2067 commits

Author	SHA1	Message	Date
Alexandre Pujol	aaf435ece1	feat(profile): general update.	2024-07-19 19:22:32 +01:00
odomingao	d05c9b9276	Fix hyprpicker (#418)	2024-07-19 16:54:08 +00:00
REmerald	d96550cd27	firewalld: make changes from the reviews ... See #441 Also, I changed @{run}/modprobe.d/ to @{run}/modprobe.d/{,*.conf}	2024-07-16 15:15:06 +00:00
REmerald	ef9000e59e	Update firewalld ... Add changes from aa-log -r. Add attach_disconnected. Add profile to main.flags, it was missing there for some reason. There's some uncertainty about some lines, see comments.	2024-07-16 15:15:06 +00:00
Alexandre Pujol	cb30dcc4bc	feat(profile): general update. ... see #416	2024-07-15 23:47:01 +01:00
Alexandre Pujol	6cd01064ae	feat(profile): general update.	2024-07-15 23:12:39 +01:00
Alexandre Pujol	8ef9a18242	refractor: hypr group -> hyprland	2024-07-15 23:02:54 +01:00
odomingao	56f3332163	add profiles for waybar and some hypr utilities (#414)	2024-07-15 21:56:55 +00:00
Alexandre Pujol	85ccc46e44	feat(profile): cleanup mount dir access. ... see #412	2024-07-14 18:08:45 +01:00
Alexandre Pujol	68da315ac2	fix(profile): minor fixes. ... see #410	2024-07-14 12:34:12 +01:00
Alexandre Pujol	a270b7c6d4	fix(tunable): username can have uppercase letter. ... See #409	2024-07-14 12:13:16 +01:00
Alexandre Pujol	9c9f743e1e	fix: variour small fixes. ... See #409	2024-07-14 12:12:30 +01:00
valoq	bd1239b46a	add profiles for cmus and ouch (#408) ... * add profiles for cmus and ouch * minor corrections	2024-07-12 20:11:32 +01:00
Alexandre Pujol	d864f5c975	feat(profile): improve general integration ... See #407	2024-07-12 20:08:58 +01:00
Alexandre Pujol	872b8fc30a	fix(profile): strawberry & nemo. ... see #407	2024-07-11 14:29:43 +01:00
Alexandre Pujol	1db2c01117	feat(tunable): add kde-open to open_path.	2024-07-10 12:48:15 +01:00
Alexandre Pujol	435cf47359	fix: ensure dkms module can be installed on system update. ... fix #377	2024-07-09 12:10:21 +01:00
Alexandre Pujol	d480156e09	feat(profile): general update.	2024-07-06 23:46:06 +01:00
Alexandre Pujol	120db25fc6	fix: ensure xdg-dbus-proxy have access to download files. ... fix: #400	2024-07-05 12:38:32 +01:00
Alexandre Pujol	4289965cb8	feat(tunable): clarify the naming scheme for programs name.	2024-07-04 22:36:35 +01:00
Alexandre Pujol	62e18d04d7	feat(profile): general update.	2024-07-04 22:22:48 +01:00
Alexandre Pujol	8b8a81200a	fix: temporary allows xdg-mime to open any resources. ... This profile needs to be rewritten and integrated with the xdg-open profiles. fix: #378	2024-07-04 21:59:07 +01:00
Alexandre Pujol	dcf92e8e88	feat(profile): update kde profiles.	2024-07-04 21:38:46 +01:00
Alexandre Pujol	897bda824f	feat(profile): update akonadi profiles.	2024-07-04 21:36:09 +01:00
Alexandre Pujol	1675a26fbf	feat(profile): general update.	2024-07-02 22:08:15 +01:00
Alexandre Pujol	c0a081b827	feat(profile): add label for help program.	2024-07-02 22:05:36 +01:00
Alexandre Pujol	f9a93ab67e	feat(profile): general update.	2024-06-29 23:05:45 +01:00
Alexandre Pujol	5b73923385	fix(profile): ensure backlight on all hardware	2024-06-25 12:27:22 +01:00
Alexandre Pujol	8da557ba04	feat(profile): add totem.	2024-06-24 18:01:41 +01:00
