mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-15 00:37:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
2840 commits 6 branches 0 tags 16 MiB
Commit graph

2067 commits

Author SHA1 Message Date
Alexandre Pujol
aa6704bbac
feat(profile): remove the unused freetube sandbox. 2024-09-12 22:15:46 +01:00
Alexandre Pujol
feb482edd9
fix(profile): crontab editor issues with cronie 
fix #479
 2024-09-12 12:18:05 +01:00
Alexandre Pujol
fb93ac0df3
fix(profile): improve linuxqq 
See #474
 2024-09-12 12:12:29 +01:00
EricLin0509
e4a986096f
Add support for linuxqq (#474) 2024-09-12 10:59:25 +00:00
Alexandre Pujol
0fdf514418
feat(profile): update profile with dbus-send. 2024-09-11 19:50:50 +01:00
Alexandre Pujol
64c2ee5fe9
feat(abs): add app/bus 
Useful to confine dbus access in scripts.
 2024-09-11 19:48:31 +01:00
Alexandre Pujol
04c2cabeb6
feat(profile): remove linssid profile. 2024-09-11 19:40:01 +01:00
odomingao
eb9e0c13ae Update hyprland profile with version 0.43 2024-09-11 16:58:02 +00:00
Alexandre Pujol
6539b713fb
feat(profile): general update. 2024-09-11 17:54:34 +01:00
odomingao
c622f5de93 Add support for controllers in game abstraction 2024-09-11 11:26:47 +00:00
Alexandre Pujol
9ea9f1eeed
feat(tunable): add the new @{u8} and @{u16} variable. 2024-09-10 18:55:41 +01:00
Alexandre Pujol
7f594d51b5
feat(tunable): add the new @{arch} variable. 2024-09-10 18:49:33 +01:00
Alexandre Pujol
9cd1939ddc
feat(abs): improve the app-launcher* abs. 2024-09-10 18:41:01 +01:00
Alexandre Pujol
3ad53a2bb0
feat(profile): add aa-unconfined. 2024-09-10 18:39:29 +01:00
Alexandre Pujol
49b8967bb2
feat(profile): improve the use of org.chromium.Chromium.@{rand6}. 2024-09-10 18:20:41 +01:00
Alexandre Pujol
50b0e09a9a
feat(profile): add fstrim. 2024-09-10 18:15:27 +01:00
Alexandre Pujol
67c5181ba9
fix(profile): set flags in sub profile of fwupd. 2024-09-10 17:38:05 +01:00
odomingao
d9ce0d287d Create earlyoom 2024-09-10 11:55:04 +00:00
Alexandre Pujol
c2bc55dc46
feat(profile): general update. 2024-09-09 20:53:12 +01:00
Alexandre Pujol
f3f92297bc
fix(profile): remove deprecated & never enabled profiles. 2024-09-09 20:49:42 +01:00
Alexandre Pujol
f1dcefabb3
feat(profile): add profile for yay. 
fix #420, #466
 2024-09-09 20:38:42 +01:00
Alexandre Pujol
51d8c052f5
feat(profile): add makepkg 
This profile is large enough to support any userbased compilation.
While giving protection as it only allows root access to use pacman.

