mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-15 00:37:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
2840 commits 6 branches 0 tags 16 MiB
Commit graph

2067 commits

Author SHA1 Message Date
odomingao
52d2cd63b9
Create cemu (#459) 2024-09-01 21:03:13 +00:00
odomingao
7c560e1e8f
Update chronyd (#458) 
apparmor="DENIED" operation="create" class="net" profile="chronyd"  comm="chronyd" family="inet" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
 2024-09-01 21:01:19 +00:00
Alexandre Pujol
b223e2eb8e
feat(profile): general update. 2024-09-01 20:36:23 +01:00
Alexandre Pujol
265e3928c1
feat(profile): mesa: mesa_shader_cache_db is often passed as fd. 2024-09-01 20:13:51 +01:00
Alexandre Pujol
7e3c546e3d
fix(profile): xdg-mime mimetype path. 
fix #455
 2024-09-01 15:25:43 +01:00
Alexandre Pujol
60e00f8c53
fix(profile): zramctl doesn't show algorithm, data, compression, total, streams, mountpoint 
fix #456
 2024-09-01 15:22:05 +01:00
Alexandre Pujol
aa4f4de6dd
feat(abs): update mesa shader cache paths. 
fix: #450 #451
 2024-09-01 15:17:43 +01:00
Nishit Majithia
fe32720765
socat: add apparmor profile (#454) 
* socat: add apparmor profile

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>

* socat: update profile

 - Follow profile guideline
 - Change copyright texts
 - Update to use abi 3.0
 - Use `ssl_certs` and `console` abstractions instead of explicit rules

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>

* socat: minor fix in the profile

 - Use @{bin}
 - Allow executable mapping and read for the binary

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>

---------

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>
 2024-08-30 16:56:04 +00:00
odomingao
a224adc42e Update xdg-desktop-portal-hyprland 2024-08-30 11:42:38 +00:00
odomingao
75fba4c6c7 Update xdg-desktop-portal 2024-08-30 11:42:38 +00:00
odomingao
21bef5a042 Create xdg-desktop-portal-hyprland 2024-08-30 11:42:38 +00:00
Alexandre Pujol
a1eaf58427
feat(profile): minor update. 2024-08-29 19:05:37 +01:00
Alexandre Pujol
04898e20f9
fix: conflicting x modifiers. 2024-08-28 19:48:01 +01:00
EliasTheGrandMasterOfMistakes
1f83ca358e gnome-shell: Integrate nm-openvpn-auth-dialog on gnome-shell 
VPNs that uses gnome authentication like ProtonVPN
depends of gnome-shell acess nm-openvpn-auth-dialog