Alexandre Pujol	cf8ae8b147	feat(profile): add snapshot.	2024-06-24 17:40:34 +01:00
Alexandre Pujol	81ac0d0b6d	feat(profile): add ollama.	2024-06-24 17:39:08 +01:00
Alexandre Pujol	e17add7e63	fix(profile): keyboard backlight on all hardware ... fix #402	2024-06-24 13:47:24 +01:00
Alexandre Pujol	e8aa338d5e	feat(profile): gnome-shell//open: ensure gnome can start any program.	2024-06-23 11:26:15 +01:00
Alexandre Pujol	ae71b323c2	feat(profile): general update.	2024-06-23 11:25:17 +01:00
Alexandre Pujol	2e127ace4b	feat(abs): general update.	2024-06-23 11:17:56 +01:00
Alexandre Pujol	856a9a467e	feat(profile): improve chromium tmp file restriction.	2024-06-23 11:17:01 +01:00
Alexandre Pujol	2710fd3484	feat(profile): ensure steam can update itself.	2024-06-23 11:16:23 +01:00
Alexandre Pujol	58c07e5ea5	feat(profile): general update.	2024-06-20 17:57:30 +01:00
Alexandre Pujol	747292e954	fix: remove useless audit mode on chromium.	2024-06-16 22:53:16 +01:00
Alexandre Pujol	13b35b156e	feat(abs): add the app/kmod abstraction.	2024-06-16 21:50:48 +01:00
Alexandre Pujol	cb4f3af58e	feat(profile): add ddcutil	2024-06-16 20:07:41 +01:00
REmerald	41b1489b76	fix: add vim syntax to remaining files ... Add vim syntax modeline to files which didn't have it for some reason. Continuation of #396.	2024-06-16 17:32:21 +01:00
REmerald	68d1222029	feat(groups/{u,v,w,x}*): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor. Continuation of #395 to keep the diff list relatively short.	2024-06-16 17:31:42 +01:00
REmerald	f1a0349978	feat(groups/{_,k,n,p}*): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor. Continuation of #394 to keep the diff list relatively short.	2024-06-16 17:31:28 +01:00
REmerald	da93eb29d8	feat(groups/g*): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor. Continuation of #393 to keep the diff list relatively short.	2024-06-16 17:30:58 +01:00
REmerald	4d707633a1	feat(groups/{c,d,f,s}*): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor. Continuation of #392 to keep the diff list relatively short.	2024-06-16 17:30:44 +01:00
REmerald	db82b64051	feat(groups/{a,b}*): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor. Continuation of #391 to keep the diff list relatively short.	2024-06-16 17:30:22 +01:00
Alexandre Pujol	a2c6580725	fix: profile compilation.	2024-06-15 22:28:37 +01:00
REmerald	da3717991e	feat(profiles-s-z): vim syntax support ... Add vim modeline instructing the editor to use the syntax plugin provided by apparmor. Continuation of #379, #380, #381, #390 to keep the diff list relatively short.	2024-06-15 22:04:20 +01:00
REmerald	c1d531525a	fix(abstractions, tunables): move vim modeline ... Move vim syntax comment to the end of the file, separated by newline, as requested in #380.	2024-06-15 22:01:25 +01:00
REmerald	1206692e51	feat(abstractions): vim syntax highlighting ... Add vim syntax support. See man apparmor.vim(5)	2024-06-15 22:00:29 +01:00
REmerald	07f3ea979a	fix(profiles-g-l): move vim modeline ... Move vim syntax comment to the end of the file, separated by newline, as requested in #380.	2024-06-15 21:59:31 +01:00
REmerald	e2c868bd80	feat(profiles-g-l): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor.	2024-06-15 21:59:31 +01:00
