mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,354 Commits 7 Branches 0 Tags 14 MiB
d12db8a8dc
Commit Graph

2354 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
fira959
d12db8a8dc
Minor improvements (#336) 
* Update audio-client

* Update mpv

* Update mutt

add common mail dir

* Update apparmor.d

* Update mutt

* Update mutt

* Update mutt

* Update mutt

* Update mutt
 2024-05-30 17:51:57 +00:00
curiosityseeker
adccd0066a
Fix typo in @{text_edirors} (#338) 
* Fix typo in multiarch.d/programs

* Fix typo in multirach.d/paths

* Fix typo in abstractions/app-open
 2024-05-29 20:41:23 +00:00
curiosityseeker
94d9570230
Firefox: using stacking for glxtest and vaapitest (#337) 
The current implementation results in the following errors for the Firefox profile:

 @{lib}/firefox/glxtest rix -> firefox-glxtest,  # no new privs

@{lib}/firefox/vaapitest rix -> firefox-vaapitest,   # no new privs

Using stacking as suggested on https://apparmor.pujol.io/development/structure/#no-new-privileges gets rid of these errors.
 2024-05-29 20:41:01 +00:00
Alexandre Pujol
c785b41451
feat(profile): general update. 2024-05-18 22:35:05 +01:00
Alexandre Pujol
7d1380530a
feat(profile): update steam profiles. 
- Still a wip stage
- Not shipped by default
 2024-05-18 15:02:20 +01:00
Alexandre Pujol
5e6af16580
feat(profile): small improvment on systemd profiles. 2024-05-18 13:09:25 +01:00
Alexandre Pujol
17bfd0e869
build: update flags manifest. 2024-05-18 12:10:29 +01:00
fira959
d40812ec2f
Profile fixes (#334) 
* Update discord

fix path

* Update signal-desktop-chrome-sandbox

* Update signal-desktop
 2024-05-17 11:44:15 +00:00
doublez13
9349baaff4 vipw-vigr: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
ce329175da pass: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
a291ce373a git: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
192d227c50 crontab: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
98ea2fa47b apt: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
4256e11492 editor abstraction: minor additions 
Add any one-off rules covered in the other editor profiles before converting those to the abstraction.
 2024-05-16 15:44:29 +01:00
fira959
f86b305a66
Update discord profile (#332) 
---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2024-05-16 10:33:24 +00:00
Alexandre Pujol
41b814675b
fix: syntax error. 2024-05-15 23:53:17 +01:00
Alexandre Pujol
58e458f4ab
feat(profile): add the app/firefox abstraction. 2024-05-15 23:13:23 +01:00
Alexandre Pujol
f5ac8cd4a1
feat(profile): improve dbus rule in chromium based profiles. 2024-05-15 23:07:05 +01:00
Alexandre Pujol
ad960d477b
feat(profile): replace former regex by the new @{user} variable. 2024-05-15 17:22:20 +01:00
Alexandre Pujol
407c71b133
feat(profile): modernize a few app profiles. 2024-05-15 14:50:50 +01:00
fira959
acd6a9794d
Update signal-desktop (#331) 
* Update signal-desktop