Co-authored-by: Alexandre Pujol <alexandre@pujol.io>
 2024-08-28 18:42:08 +00:00
EricLin0509
7716c8a191 Rewrite the profile for ufw 2024-08-28 18:24:31 +00:00
EricLin0509
d5ee5c51cb Tighten the permissions of ufw 2024-08-28 18:24:31 +00:00
EricLin0509
cecd0a6284 initial support for ufw 2024-08-28 18:24:31 +00:00
valoq
ce26fa103b permit read access 2024-08-28 18:23:44 +00:00
Alexandre Pujol
bb1c4e0537
feat(profile): modernise the crontab profile. 
fix #428
 2024-08-28 19:19:21 +01:00
Alexandre Pujol
09aef5131e
fix(profile): gpg key generation. 2024-08-28 18:59:51 +01:00
Alexandre Pujol
72d8d14480
feat(tunables): expand coreutils with findutils & diffutils. 2024-08-28 18:53:31 +01:00
Alexandre Pujol
ec7715aaf3
feat(profile): general update. 2024-08-28 18:52:55 +01:00
Alexandre Pujol
c13aa711da
feat(abs): add user bin to the app launch abs. 2024-08-28 18:46:35 +01:00
Alexandre Pujol
f9169bc40b
feat(profile): use the kde-globals-write abstaction when needed. 2024-08-28 18:43:34 +01:00
Alexandre Pujol
1655a9f5ab
feat(profile): more kde integration. 
fix #442
 2024-08-28 18:30:39 +01:00
odomingao
96d774a9eb Update systemd-journald 
apparmor="DENIED" operation="open" class="file" profile="systemd-journald" name="/run/udev/data/+mdio_bus:r8169-0-300:00"  comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 FSUID="root" OUID="root"
 2024-08-26 11:01:11 +00:00
Alexandre Pujol
909d3062b5
feat(profile): ssh: add sshd-session 
fix #442
 2024-08-22 17:43:00 +01:00
valoq
f4330796c4 add write permissions to remove metadata 2024-08-21 10:44:05 +00:00
valoq
c25b76c233 allow read access to atool config files 2024-08-21 10:00:19 +00:00
Alexandre Pujol
6b822d0134
feat(profile): add veracrypt. 2024-08-21 10:26:12 +01:00
Alexandre Pujol
006ed3f681
fix(profile): fscrypt works on a specific homedir. 
fix #430
 2024-08-21 10:10:28 +01:00
Alexandre Pujol
03639c56bc
fix(profile): add graphics to dino. 
See #426
 2024-08-21 10:01:36 +01:00
Alexandre Pujol
50831a2fc8
feat(abs): split steam-game abstraction to game and steam-game abstractions. 2024-08-20 21:06:34 +01:00
Alexandre Pujol
788d865939
feat(profile): general update. 2024-08-20 20:56:58 +01:00
Alexandre Pujol
f14ed2f024
feat(profile): rewrite the dino profile. 
see #426
 2024-08-20 20:13:00 +01:00
Alexandre Pujol
e74fade49a
fix: compilation issue 2/2 
revert adding `bin` to XDG_BIN_DIR due to undetected  conflicting x modifiers.

See #424
 2024-08-20 19:54:54 +01:00
Alexandre Pujol
fb6e718b98
feat(profile): gdm-session-worker: initial support for fscrypt. 
fix #430
 2024-08-20 19:29:43 +01:00
Alexandre Pujol
dc8cc1eb09
fix: compilation issue. 2024-08-20 19:09:19 +01:00
Alexandre Pujol
93313422bd
feat(profile): update kde profiles on openSUSE Tumbleweed. 
See #424
 2024-08-20 18:49:52 +01:00
Alexandre Pujol
14fae89fdd
fix(profile): modprobed-db access to config files. 
fix #435
 2024-08-20 17:59:24 +01:00
Alexandre Pujol
fc1ae32e4e
fix(profile): virtlogd: support for user libvirtd. 
fix #436
 2024-08-20 17:54:34 +01:00
Alexandre Pujol
e3e6c2f5b6
feat(profile): add NTS support for chronyd. 
fix #438
 2024-08-20 17:51:23 +01:00
Alexandre Pujol
da27a6b27e
fix: mpv needs access to /dev/snd files for the alsa audio backend to work 
fix #433
 2024-08-20 17:46:46 +01:00
valoq
ad60ee11ad minor improvements 2024-08-06 15:52:04 +00:00
Alexandre Pujol
7d9ae262c9
fix: borg profile mounting issues. 
fix 431
 2024-08-02 14:54:32 +02:00
Alexandre Pujol
28d5ea034e
feat(profile): merge transmission gui profiles. 
Fix conflicting file naming with upstream.