REmerald	293217aee2	fix(profiles-a-f): move vim modeline ... Move vim syntax comment to the end of the file, separated by newline, as requested in #380.	2024-06-15 21:59:31 +01:00
REmerald	72b11e5d05	feat(profiles-a-f): vim syntax support ... Add vim modeline instructing the editor to use syntax plugin provided by apparmor	2024-06-15 21:59:31 +01:00
Alexandre Pujol	275b77d2ac	fix: profile compilation.	2024-06-15 21:59:31 +01:00
Alexandre Pujol	faab4928ed	feat(profile): general update.	2024-06-15 21:59:31 +01:00
Alexandre Pujol	79eed4b93d	feat(profile): improve sqlite temp file definition.	2024-06-15 21:59:31 +01:00
Alexandre Pujol	035e1da7b2	feat(abs): add udevadm app abstraction.	2024-06-15 21:59:31 +01:00
Alexandre Pujol	39bfa9a40b	feat(profile): update steam profiles.	2024-06-15 21:59:31 +01:00
REmerald	eb480672f3	fix(abstractions, tunables): move vim modeline ... Move vim syntax comment to the end of the file, separated by newline, as requested in #380.	2024-06-15 21:59:31 +01:00
REmerald	6b5475c7f2	feat(abstractions): vim syntax highlighting ... Add vim syntax support. See man apparmor.vim(5)	2024-06-15 21:57:49 +01:00
REmerald	1517ff0296	feat(tunables): vim syntax support ... Add vim syntax highlighting support introduced in the apparmor package	2024-06-15 21:57:49 +01:00
REmerald	280289247d	Merge branch 'main' into patch-profiles-m-r	2024-06-15 18:32:30 +03:00
REmerald	40a30dc310	fix(profiles-m-r): move vim modeline ... Move vim syntax comment to the end of the file, separated by newline, as requested in #380.	2024-06-15 17:20:22 +03:00
Alexandre Pujol	6c1cdf4d58	fix: ensure btop can send signal ... fix #385	2024-06-14 21:10:02 +01:00
Alexandre Pujol	6c64ef95c6	fix: ensure xdg-desktop-portal have access to download files. ... fix #386	2024-06-14 21:08:33 +01:00
Stoppedpuma	02ea3b9ee6	Move disk images	2024-06-14 21:04:44 +01:00
Stoppedpuma	307f2d6ad0	Reorganise home.d tunables	2024-06-14 21:04:44 +01:00
Stoppedpuma	7b6ef48d79	Reorganise xdg-user-dirs.d tunables	2024-06-14 21:04:44 +01:00
Alexandre Pujol	d21af8246b	Merge branch 'main' of github.com:roddhjav/apparmor.d ... * 'main' of github.com:roddhjav/apparmor.d: Reorganise based on type Add XDG_GAMES_DIR Add missing `user_games_dirs` and reorganise alphabetically add config dirs complete browsers fix lynx profile use strict abstraction add preview tools	2024-06-14 20:51:08 +01:00
Alexandre Pujol	117e63d88f	fix: ensure filter directive get cleaned on build.	2024-06-14 20:50:17 +01:00
valoq	26e7da6641	add config dirs	2024-06-13 13:38:42 +01:00
valoq	d7e09d88fd	complete browsers	2024-06-13 13:38:42 +01:00
valoq	94a654e318	fix lynx profile	2024-06-13 13:38:42 +01:00
valoq	7b69b696fb	use strict abstraction	2024-06-13 13:38:42 +01:00
valoq	cc9e7fdde1	add preview tools	2024-06-13 13:38:42 +01:00
Alexandre Pujol	327c1dec33	feat(profile): add cliphist integration on wl-copy ... fix: #357	2024-06-12 22:24:59 +01:00
Alexandre Pujol	07805feabe	Merge branch 'main' of github.com:roddhjav/apparmor.d ... * 'main' of github.com:roddhjav/apparmor.d: Update signal-desktop-chrome-sandbox Update signal-desktop	2024-06-12 22:23:54 +01:00
Alexandre Pujol	a5a434f02a	fix: ensure xdg portal can read any user files. ... fix #375	2024-06-12 22:22:26 +01:00