see  #404, #420 #444, #466
 2024-09-09 20:18:30 +01:00
Alexandre Pujol
f31a68ca21
feat(profile): add gitg. 2024-09-09 19:58:17 +01:00
Alexandre Pujol
c7181ecadf
feat(profile): general update. 2024-09-09 19:57:49 +01:00
Alexandre Pujol
a99fbaa0be
feat(profile): restic some well known path. 2024-09-09 19:47:25 +01:00
Alexandre Pujol
d4e380ad46
feat(profile): update & enable profiles in the apps group. 
see #471
 2024-09-09 19:40:42 +01:00
Alexandre Pujol
2af1d06f18
feat(tunable): add @{editor_path} & @{pager_path}. 2024-09-08 13:25:49 +01:00
Alexandre Pujol
4f310b8802
feat(profile): update dolphin. 
fix #470
 2024-09-08 12:41:49 +01:00
Alexandre Pujol
54e013824e
feat(profile): update libreoffice. 
see #470
 2024-09-08 12:38:54 +01:00
Alexandre Pujol
7b04e28835
feat(profile): remove transparent_hugepage rule already included in base. 2024-09-08 12:36:35 +01:00
odomingao
98042620f6 Update hyprlock 2024-09-08 11:23:21 +00:00
Alexandre Pujol
a8b1e46095
feat(profile): add dmsetup 
fix #469
 2024-09-08 12:21:56 +01:00
Alexandre Pujol
f91fc28711
chore: minor guideline cosmetic. 2024-09-06 21:47:24 +01:00
odomingao
edfa690e2b Update hyprland 2024-09-06 20:42:12 +00:00
odomingao
fe86133f49 Update wayland abstraction 2024-09-06 20:42:12 +00:00
odomingao
2e048156ac Update wayland abstraction 2024-09-06 20:42:12 +00:00
odomingao
c4482675ef Update hyprland 2024-09-06 20:42:12 +00:00
odomingao
fe3d32df1f Add access to gamescope 2024-09-06 20:42:12 +00:00
odomingao
512b42702b add hyprland profile 2024-09-06 20:42:12 +00:00
Alexandre Pujol
984ca11571
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Update profile for ufw (#467)
 2024-09-06 21:41:04 +01:00
Alexandre Pujol
ac2f085d8c
feat(abs): add support for keyfile in dconf. 
fix #460
 2024-09-06 21:40:17 +01:00
EricLin0509
a1407243dd
Update profile for ufw (#467) 
* Update profile for ufw

* A small fix
 2024-09-06 20:35:16 +00:00
Alexandre Pujol
fde8ee6ec6
fix(profile): generic app need access to /var/cache/tmp/ 
fix #465
 2024-09-06 21:32:39 +01:00
Alexandre Pujol
6b191d9ada
feat(profile): use @{int} on systemd/inhibit. 2024-09-05 14:23:16 +01:00
Alexandre Pujol
4e17001ce2
feat(tunable): add the new python_path & python_name variables. 2024-09-05 14:08:08 +01:00
Alexandre Pujol
35dcde9d90
feat(tunable): add the new version variable. 2024-09-05 14:05:35 +01:00
EricLin0509
a93400280e
Add support for wemeet (#462) 
* initial support for wemeet

* Some small fixes
 2024-09-03 17:29:03 +00:00
Alexandre Pujol
26641f585c
feat(profile): add gnome-boxes 
see  #457
 2024-09-02 14:14:16 +01:00
odomingao
3c066ea087 Update waybar 2024-09-02 09:43:11 +00:00
Alexandre Pujol
bf2025db09
feat(profile): gpg: ensure compatibility with torbrowser profile from upstream. 
see #407
 2024-09-01 22:09:00 +01:00
odomingao
52d2cd63b9
Create cemu (#459) 2024-09-01 21:03:13 +00:00
odomingao
7c560e1e8f
Update chronyd (#458) 
apparmor="DENIED" operation="create" class="net" profile="chronyd"  comm="chronyd" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
 2024-09-01 21:01:19 +00:00
Alexandre Pujol
b223e2eb8e
feat(profile): general update. 2024-09-01 20:36:23 +01:00
Alexandre Pujol
265e3928c1
feat(profile): mesa: mesa_shader_cache_db is often passed as fd. 2024-09-01 20:13:51 +01:00
Alexandre Pujol
7e3c546e3d
fix(profile): xdg-mime mimetype path. 
fix #455
 2024-09-01 15:25:43 +01:00
Alexandre Pujol
60e00f8c53
fix(profile): zramctl doesn't show algorithm, data, compression, total, streams, mountpoint 
fix #456
 2024-09-01 15:22:05 +01:00
Alexandre Pujol
aa4f4de6dd
feat(abs): update mesa shader cache paths. 
fix: #450 #451
 2024-09-01 15:17:43 +01:00
Nishit Majithia
fe32720765
socat: add apparmor profile (#454) 
* socat: add apparmor profile

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>

* socat: update profile

 - Follow profile guideline
 - Change copyright texts
 - Update to use abi 3.0
 - Use `ssl_certs` and `console` abstractions instead of explicit rules