fix #429
 2024-07-27 15:15:26 +02:00
Alexandre Pujol
d9ca201519
feat(profile): cleanup handling of gnome session. 2024-07-20 13:20:45 +01:00
Alexandre Pujol
52a2ae8c23
feat(profile): general update. 
see #422
 2024-07-20 13:13:27 +01:00
Alexandre Pujol
245898a9d2
feat(profile): ensure any gnome extension can be launched. 
see #422
 2024-07-20 13:06:30 +01:00
Alexandre Pujol
6073dc491f
feat(profile): add nvidia-smi. 2024-07-19 19:23:48 +01:00
Alexandre Pujol
aaf435ece1
feat(profile): general update. 2024-07-19 19:22:32 +01:00
odomingao
d05c9b9276
Fix hyprpicker (#418) 2024-07-19 16:54:08 +00:00
REmerald
d96550cd27 firewalld: make changes from the reviews 
See #441
Also, I changed @{run}/modprobe.d/ to @{run}/modprobe.d/{,*.conf}
 2024-07-16 15:15:06 +00:00
REmerald
ef9000e59e Update firewalld 
Add changes from aa-log -r.
Add attach_disconnected.
Add profile to main.flags, it was missing there for some reason.
There's some uncertainty about some lines, see comments.
 2024-07-16 15:15:06 +00:00
Alexandre Pujol
cb30dcc4bc
feat(profile): general update. 
see #416
 2024-07-15 23:47:01 +01:00
Alexandre Pujol
6cd01064ae
feat(profile): general update. 2024-07-15 23:12:39 +01:00
Alexandre Pujol
8ef9a18242
refractor: hypr group -> hyprland 2024-07-15 23:02:54 +01:00
odomingao
56f3332163
add profiles for waybar and some hypr utilities (#414) 2024-07-15 21:56:55 +00:00
Alexandre Pujol
85ccc46e44
feat(profile): cleanup mount dir access. 
see #412
 2024-07-14 18:08:45 +01:00
Alexandre Pujol
68da315ac2
fix(profile): minor fixes. 
see #410
 2024-07-14 12:34:12 +01:00
Alexandre Pujol
a270b7c6d4
fix(tunable): username can have uppercase letter. 
See #409
 2024-07-14 12:13:16 +01:00
Alexandre Pujol
9c9f743e1e
fix: variour small fixes. 
See #409
 2024-07-14 12:12:30 +01:00
valoq
bd1239b46a
add profiles for cmus and ouch (#408) 
* add profiles for cmus and ouch

* minor corrections
 2024-07-12 20:11:32 +01:00
Alexandre Pujol
d864f5c975
feat(profile): improve general integration 
See #407
 2024-07-12 20:08:58 +01:00
Alexandre Pujol
872b8fc30a
fix(profile): strawberry & nemo. 
see #407
 2024-07-11 14:29:43 +01:00
Alexandre Pujol
1db2c01117
feat(tunable): add kde-open to open_path. 2024-07-10 12:48:15 +01:00
Alexandre Pujol
435cf47359
fix: ensure dkms module can be installed on system update. 
fix #377
 2024-07-09 12:10:21 +01:00
Alexandre Pujol
d480156e09
feat(profile): general update. 2024-07-06 23:46:06 +01:00
Alexandre Pujol
120db25fc6
fix: ensure xdg-dbus-proxy have access to download files. 
fix:  #400
 2024-07-05 12:38:32 +01:00
Alexandre Pujol
4289965cb8
feat(tunable): clarify the naming scheme for programs name. 2024-07-04 22:36:35 +01:00
Alexandre Pujol
62e18d04d7
feat(profile): general update. 2024-07-04 22:22:48 +01:00
Alexandre Pujol
8b8a81200a
fix: temporary allows xdg-mime to open any resources. 
This profile needs to be rewritten and integrated with the xdg-open profiles.