Alexandre Pujol	56464d24bf	fix: xdg-desktop-portal breaks screensharing ... fix: #376	2024-06-12 22:18:02 +01:00
fira959	2eab87da2f	Update signal-desktop-chrome-sandbox	2024-06-12 21:51:49 +01:00
fira959	f0cff2989d	Update signal-desktop	2024-06-12 21:51:49 +01:00
Alexandre Pujol	ff88400b22	feat(abs): minor cleanup.	2024-06-11 23:18:07 +01:00
Alexandre Pujol	ca9a8d47f8	feat(profile): add protonmail-bridge	2024-06-11 23:16:19 +01:00
Alexandre Pujol	6d549b7c70	feat(profile): rewrite steam profiles. ... - Separate profile for sandboxes. - Separate profile for native and proton games. - Updated path dirs - tested on arch & debian. Note: these profiles are still in alpha stage and disabled by default.	2024-06-11 00:21:29 +01:00
Alexandre Pujol	08a1aba39d	feat(abs): bwrap: add special mount rule for debian.	2024-06-11 00:01:46 +01:00
Alexandre Pujol	8fe2bf4c20	feat(profile): add missing enchant abs.	2024-06-11 00:00:51 +01:00
Alexandre Pujol	d283ef5196	feat(profile): general update.	2024-06-10 23:58:44 +01:00
Alexandre Pujol	b4407fb7f8	feat(abs): wayland: add ibus shared file.	2024-06-10 23:53:31 +01:00
Alexandre Pujol	0d8afd21e3	feat(abs): vulkan: allow empty vulkan home dir.	2024-06-10 23:52:40 +01:00
Alexandre Pujol	222685c029	feat(profile): use the cups-client more often.	2024-06-10 23:51:38 +01:00
Alexandre Pujol	bb6df870bb	chore: cleanup opensc debian structure.	2024-06-10 23:43:55 +01:00
REmerald	e362aa9107	feat(profiles-m-r): vim syntax support ... Add vim modeline instructing the editor to use the syntax plugin provided by apparmor.	2024-06-09 19:44:15 +03:00
Alexandre Pujol	5c8dda1ced	feat(profile): remove rule moved in the base or nameservice abstraction.	2024-06-08 22:49:28 +01:00
REmerald	8009c1b9b9	fix(authentication.d/complete): add missing copyright (#370) ... * fix(authentication.d/complete): add missing copyright * fix(authentication.d/complete): remove first copyright author Remove the original author from the copyright comment as his file is different and doesn't include his copyright as well. https://gitlab.com/morfikov/apparmemall/-/blob/master/apparmor.d/abstractions/authentication	2024-06-07 23:04:25 +00:00
curiosityseeker	ec25a155db	Chromium based browsers: add stacking for chrashpad handler (#366) ... * Update chromium abs: remove crashpad-handler * Update brave: add stacking for chrashpad-handler * Update chrome: add stacking for crashpad-handler * Update chromium: add stacking for crashpad-handler * Update msedge: add stacking for crashpad-handler * Rename msedge-crashpad-handlers to msedge-crashpad-handler	2024-06-07 18:26:39 +00:00
Alexandre Pujol	921156c846	fix(profile): pavucontrol ... fix #371	2024-06-07 19:25:22 +01:00
Alexandre Pujol	503e83a896	fix: steam support on flatpak. ... fix #368	2024-06-07 17:10:54 +01:00
REmerald	b66274b2ca	fix(systemd-oomd): remove double slash ... Double slash caused the path to not work	2024-06-06 18:40:35 +01:00
REmerald	aa0e33804a	fix(pacman): add attach_disconnected flag ... Fixes #350	2024-06-06 11:50:01 +01:00
REmerald	46008e4edb	fix(gvfsd-fuse): add abstractions/nameservice-strict	2024-06-06 11:48:28 +01:00
REmerald	ac86b5ac78	fix(gvfsd): add abstractions/nameservice-strict	2024-06-06 11:48:28 +01:00
