:25 +00:00
Alexandre Pujol
07acb8043b
feat(profiles): rename all systemd generator. 2023-11-22 20:51:10 +00:00
Alexandre Pujol
ba1cad7f73
feat(profile): improve child-open. 2023-11-22 20:12:59 +00:00
Alexandre Pujol
9ab0745e2d
feat(full): add default fallback profile. 
See #252
 2023-11-22 20:12:20 +00:00
Alexandre Pujol
da51cdba64
feat(profiles): improve freedesktop profiles. 2023-11-22 20:07:31 +00:00
Alexandre Pujol
6c6646e1f6
feat(profiles): minor kde additions. 2023-11-22 20:06:39 +00:00
Alexandre Pujol
ae99433595
feat(full): simplify the service profiles. 2023-11-22 20:04:17 +00:00
Alexandre Pujol
04513af863
feat: cleanup child-systemctl 2023-11-22 18:43:43 +00:00
Alexandre Pujol
23be43ebd0
feat(full): improve how systemd handle services 2023-11-22 18:42:23 +00:00
Alexandre Pujol
f2ef493ca7
build: full system for whonix. 2023-11-22 18:16:03 +00:00
Alexandre Pujol
7909bb1948
fix(build): tunable path. 2023-11-19 23:21:50 +00:00
Alexandre Pujol
e84750453c
fix: dpkg build. 2023-11-19 23:04:43 +00:00
Alexandre Pujol
157798e93c
tests(packer): improve debian vm. 2023-11-19 21:48:38 +00:00
Alexandre Pujol
908aba0385
feat(profiles): add some ubuntu specific profiles. 2023-11-19 21:42:31 +00:00
Alexandre Pujol
e29e839c62
feat(profiles): update apt related profiles. 2023-11-19 21:40:12 +00:00
Alexandre Pujol
07e7810d15
feat(full): add some services profile. 2023-11-19 21:39:36 +00:00
Alexandre Pujol
dd767f13c0
chore: update flags list. 2023-11-19 21:39:04 +00:00
Alexandre Pujol
f43f950c90
feat(full): improve systemd-user profile. 2023-11-19 21:35:53 +00:00
Alexandre Pujol
59140f5411
feat(full): improve systemd profile. 
See https://apparmor.pujol.io/development/structure/#full-system-policy
 2023-11-19 21:31:57 +00:00
Alexandre Pujol
d64ef39bd1
build: minor fixes. 2023-11-19 21:04:58 +00:00
Alexandre Pujol
8686cc458f
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249)
 2023-11-19 20:54:34 +00:00
monsieuremre
83a2a1cbf9
Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249) 
* full-policy

* change path

* change

* big fix

* Delete apparmor.d/groups/_full/systemd

* Update and rename full-policy to systemd
 2023-11-19 20:54:09 +00:00
Alexandre Pujol
3aa07e4d64
tests(packer): add arch-server and ubuntu 24.04 images. 2023-11-19 16:09:25 +00:00
Alexandre Pujol
f0cdadbdaf
feat(abs): improve mesa abstraction. 2023-11-19 15:39:02 +00:00
Alexandre Pujol
1b48e419f4
build(suse): add systemd-userdbd drop in file. 2023-11-19 15:38:36 +00:00
Alexandre Pujol
185187b608
doc: rewrite full system policy section. 2023-11-19 14:49:08 +00:00
Alexandre Pujol
edab2be894
doc: add nnp section. 2023-11-19 14:48:25 +00:00
Alexandre Pujol
9e04743156
build: do not use rsync to synchronise file anymore. 2023-11-19 14:47:55 +00:00
Alexandre Pujol
5eb120cdbb
build: new system origin path. 2023-11-19 14:34:42 +00:00
Alexandre Pujol
96ea9d17ae
feat(full): disable nnp flag on some services. 2023-11-19 14:32:57 +00:00
Alexandre Pujol
f564347580
refractor: move default systemd drop in files. 2023-11-19 14:20:14 +00:00
Alexandre Pujol
d1c8471b1d
fix: rule compilation. 2023-11-19 11:39:24 +00:00
Alexandre Pujol
88555a12d0
feat(profiles): add initial userns rule. 
Require apparmor 4 to be enabled.
 2023-11-19 11:19:24 +00:00
Alexandre Pujol
6dc990ac02
feat(full): set systemd profile name on build time. 2023-11-19 11:14:31 +00:00
Alexandre Pujol
2143fb03af
feat(full): add new systemd variable. 2023-11-19 11:13:40 +00:00
Alexandre Pujol
b79a1fcd31
feat(profile): general update. 
Also include some preparation for the systemd profile.
 2023-11-19 11:08:35 +00:00