fix: #378
 2024-07-04 21:59:07 +01:00
Alexandre Pujol
dcf92e8e88
feat(profile): update kde profiles. 2024-07-04 21:38:46 +01:00
Alexandre Pujol
897bda824f
feat(profile): update akonadi profiles. 2024-07-04 21:36:09 +01:00
Alexandre Pujol
1675a26fbf
feat(profile): general update. 2024-07-02 22:08:15 +01:00
Alexandre Pujol
c0a081b827
feat(profile): add label for help program. 2024-07-02 22:05:36 +01:00
Alexandre Pujol
f9a93ab67e
feat(profile): general update. 2024-06-29 23:05:45 +01:00
Alexandre Pujol
5b73923385
fix(profile): ensure backlight on all hardware 2024-06-25 12:27:22 +01:00
Alexandre Pujol
8da557ba04
feat(profile): add totem. 2024-06-24 18:01:41 +01:00
Alexandre Pujol
cf8ae8b147
feat(profile): add snapshot. 2024-06-24 17:40:34 +01:00
Alexandre Pujol
81ac0d0b6d
feat(profile): add ollama. 2024-06-24 17:39:08 +01:00
Alexandre Pujol
e17add7e63
fix(profile): keyboard backlight on all hardware 
fix #402
 2024-06-24 13:47:24 +01:00
Alexandre Pujol
e8aa338d5e
feat(profile): gnome-shell//open: ensure gnome can start any program. 2024-06-23 11:26:15 +01:00
Alexandre Pujol
ae71b323c2
feat(profile): general update. 2024-06-23 11:25:17 +01:00
Alexandre Pujol
2e127ace4b
feat(abs): general update. 2024-06-23 11:17:56 +01:00
Alexandre Pujol
856a9a467e
feat(profile): improve chromium tmp file restriction. 2024-06-23 11:17:01 +01:00
Alexandre Pujol
2710fd3484
feat(profile): ensure steam can update itself. 2024-06-23 11:16:23 +01:00
Alexandre Pujol
58c07e5ea5
feat(profile): general update. 2024-06-20 17:57:30 +01:00
Alexandre Pujol
747292e954
fix: remove useless audit mode on chromium. 2024-06-16 22:53:16 +01:00
Alexandre Pujol
13b35b156e
feat(abs): add the app/kmod abstraction. 2024-06-16 21:50:48 +01:00
Alexandre Pujol
cb4f3af58e
feat(profile): add ddcutil 2024-06-16 20:07:41 +01:00
REmerald
41b1489b76 fix: add vim syntax to remaining files 
Add vim syntax modeline to files which didn't have it for some reason.
Continuation of #396.
 2024-06-16 17:32:21 +01:00
REmerald
68d1222029 feat(groups/{u,v,w,x}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #395 to keep the diff list relatively short.
 2024-06-16 17:31:42 +01:00
REmerald
f1a0349978 feat(groups/{_,k,n,p}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #394 to keep the diff list relatively short.
 2024-06-16 17:31:28 +01:00
REmerald
da93eb29d8 feat(groups/g*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #393 to keep the diff list relatively short.
 2024-06-16 17:30:58 +01:00
REmerald
4d707633a1 feat(groups/{c,d,f,s}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
Continuation of #392 to keep the diff list relatively short.
 2024-06-16 17:30:44 +01:00
REmerald
db82b64051 feat(groups/{a,b}*): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.

Continuation of #391 to keep the diff list relatively short.
 2024-06-16 17:30:22 +01:00
Alexandre Pujol
a2c6580725
fix: profile compilation. 2024-06-15 22:28:37 +01:00
REmerald
da3717991e feat(profiles-s-z): vim syntax support 
Add vim modeline instructing the editor to use the syntax plugin provided by apparmor.