REmerald	d1ec0b90fc	fix(xdg-permission-store): add abstractions/nameservice-strict and @{HOME}/.local/	2024-06-06 11:47:38 +01:00
REmerald	2ea558c146	fix(xdg-document-portal): use abstractions/nameservice-strict	2024-06-06 11:41:46 +01:00
REmerald	11e05037c3	fix(xdg-document-portal): add /etc/nsswitch.conf, /etc/passwd	2024-06-06 11:41:46 +01:00
valoq	0565558fe0	complete atool	2024-06-06 11:40:18 +01:00
REmerald	e937eabd4e	fix(nm-dispatcher): add modem-manager-gui	2024-06-06 11:39:04 +01:00
REmerald	8f05f02356	fix(systemd-oomd): shorten paths	2024-06-06 11:38:21 +01:00
REmerald	281768667a	fix(systemd-oomd): change to {,**/}	2024-06-06 11:38:21 +01:00
REmerald	6801ae1e0c	fix(systemd-oomd): make org.a11y.atspi.Registry.slice as in apparmor.d/groups/gnome/epiphany-search-provider	2024-06-06 11:38:21 +01:00
REmerald	5a8510a1f7	fix(systemd-oomd): add cgroup/system.slice/ and app-dbus* paths	2024-06-06 11:38:21 +01:00
REmerald	37d0a36763	fix(polkit-gnome-authentication-agent): include dconf-write	2024-06-06 11:37:53 +01:00
Alexandre Pujol	8b60e56002	feat(profile): general update.	2024-06-04 20:13:40 +01:00
Alexandre Pujol	13d3b23a04	fix(opensuse): ensure integration on opensuse.	2024-06-04 19:52:56 +01:00
REmerald	c40c3e1c98	fix(lspci): add /run/modprobe.d	2024-06-03 21:19:10 +01:00
REmerald	789ba3836e	fix(kmod): add /run/modprobe.d	2024-06-03 19:09:46 +01:00
Alexandre Pujol	951bf6a840	Merge branch 'main' of github.com:roddhjav/apparmor.d ... * 'main' of github.com:roddhjav/apparmor.d: fix(systemd-oomd): add `app.slice` and `session.slice` paths polkit-kde-authentication-agent update (#345) add multiple profiles (#341)	2024-06-03 19:06:35 +01:00
Alexandre Pujol	ff16790421	feat(abs): general update.	2024-06-03 18:37:12 +01:00
Alexandre Pujol	a1fe682e7a	feat(profile): update btop.	2024-06-03 18:34:55 +01:00
REmerald	f9442e8258	fix(systemd-oomd): add app.slice and session.slice paths	2024-06-03 17:52:34 +01:00
curiosityseeker	8dff2ddd72	polkit-kde-authentication-agent update (#345) ... * Update polkit-kde-authentication-agent needs mediate_deleted * Update main.flags * Update polkit-kde-authentication-agent * Update polkit-kde-authentication-agent	2024-06-02 20:19:43 +00:00
valoq	bb772167f0	add multiple profiles (#341) ... * add multiple profiles	2024-05-31 10:47:01 +00:00
Alexandre Pujol	45ae8f5d27	feat(abs): add pgrep.	2024-05-30 21:08:03 +01:00
Alexandre Pujol	3f688be7a0	feat(profile): general update.	2024-05-30 21:03:39 +01:00
Alexandre Pujol	89abbae6bd	Merge branch 'feat/aa' ... Improve go apparmor lib. * aa: (62 commits) feat(aa): handle appending value to defined variables. chore(aa): cosmetic. fix: userspace prebuild test. chore: cleanup unit test. feat(aa): improve log conversion. feat(aa): move conversion function to its own file & add unit tests. fix: go linter issue & not defined variables. tests(aa): improve aa unit tests. tests(aa): improve rules unit tests. feat(aa): ensure the prebuild jobs are working. feat(aa): add more unit tests. chore(aa): cleanup. feat(aa): Move sort, merge and format methods to the rules interface. feat(aa): add the hat template. feat(aa): add the Kind struct to manage aa rules. feat(aa): cleanup rules methods. feat(aa): add function to resolve include preamble. feat(aa): updaqte mount flags order. feat(aa): update default tunable selection. feat(aa): parse apparmor preamble files. ...	2024-05-30 19:29:34 +01:00