* Update signal-desktop-chrome-sandbox

* Update signal-desktop

* Update apparmor.d/groups/apps/signal-desktop

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

* Update signal-desktop

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2024-05-14 21:54:31 +00:00
Alexandre Pujol
855f25da9b
feat(tunable): add hex38. 2024-05-14 12:55:57 +01:00
Alexandre Pujol
7b25ed1913
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Task: Update abstraction path
  Mutt: Update abstraction path
  Update and move abstractions/editor to abstractions/app/editor
  Task: Use editor abstraction
  Mutt: Use editor abstraction
  Create editor abstraction
 2024-05-13 20:37:12 +01:00
Alexandre Pujol
00fd9ddec1
feat(profile): add iceauth 2024-05-13 20:36:46 +01:00
Alexandre Pujol
8f102dea0a
feat(profile): general update. 2024-05-13 20:35:11 +01:00
doublez13
8594700f9a Task: Update abstraction path 2024-05-12 17:34:33 +01:00
doublez13
533bff8583 Mutt: Update abstraction path 2024-05-12 17:34:33 +01:00
doublez13
479d04abac Update and move abstractions/editor to abstractions/app/editor 2024-05-12 17:34:33 +01:00
doublez13
eb32db16c6 Task: Use editor abstraction 2024-05-12 17:34:33 +01:00
doublez13
769b4a7cec Mutt: Use editor abstraction 2024-05-12 17:34:33 +01:00
doublez13
e38f2ac721 Create editor abstraction 
I'm counting seven profiles that have a child profile named "editor" that all include roughly the same boiler plate policies. Let's abstract it out.
 2024-05-12 17:34:33 +01:00
Alexandre Pujol
1739c07ca1
feat(profile): general update. 2024-05-11 17:38:43 +01:00
Alexandre Pujol
533b7ac937
feat(profile): update steam internal 
This is still a wip stage and the profile is not installed by default.
 2024-05-11 17:28:44 +01:00
Alexandre Pujol
aa0386253c
test: remove useless unit test. 2024-05-11 13:25:24 +01:00
Alexandre Pujol
14cac43c6c
build: add @{int2} to the list of default variable. 2024-05-11 12:13:57 +01:00
Alexandre Pujol
4d29127d57
feat(profile): rewrite the child-open* profiles. 2024-05-11 12:13:57 +01:00
Jose Maldonado aka Yukiteru
60ba9ae965 Fix and optimizations for flameshot profile 
Profile simplification PATH and better use for abstractions.
Add permission for @{user_cache_dirs}
 2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru
3748a13710 Fix access to translations and /tmp in run-time 
Flameshot access to /usr/share/flameshot for search translations for UI.
And have access to /tmp for create tempfile for other apps (ex: send image to GIMP)
 2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru
31cb3e962d Enable flameshot profile 
I tested in enforce mode the flameshot profile and
fix a little problem with access resources for this app.

All work OK in Debian Stable.
 2024-05-11 12:10:59 +01:00
Alexandre Pujol
2b6fb63245
feat(profile): add foliate. 2024-05-08 21:15:27 +01:00
Alexandre Pujol
ffafc87ea2
ci: reenable build on ubuntu. 2024-05-08 20:47:45 +01:00
Alexandre Pujol
379c46e4e0
ci(github): add build on ubuntu 24.04 2024-05-08 20:10:17 +01:00
Alexandre Pujol
bed9545082
feat(profile): general update. 2024-05-08 20:08:41 +01:00
Alexandre Pujol
da7747e0fe
feat(tunable): add all int, hex and read variable from 2 to 64. 2024-05-08 18:27:16 +01:00
Alexandre Pujol
7963a65a88
feat(profile): add support for terminal in flatpak app. 
- Sandbox's security is managed by flatpak
- The app stays confined under the (not really strict) flatpak-app profile
- User shell runs unconfined (under the `user_unconfined` profile)

Running terminal as a flatpak app provides less security than as a normal app.
This is because the shell runs as user_unconfined profile that will purposely
not transition to any other profile. While a shell from a classic terminal will
transition to any profile it can, and thus would get restricted. In other words,
running `apt` inside flatpak would run under the `user_unconfined` while it
would use the `apt` profile outside the sandbox.

fix #314
 2024-05-08 15:48:14 +01:00
Alexandre Pujol
538a73e21e
feat(profile): add user_unconfined profile & reorganise pam profiles. 2024-05-08 15:34:39 +01:00
Alexandre Pujol
de9e98bdf7
fix: flags manifest format. 2024-05-07 17:49:47 +01:00
Alexandre Pujol
66c8f42d94
feat(tunable): add the new @{user} variable 2024-05-07 17:41:34 +01:00
Alexandre Pujol
1842f8a4d5
feat(profile): add some new profile (2). 2024-05-07 17:32:36 +01:00
Alexandre Pujol
fe1e3c3be8
feat(profile): add some new profile. 2024-05-07 17:25:43 +01:00