Continuation of #379, #380, #381, #390 to keep the diff list relatively short.
 2024-06-15 22:04:20 +01:00
REmerald
c1d531525a
fix(abstractions, tunables): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 22:01:25 +01:00
REmerald
1206692e51
feat(abstractions): vim syntax highlighting 
Add vim syntax support. See man apparmor.vim(5)
 2024-06-15 22:00:29 +01:00
REmerald
07f3ea979a
fix(profiles-g-l): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 21:59:31 +01:00
REmerald
e2c868bd80
feat(profiles-g-l): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor.
 2024-06-15 21:59:31 +01:00
REmerald
293217aee2
fix(profiles-a-f): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 21:59:31 +01:00
REmerald
72b11e5d05
feat(profiles-a-f): vim syntax support 
Add vim modeline instructing the editor to use syntax plugin provided by apparmor
 2024-06-15 21:59:31 +01:00
Alexandre Pujol
275b77d2ac
fix: profile compilation. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
faab4928ed
feat(profile): general update. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
79eed4b93d
feat(profile): improve sqlite temp file definition. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
035e1da7b2
feat(abs): add udevadm app abstraction. 2024-06-15 21:59:31 +01:00
Alexandre Pujol
39bfa9a40b
feat(profile): update steam profiles. 2024-06-15 21:59:31 +01:00
REmerald
eb480672f3
fix(abstractions, tunables): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 21:59:31 +01:00
REmerald
6b5475c7f2
feat(abstractions): vim syntax highlighting 
Add vim syntax support. See man apparmor.vim(5)
 2024-06-15 21:57:49 +01:00
REmerald
1517ff0296
feat(tunables): vim syntax support 
Add vim syntax highlighting support introduced in the apparmor package
 2024-06-15 21:57:49 +01:00
REmerald
280289247d
Merge branch 'main' into patch-profiles-m-r 2024-06-15 18:32:30 +03:00
REmerald
40a30dc310 fix(profiles-m-r): move vim modeline 
Move vim syntax comment to the end of the file, separated by newline, as requested in #380.
 2024-06-15 17:20:22 +03:00
Alexandre Pujol
6c1cdf4d58
fix: ensure btop can send signal 
fix  #385
 2024-06-14 21:10:02 +01:00
Alexandre Pujol
6c64ef95c6
fix: ensure xdg-desktop-portal have access to download files. 
fix  #386
 2024-06-14 21:08:33 +01:00
Stoppedpuma
02ea3b9ee6 Move disk images 2024-06-14 21:04:44 +01:00
Stoppedpuma
307f2d6ad0 Reorganise home.d tunables 2024-06-14 21:04:44 +01:00
Stoppedpuma
7b6ef48d79 Reorganise xdg-user-dirs.d tunables 2024-06-14 21:04:44 +01:00
Alexandre Pujol
d21af8246b
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Reorganise based on type
  Add XDG_GAMES_DIR
  Add missing `user_games_dirs` and reorganise alphabetically
  add config dirs
  complete browsers
  fix lynx profile
  use strict abstraction
  add preview tools
 2024-06-14 20:51:08 +01:00
Alexandre Pujol
117e63d88f
fix: ensure filter directive get cleaned on build. 2024-06-14 20:50:17 +01:00
valoq
26e7da6641 add config dirs 2024-06-13 13:38:42 +01:00
valoq
d7e09d88fd complete browsers 2024-06-13 13:38:42 +01:00
valoq
94a654e318 fix lynx profile 2024-06-13 13:38:42 +01:00
valoq
7b69b696fb use strict abstraction 2024-06-13 13:38:42 +01:00
valoq
cc9e7fdde1 add preview tools 2024-06-13 13:38:42 +01:00
Alexandre Pujol
327c1dec33
feat(profile): add cliphist integration on wl-copy 
fix: #357
 2024-06-12 22:24:59 +01:00
Alexandre Pujol
07805feabe
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Update signal-desktop-chrome-sandbox
  Update signal-desktop
 2024-06-12 22:23:54 +01:00
Alexandre Pujol
a5a434f02a
fix: ensure xdg portal can read any user files. 
fix #375
 2024-06-12 22:22:26 +01:00
Alexandre Pujol
56464d24bf
fix: xdg-desktop-portal breaks screensharing 
fix: #376
 2024-06-12 22:18:02 +01:00
fira959
2eab87da2f Update signal-desktop-chrome-sandbox 2024-06-12 21:51:49 +01:00
fira959
f0cff2989d Update signal-desktop 2024-06-12 21:51:49 +01:00
Alexandre Pujol
ff88400b22
feat(abs): minor cleanup. 2024-06-11 23:18:07 +01:00
Alexandre Pujol
ca9a8d47f8
feat(profile): add protonmail-bridge 2024-06-11 23:16:19 +01:00
Alexandre Pujol
6d549b7c70
feat(profile): rewrite steam profiles. 
- Separate profile for sandboxes.
- Separate profile for native and proton games.
- Updated path dirs
- tested on arch & debian.