fira959	d12db8a8dc	Minor improvements (#336) ... * Update audio-client * Update mpv * Update mutt add common mail dir * Update apparmor.d * Update mutt * Update mutt * Update mutt * Update mutt * Update mutt	2024-05-30 17:51:57 +00:00
Alexandre Pujol	bc216176a3	fix: go linter issue & not defined variables.	2024-05-30 12:28:12 +01:00
curiosityseeker	adccd0066a	Fix typo in @{text_edirors} (#338) ... * Fix typo in multiarch.d/programs * Fix typo in multirach.d/paths * Fix typo in abstractions/app-open	2024-05-29 20:41:23 +00:00
curiosityseeker	94d9570230	Firefox: using stacking for glxtest and vaapitest (#337) ... The current implementation results in the following errors for the Firefox profile: @{lib}/firefox/glxtest rix -> firefox-glxtest, # no new privs @{lib}/firefox/vaapitest rix -> firefox-vaapitest, # no new privs Using stacking as suggested on https://apparmor.pujol.io/development/structure/#no-new-privileges gets rid of these errors.	2024-05-29 20:41:01 +00:00
Alexandre Pujol	c785b41451	feat(profile): general update.	2024-05-18 22:35:05 +01:00
Alexandre Pujol	7d1380530a	feat(profile): update steam profiles. ... - Still a wip stage - Not shipped by default	2024-05-18 15:02:20 +01:00
Alexandre Pujol	5e6af16580	feat(profile): small improvment on systemd profiles.	2024-05-18 13:09:25 +01:00
fira959	d40812ec2f	Profile fixes (#334) ... * Update discord fix path * Update signal-desktop-chrome-sandbox * Update signal-desktop	2024-05-17 11:44:15 +00:00
doublez13	9349baaff4	vipw-vigr: Use editor abstraction	2024-05-16 15:44:29 +01:00
doublez13	ce329175da	pass: Use editor abstraction	2024-05-16 15:44:29 +01:00
doublez13	a291ce373a	git: Use editor abstraction	2024-05-16 15:44:29 +01:00
doublez13	192d227c50	crontab: Use editor abstraction	2024-05-16 15:44:29 +01:00
doublez13	98ea2fa47b	apt: Use editor abstraction	2024-05-16 15:44:29 +01:00
doublez13	4256e11492	editor abstraction: minor additions ... Add any one-off rules covered in the other editor profiles before converting those to the abstraction.	2024-05-16 15:44:29 +01:00
fira959	f86b305a66	Update discord profile (#332) ... --------- Co-authored-by: Alex <roddhjav@users.noreply.github.com>	2024-05-16 10:33:24 +00:00
Alexandre Pujol	41b814675b	fix: syntax error.	2024-05-15 23:53:17 +01:00
Alexandre Pujol	58e458f4ab	feat(profile): add the app/firefox abstraction.	2024-05-15 23:13:23 +01:00
Alexandre Pujol	f5ac8cd4a1	feat(profile): improve dbus rule in chromium based profiles.	2024-05-15 23:07:05 +01:00
Alexandre Pujol	ad960d477b	feat(profile): replace former regex by the new @{user} variable.	2024-05-15 17:22:20 +01:00
Alexandre Pujol	407c71b133	feat(profile): modernize a few app profiles.	2024-05-15 14:50:50 +01:00
fira959	acd6a9794d	Update signal-desktop (#331) ... * Update signal-desktop * Update signal-desktop-chrome-sandbox * Update signal-desktop * Update apparmor.d/groups/apps/signal-desktop Co-authored-by: Alex <roddhjav@users.noreply.github.com> * Update signal-desktop --------- Co-authored-by: Alex <roddhjav@users.noreply.github.com>	2024-05-14 21:54:31 +00:00
Alexandre Pujol	855f25da9b	feat(tunable): add hex38.	2024-05-14 12:55:57 +01:00