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>

* socat: minor fix in the profile

 - Use @{bin}
 - Allow executable mapping and read for the binary

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>

---------

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>
 2024-08-30 16:56:04 +00:00
odomingao
a224adc42e Update xdg-desktop-portal-hyprland 2024-08-30 11:42:38 +00:00
odomingao
75fba4c6c7 Update xdg-desktop-portal 2024-08-30 11:42:38 +00:00
odomingao
21bef5a042 Create xdg-desktop-portal-hyprland 2024-08-30 11:42:38 +00:00
Alexandre Pujol
a1eaf58427
feat(profile): minor update. 2024-08-29 19:05:37 +01:00
Alexandre Pujol
04898e20f9
fix: conflicting x modifiers. 2024-08-28 19:48:01 +01:00
EliasTheGrandMasterOfMistakes
1f83ca358e gnome-shell: Integrate nm-openvpn-auth-dialog on gnome-shell 
VPNs that uses gnome authentication like ProtonVPN
depends of gnome-shell acess nm-openvpn-auth-dialog

Co-authored-by: Alexandre Pujol <alexandre@pujol.io>
 2024-08-28 18:42:08 +00:00
EricLin0509
7716c8a191 Rewrite the profile for ufw 2024-08-28 18:24:31 +00:00
EricLin0509
d5ee5c51cb Tighten the permissions of ufw 2024-08-28 18:24:31 +00:00
EricLin0509
cecd0a6284 initial support for ufw 2024-08-28 18:24:31 +00:00
valoq
ce26fa103b permit read access 2024-08-28 18:23:44 +00:00
Alexandre Pujol
bb1c4e0537
feat(profile): modernise the crontab profile. 
fix #428
 2024-08-28 19:19:21 +01:00
Alexandre Pujol
09aef5131e
fix(profile): gpg key generation. 2024-08-28 18:59:51 +01:00
Alexandre Pujol
72d8d14480
feat(tunables): expand coreutils with findutils & diffutils. 2024-08-28 18:53:31 +01:00
Alexandre Pujol
ec7715aaf3
feat(profile): general update. 2024-08-28 18:52:55 +01:00
Alexandre Pujol
c13aa711da
feat(abs): add user bin to the app launch abs. 2024-08-28 18:46:35 +01:00
Alexandre Pujol
f9169bc40b
feat(profile): use the kde-globals-write abstaction when needed. 2024-08-28 18:43:34 +01:00
Alexandre Pujol
1655a9f5ab
feat(profile): more kde integration. 
fix #442
 2024-08-28 18:30:39 +01:00
odomingao
96d774a9eb Update systemd-journald 
apparmor="DENIED" operation="open" class="file" profile="systemd-journald" name="/run/udev/data/+mdio_bus:r8169-0-300:00"  comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 FSUID="root" OUID="root"
 2024-08-26 11:01:11 +00:00
Alexandre Pujol
909d3062b5
feat(profile): ssh: add sshd-session 
fix #442
 2024-08-22 17:43:00 +01:00
valoq
f4330796c4 add write permissions to remove metadata 2024-08-21 10:44:05 +00:00
valoq
c25b76c233 allow read access to atool config files 2024-08-21 10:00:19 +00:00
Alexandre Pujol
6b822d0134
feat(profile): add veracrypt. 2024-08-21 10:26:12 +01:00
Alexandre Pujol
006ed3f681
fix(profile): fscrypt works on a specific homedir. 
fix #430
 2024-08-21 10:10:28 +01:00
Alexandre Pujol
03639c56bc
fix(profile): add graphics to dino. 
See #426
 2024-08-21 10:01:36 +01:00
Alexandre Pujol
50831a2fc8
feat(abs): split steam-game abstraction to game and steam-game abstractions. 2024-08-20 21:06:34 +01:00
Alexandre Pujol
788d865939
feat(profile): general update. 2024-08-20 20:56:58 +01:00
Alexandre Pujol
f14ed2f024
feat(profile): rewrite the dino profile. 
see #426
 2024-08-20 20:13:00 +01:00
Alexandre Pujol
e74fade49a
fix: compilation issue 2/2 
revert adding `bin` to XDG_BIN_DIR due to undetected  conflicting x modifiers.