Note: these profiles are still in alpha stage and disabled by default.
 2024-06-11 00:21:29 +01:00
Alexandre Pujol
08a1aba39d
feat(abs): bwrap: add special mount rule for debian. 2024-06-11 00:01:46 +01:00
Alexandre Pujol
8fe2bf4c20
feat(profile): add missing enchant abs. 2024-06-11 00:00:51 +01:00
Alexandre Pujol
d283ef5196
feat(profile): general update. 2024-06-10 23:58:44 +01:00
Alexandre Pujol
b4407fb7f8
feat(abs): wayland: add ibus shared file. 2024-06-10 23:53:31 +01:00
Alexandre Pujol
0d8afd21e3
feat(abs): vulkan: allow empty vulkan home dir. 2024-06-10 23:52:40 +01:00
Alexandre Pujol
222685c029
feat(profile): use the cups-client more often. 2024-06-10 23:51:38 +01:00
Alexandre Pujol
bb6df870bb
chore: cleanup opensc debian structure. 2024-06-10 23:43:55 +01:00
REmerald
e362aa9107 feat(profiles-m-r): vim syntax support 
Add vim modeline instructing the editor to use the syntax plugin provided by apparmor.
 2024-06-09 19:44:15 +03:00
Alexandre Pujol
5c8dda1ced
feat(profile): remove rule moved in the base or nameservice abstraction. 2024-06-08 22:49:28 +01:00
REmerald
8009c1b9b9
fix(authentication.d/complete): add missing copyright (#370) 
* fix(authentication.d/complete): add missing copyright

* fix(authentication.d/complete): remove first copyright author

Remove the original author from the copyright comment as his file is different and doesn't include his copyright as well. https://gitlab.com/morfikov/apparmemall/-/blob/master/apparmor.d/abstractions/authentication
 2024-06-07 23:04:25 +00:00
curiosityseeker
ec25a155db
Chromium based browsers: add stacking for chrashpad handler (#366) 
* Update chromium abs: remove crashpad-handler