Alexandre Pujol	7b25ed1913	Merge branch 'main' of github.com:roddhjav/apparmor.d ... * 'main' of github.com:roddhjav/apparmor.d: Task: Update abstraction path Mutt: Update abstraction path Update and move abstractions/editor to abstractions/app/editor Task: Use editor abstraction Mutt: Use editor abstraction Create editor abstraction	2024-05-13 20:37:12 +01:00
Alexandre Pujol	00fd9ddec1	feat(profile): add iceauth	2024-05-13 20:36:46 +01:00
Alexandre Pujol	8f102dea0a	feat(profile): general update.	2024-05-13 20:35:11 +01:00
doublez13	8594700f9a	Task: Update abstraction path	2024-05-12 17:34:33 +01:00
doublez13	533bff8583	Mutt: Update abstraction path	2024-05-12 17:34:33 +01:00
doublez13	479d04abac	Update and move abstractions/editor to abstractions/app/editor	2024-05-12 17:34:33 +01:00
doublez13	eb32db16c6	Task: Use editor abstraction	2024-05-12 17:34:33 +01:00
doublez13	769b4a7cec	Mutt: Use editor abstraction	2024-05-12 17:34:33 +01:00
doublez13	e38f2ac721	Create editor abstraction ... I'm counting seven profiles that have a child profile named "editor" that all include roughly the same boiler plate policies. Let's abstract it out.	2024-05-12 17:34:33 +01:00
Alexandre Pujol	1739c07ca1	feat(profile): general update.	2024-05-11 17:38:43 +01:00
Alexandre Pujol	533b7ac937	feat(profile): update steam internal ... This is still a wip stage and the profile is not installed by default.	2024-05-11 17:28:44 +01:00
Alexandre Pujol	4d29127d57	feat(profile): rewrite the child-open* profiles.	2024-05-11 12:13:57 +01:00
Jose Maldonado aka Yukiteru	60ba9ae965	Fix and optimizations for flameshot profile ... Profile simplification PATH and better use for abstractions. Add permission for @{user_cache_dirs}	2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru	3748a13710	Fix access to translations and /tmp in run-time ... Flameshot access to /usr/share/flameshot for search translations for UI. And have access to /tmp for create tempfile for other apps (ex: send image to GIMP)	2024-05-11 12:10:59 +01:00
Jose Maldonado aka Yukiteru	31cb3e962d	Enable flameshot profile ... I tested in enforce mode the flameshot profile and fix a little problem with access resources for this app. All work OK in Debian Stable.	2024-05-11 12:10:59 +01:00
Alexandre Pujol	2b6fb63245	feat(profile): add foliate.	2024-05-08 21:15:27 +01:00
Alexandre Pujol	bed9545082	feat(profile): general update.	2024-05-08 20:08:41 +01:00
Alexandre Pujol	da7747e0fe	feat(tunable): add all int, hex and read variable from 2 to 64.	2024-05-08 18:27:16 +01:00
Alexandre Pujol	7963a65a88	feat(profile): add support for terminal in flatpak app. ... - Sandbox's security is managed by flatpak - The app stays confined under the (not really strict) flatpak-app profile - User shell runs unconfined (under the `user_unconfined` profile) Running terminal as a flatpak app provides less security than as a normal app. This is because the shell runs as user_unconfined profile that will purposely not transition to any other profile. While a shell from a classic terminal will transition to any profile it can, and thus would get restricted. In other words, running `apt` inside flatpak would run under the `user_unconfined` while it would use the `apt` profile outside the sandbox. fix #314	2024-05-08 15:48:14 +01:00