See #424
 2024-08-20 19:54:54 +01:00
Alexandre Pujol
fb6e718b98
feat(profile): gdm-session-worker: initial support for fscrypt. 
fix #430
 2024-08-20 19:29:43 +01:00
Alexandre Pujol
dc8cc1eb09
fix: compilation issue. 2024-08-20 19:09:19 +01:00
Alexandre Pujol
93313422bd
feat(profile): update kde profiles on openSUSE Tumbleweed. 
See #424
 2024-08-20 18:49:52 +01:00
Alexandre Pujol
14fae89fdd
fix(profile): modprobed-db access to config files. 
fix #435
 2024-08-20 17:59:24 +01:00
Alexandre Pujol
fc1ae32e4e
fix(profile): virtlogd: support for user libvirtd. 
fix #436
 2024-08-20 17:54:34 +01:00
Alexandre Pujol
e3e6c2f5b6
feat(profile): add NTS support for chronyd. 
fix #438
 2024-08-20 17:51:23 +01:00
Alexandre Pujol
da27a6b27e
fix: mpv needs access to /dev/snd files for the alsa audio backend to work 
fix #433
 2024-08-20 17:46:46 +01:00
valoq
ad60ee11ad minor improvements 2024-08-06 15:52:04 +00:00
Alexandre Pujol
7d9ae262c9
fix: borg profile mounting issues. 
fix 431
 2024-08-02 14:54:32 +02:00
Alexandre Pujol
28d5ea034e
feat(profile): merge transmission gui profiles. 
Fix conflicting file naming with upstream.

fix #429
 2024-07-27 15:15:26 +02:00
Alexandre Pujol
d9ca201519
feat(profile): cleanup handling of gnome session. 2024-07-20 13:20:45 +01:00
Alexandre Pujol
52a2ae8c23
feat(profile): general update. 
see #422
 2024-07-20 13:13:27 +01:00
Alexandre Pujol
245898a9d2
feat(profile): ensure any gnome extension can be launched. 
see #422
 2024-07-20 13:06:30 +01:00
Alexandre Pujol
6073dc491f
feat(profile): add nvidia-smi. 2024-07-19 19:23:48 +01:00
Alexandre Pujol
aaf435ece1
feat(profile): general update. 2024-07-19 19:22:32 +01:00
odomingao
d05c9b9276
Fix hyprpicker (#418) 2024-07-19 16:54:08 +00:00
REmerald
d96550cd27 firewalld: make changes from the reviews 
See #441
Also, I changed @{run}/modprobe.d/ to @{run}/modprobe.d/{,*.conf}
 2024-07-16 15:15:06 +00:00
REmerald
ef9000e59e Update firewalld 
Add changes from aa-log -r.
Add attach_disconnected.
Add profile to main.flags, it was missing there for some reason.
There's some uncertainty about some lines, see comments.
 2024-07-16 15:15:06 +00:00
Alexandre Pujol
cb30dcc4bc
feat(profile): general update. 
see #416
 2024-07-15 23:47:01 +01:00
Alexandre Pujol
6cd01064ae
feat(profile): general update. 2024-07-15 23:12:39 +01:00
Alexandre Pujol
8ef9a18242
refractor: hypr group -> hyprland 2024-07-15 23:02:54 +01:00
odomingao
56f3332163
add profiles for waybar and some hypr utilities (#414) 2024-07-15 21:56:55 +00:00
Alexandre Pujol
85ccc46e44
feat(profile): cleanup mount dir access. 
see #412
 2024-07-14 18:08:45 +01:00
Alexandre Pujol
68da315ac2
fix(profile): minor fixes. 
see #410
 2024-07-14 12:34:12 +01:00
Alexandre Pujol
a270b7c6d4
fix(tunable): username can have uppercase letter. 
See #409
 2024-07-14 12:13:16 +01:00
Alexandre Pujol
9c9f743e1e
fix: variour small fixes. 
See #409
 2024-07-14 12:12:30 +01:00
valoq
bd1239b46a
add profiles for cmus and ouch (#408) 
* add profiles for cmus and ouch

* minor corrections
 2024-07-12 20:11:32 +01:00
Alexandre Pujol
d864f5c975
feat(profile): improve general integration 
See #407
 2024-07-12 20:08:58 +01:00
Alexandre Pujol
872b8fc30a
fix(profile): strawberry & nemo. 
see #407
 2024-07-11 14:29:43 +01:00
Alexandre Pujol
1db2c01117
feat(tunable): add kde-open to open_path. 2024-07-10 12:48:15 +01:00
Alexandre Pujol
435cf47359
fix: ensure dkms module can be installed on system update. 
fix #377
 2024-07-09 12:10:21 +01:00
Alexandre Pujol
d480156e09
feat(profile): general update. 2024-07-06 23:46:06 +01:00
Alexandre Pujol
120db25fc6
fix: ensure xdg-dbus-proxy have access to download files. 
fix:  #400
 2024-07-05 12:38:32 +01:00
Alexandre Pujol
4289965cb8
feat(tunable): clarify the naming scheme for programs name. 2024-07-04 22:36:35 +01:00
Alexandre Pujol
62e18d04d7
feat(profile): general update. 2024-07-04 22:22:48 +01:00
Alexandre Pujol
8b8a81200a
fix: temporary allows xdg-mime to open any resources. 
This profile needs to be rewritten and integrated with the xdg-open profiles.