* Update brave: add stacking for chrashpad-handler

* Update chrome: add stacking for crashpad-handler

* Update chromium: add stacking for crashpad-handler

* Update msedge: add stacking for crashpad-handler

* Rename msedge-crashpad-handlers to msedge-crashpad-handler
 2024-06-07 18:26:39 +00:00
Alexandre Pujol
921156c846
fix(profile): pavucontrol 
fix #371
 2024-06-07 19:25:22 +01:00
Alexandre Pujol
503e83a896
fix: steam support on flatpak. 
fix #368
 2024-06-07 17:10:54 +01:00
REmerald
b66274b2ca fix(systemd-oomd): remove double slash 
Double slash caused the path to not work
 2024-06-06 18:40:35 +01:00
REmerald
aa0e33804a fix(pacman): add attach_disconnected flag 
Fixes #350
 2024-06-06 11:50:01 +01:00
REmerald
46008e4edb fix(gvfsd-fuse): add abstractions/nameservice-strict 2024-06-06 11:48:28 +01:00
REmerald
ac86b5ac78 fix(gvfsd): add abstractions/nameservice-strict 2024-06-06 11:48:28 +01:00
REmerald
d1ec0b90fc fix(xdg-permission-store): add abstractions/nameservice-strict and @{HOME}/.local/ 2024-06-06 11:47:38 +01:00
REmerald
2ea558c146 fix(xdg-document-portal): use abstractions/nameservice-strict 2024-06-06 11:41:46 +01:00
REmerald
11e05037c3 fix(xdg-document-portal): add /etc/nsswitch.conf, /etc/passwd 2024-06-06 11:41:46 +01:00
valoq
0565558fe0 complete atool 2024-06-06 11:40:18 +01:00
REmerald
e937eabd4e fix(nm-dispatcher): add modem-manager-gui 2024-06-06 11:39:04 +01:00
REmerald
8f05f02356 fix(systemd-oomd): shorten paths 2024-06-06 11:38:21 +01:00
REmerald
281768667a fix(systemd-oomd): change to {,**/} 2024-06-06 11:38:21 +01:00
REmerald
6801ae1e0c fix(systemd-oomd): make org.a11y.atspi.Registry.slice as in apparmor.d/groups/gnome/epiphany-search-provider 2024-06-06 11:38:21 +01:00
REmerald
5a8510a1f7 fix(systemd-oomd): add cgroup/system.slice/ and app-dbus* paths 2024-06-06 11:38:21 +01:00
REmerald
37d0a36763 fix(polkit-gnome-authentication-agent): include dconf-write 2024-06-06 11:37:53 +01:00
Alexandre Pujol
8b60e56002
feat(profile): general update. 2024-06-04 20:13:40 +01:00
Alexandre Pujol
13d3b23a04
fix(opensuse): ensure integration on opensuse. 2024-06-04 19:52:56 +01:00
REmerald
c40c3e1c98 fix(lspci): add /run/modprobe.d 2024-06-03 21:19:10 +01:00
REmerald
789ba3836e fix(kmod): add /run/modprobe.d 2024-06-03 19:09:46 +01:00
Alexandre Pujol
951bf6a840
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  fix(systemd-oomd): add `app.slice` and `session.slice` paths
  polkit-kde-authentication-agent update (#345)
  add multiple profiles (#341)
 2024-06-03 19:06:35 +01:00
Alexandre Pujol
ff16790421
feat(abs): general update. 2024-06-03 18:37:12 +01:00
Alexandre Pujol
a1fe682e7a
feat(profile): update btop. 2024-06-03 18:34:55 +01:00
REmerald
f9442e8258 fix(systemd-oomd): add app.slice and session.slice paths 2024-06-03 17:52:34 +01:00
curiosityseeker
8dff2ddd72
polkit-kde-authentication-agent update (#345) 
* Update polkit-kde-authentication-agent

needs mediate_deleted

* Update main.flags

* Update polkit-kde-authentication-agent

* Update polkit-kde-authentication-agent
 2024-06-02 20:19:43 +00:00
valoq
bb772167f0
add multiple profiles (#341) 
* add multiple profiles
 2024-05-31 10:47:01 +00:00
Alexandre Pujol
45ae8f5d27
feat(abs): add pgrep. 2024-05-30 21:08:03 +01:00
Alexandre Pujol
3f688be7a0
feat(profile): general update. 2024-05-30 21:03:39 +01:00
Alexandre Pujol
89abbae6bd
Merge branch 'feat/aa' 
Improve go apparmor lib.

* aa: (62 commits)
  feat(aa): handle appending value to defined variables.
  chore(aa): cosmetic.
  fix: userspace prebuild test.
  chore: cleanup unit test.
  feat(aa): improve log conversion.
  feat(aa): move conversion function to its own file & add unit tests.
  fix: go linter issue & not defined variables.
  tests(aa): improve aa unit tests.
  tests(aa): improve rules unit tests.
  feat(aa): ensure the prebuild jobs are working.
  feat(aa): add more unit tests.
  chore(aa): cleanup.
  feat(aa): Move sort, merge and format methods to the rules interface.
  feat(aa): add the hat template.
  feat(aa): add the Kind struct to manage aa rules.
  feat(aa): cleanup rules methods.
  feat(aa): add function to resolve include preamble.
  feat(aa): updaqte mount flags order.
  feat(aa): update default tunable selection.
  feat(aa): parse apparmor preamble files.
  ...
 2024-05-30 19:29:34 +01:00
fira959
d12db8a8dc
Minor improvements (#336) 
* Update audio-client