fix: #378
 2024-07-04 21:59:07 +01:00
Alexandre Pujol
dcf92e8e88
feat(profile): update kde profiles. 2024-07-04 21:38:46 +01:00
Alexandre Pujol
897bda824f
feat(profile): update akonadi profiles. 2024-07-04 21:36:09 +01:00
Alexandre Pujol
1675a26fbf
feat(profile): general update. 2024-07-02 22:08:15 +01:00
Alexandre Pujol
c0a081b827
feat(profile): add label for help program. 2024-07-02 22:05:36 +01:00
Alexandre Pujol
f9a93ab67e
feat(profile): general update. 2024-06-29 23:05:45 +01:00
Alexandre Pujol
5b73923385
fix(profile): ensure backlight on all hardware 2024-06-25 12:27:22 +01:00
Alexandre Pujol
8da557ba04
feat(profile): add totem. 2024-06-24 18:01:41 +01:00
Alexandre Pujol
cf8ae8b147
feat(profile): add snapshot. 2024-06-24 17:40:34 +01:00
Alexandre Pujol
81ac0d0b6d
feat(profile): add ollama. 2024-06-24 17:39:08 +01:00
Alexandre Pujol
e17add7e63
fix(profile): keyboard backlight on all hardware 
fix #402
 2024-06-24 13:47:24 +01:00
Alexandre Pujol
e8aa338d5e
feat(profile): gnome-shell//open: ensure gnome can start any program. 2024-06-23 11:26:15 +01:00
Alexandre Pujol
ae71b323c2
feat(profile): general update. 2024-06-23 11:25:17 +01:00
Alexandre Pujol
2e127ace4b
feat(abs): general update. 2024-06-23 11:17:56 +01:00
Alexandre Pujol
856a9a467e
feat(profile): improve chromium tmp file restriction. 2024-06-23 11:17:01 +01:00
Alexandre Pujol
2710fd3484
feat(profile): ensure steam can update itself. 2024-06-23 11:16:23 +01:00
Alexandre Pujol
58c07e5ea5
feat(profile): general update. 2024-06-20 17:57:30 +01:00
Alexandre Pujol
747292e954
fix: remove useless audit mode on chromium. 2024-06-16 22:53:16 +01:00
Alexandre Pujol
13b35b156e
feat(abs): add the app/kmod abstraction. 2024-06-16 21:50:48 +01:00
Alexandre Pujol
cb4f3af58e
feat(profile): add ddcutil 2024-06-16 20:07:41 +01:00
REmerald
41b1489b76 fix: add vim syntax to remaining files 
Add vim syntax modeline to files which didn't have it for some reason.
Continuation of #396.
 2024-06-16 17:32:21 +01:00
REmerald
68d1222029 feat(groups/{u,v,w,x}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #395 to keep the diff list relatively short.
 2024-06-16 17:31:42 +01:00
REmerald
f1a0349978 feat(groups/{_,k,n,p}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #394 to keep the diff list relatively short.
 2024-06-16 17:31:28 +01:00
REmerald
da93eb29d8 feat(groups/g*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #393 to keep the diff list relatively short.
 2024-06-16 17:30:58 +01:00
REmerald
4d707633a1 feat(groups/{c,d,f,s}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #392 to keep the diff list relatively short.
 2024-06-16 17:30:44 +01:00
REmerald
db82b64051 feat(groups/{a,b}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.

Continuation of #391 to keep the diff list relatively short.
 2024-06-16 17:30:22 +01:00
Alexandre Pujol
a2c6580725
fix: profile compilation. 2024-06-15 22:28:37 +01:00
REmerald
da3717991e feat(profiles-s-z): vim syntax support 
Add vim modeline instructing the editor to use the syntax plugin provided by apparmor.

Continuation of #379, #380, #381, #390 to keep the diff list relatively short.
 2024-06-15 22:04:20 +01:00
REmerald
c1d531525a
fix(abstractions, tunables): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 22:01:25 +01:00