* Update mpv

* Update mutt

add common mail dir

* Update apparmor.d

* Update mutt

* Update mutt

* Update mutt

* Update mutt

* Update mutt
 2024-05-30 17:51:57 +00:00
Alexandre Pujol
bc216176a3
fix: go linter issue & not defined variables. 2024-05-30 12:28:12 +01:00
curiosityseeker
adccd0066a
Fix typo in @{text_edirors} (#338) 
* Fix typo in multiarch.d/programs

* Fix typo in multirach.d/paths

* Fix typo in abstractions/app-open
 2024-05-29 20:41:23 +00:00
curiosityseeker
94d9570230
Firefox: using stacking for glxtest and vaapitest (#337) 
The current implementation results in the following errors for the Firefox profile:

 @{lib}/firefox/glxtest rix -> firefox-glxtest,  # no new privs

@{lib}/firefox/vaapitest rix -> firefox-vaapitest,   # no new privs

Using stacking as suggested on https://apparmor.pujol.io/development/structure/#no-new-privileges gets rid of these errors.
 2024-05-29 20:41:01 +00:00
Alexandre Pujol
c785b41451
feat(profile): general update. 2024-05-18 22:35:05 +01:00
Alexandre Pujol
7d1380530a
feat(profile): update steam profiles. 
- Still a wip stage
- Not shipped by default
 2024-05-18 15:02:20 +01:00
Alexandre Pujol
5e6af16580
feat(profile): small improvment on systemd profiles. 2024-05-18 13:09:25 +01:00
fira959
d40812ec2f
Profile fixes (#334) 
* Update discord

fix path

* Update signal-desktop-chrome-sandbox

* Update signal-desktop
 2024-05-17 11:44:15 +00:00
doublez13
9349baaff4 vipw-vigr: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
ce329175da pass: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
a291ce373a git: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
192d227c50 crontab: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
98ea2fa47b apt: Use editor abstraction 2024-05-16 15:44:29 +01:00
doublez13
4256e11492 editor abstraction: minor additions 
Add any one-off rules covered in the other editor profiles before converting those to the abstraction.
 2024-05-16 15:44:29 +01:00
fira959
f86b305a66
Update discord profile (#332) 
---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2024-05-16 10:33:24 +00:00
Alexandre Pujol
41b814675b
fix: syntax error. 2024-05-15 23:53:17 +01:00
Alexandre Pujol
58e458f4ab
feat(profile): add the app/firefox abstraction. 2024-05-15 23:13:23 +01:00
Alexandre Pujol
f5ac8cd4a1
feat(profile): improve dbus rule in chromium based profiles. 2024-05-15 23:07:05 +01:00
Alexandre Pujol
ad960d477b
feat(profile): replace former regex by the new @{user} variable. 2024-05-15 17:22:20 +01:00
Alexandre Pujol
407c71b133
feat(profile): modernize a few app profiles. 2024-05-15 14:50:50 +01:00
fira959
acd6a9794d
Update signal-desktop (#331) 
* Update signal-desktop

* Update signal-desktop-chrome-sandbox

* Update signal-desktop

* Update apparmor.d/groups/apps/signal-desktop

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

* Update signal-desktop

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2024-05-14 21:54:31 +00:00
Alexandre Pujol
855f25da9b
feat(tunable): add hex38. 2024-05-14 12:55:57 +01:00
Alexandre Pujol
7b25ed1913
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Task: Update abstraction path
  Mutt: Update abstraction path
  Update and move abstractions/editor to abstractions/app/editor
  Task: Use editor abstraction
  Mutt: Use editor abstraction
  Create editor abstraction
 2024-05-13 20:37:12 +01:00
Alexandre Pujol
00fd9ddec1
feat(profile): add iceauth 2024-05-13 20:36:46 +01:00