Alexandre Pujol	538a73e21e	feat(profile): add user_unconfined profile & reorganise pam profiles.	2024-05-08 15:34:39 +01:00
Alexandre Pujol	66c8f42d94	feat(tunable): add the new @{user} variable	2024-05-07 17:41:34 +01:00
Alexandre Pujol	1842f8a4d5	feat(profile): add some new profile (2).	2024-05-07 17:32:36 +01:00
Alexandre Pujol	fe1e3c3be8	feat(profile): add some new profile.	2024-05-07 17:25:43 +01:00
Alexandre Pujol	239d5efe63	feat(profile): general update.	2024-05-07 16:19:29 +01:00
Alexandre Pujol	4ada6f5879	feat(profile): improve dpkg deb & split.	2024-05-07 16:12:29 +01:00
Alexandre Pujol	9a2f4b5dbe	feat(abs): improve some common user abstraction.	2024-05-07 16:10:09 +01:00
Alexandre Pujol	37bb51ccb5	fix: remove duplicate program name.	2024-05-07 15:57:57 +01:00
Jose Maldonado aka Yukiteru	1c6f7dd1c2	Fix recent error in abstractions/thumbnails-cache-read ... Sorry, in the previous commit I introduced an error in abstractions/thumbnails-cache-read that prevented this abstractions from working correctly after a restart and complete reload of the profiles (after a new installation from Git). This commit fixes the bug and with it must also pass the repository tests.	2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru	92a370210d	Fix exec for exim4 for anacron (default config Debian Stable) ... On default installation on Debian Stable (12) anacron run tasks and when finish all them, run exim4 for send info via mail. The actual profile don´t permit this behaviour and fail sending info for all task finished for mail configurated.	2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru	0d5655ba76	Noise reduction in exim4 profile ... exim4 profile access to /proc/sys/net/ipv6/conf/all/disable_ipv6 in read mode searching information over IPv6 connection in the host. In the actual profile this access is denied, this change fix this and reduce noise in log.	2024-05-07 15:55:09 +01:00
Jose Maldonado aka Yukiteru	2f3c4574ec	Fix access to thumbnail cache dirs in abstractions ... gsd-housekeepin in GNOME have access to @{user_cache_dirs} for searching thumbnail files and executing one task for cleaning these files every day. The actual abstractions/thumbnails-cache-write fail in granted this access, specially to various folders in the thumbnail cache (ex: fail folder). These changes fix this access. For convenience abstractions/thumbnails-cache-read, have the same access structure also for files/folders, but only read permissions.	2024-05-07 15:55:09 +01:00
Alexandre Pujol	18d1ee66a2	feat(profile): update zram generator.	2024-05-07 13:19:41 +01:00
Alexandre Pujol	7cb006d20c	feat(tunable): add torbrowser download dir.	2024-05-07 00:05:20 +01:00
Alexandre Pujol	03dd5fe4cd	feat(profile): improve xfce profiles stack.	2024-05-07 00:04:07 +01:00
Alexandre Pujol	c84b48b0b4	feat(profile): add torbrowser-updater.	2024-05-06 23:53:17 +01:00
Alexandre Pujol	eeb990a934	feat(profile): add some whonix specific profiles.	2024-05-06 23:52:38 +01:00
Alexandre Pujol	c5ed997b6d	feat(profile): improve whonix specific profiles.	2024-05-06 23:51:46 +01:00
Alexandre Pujol	301ffb6065	fix(profile): link rule format.	2024-05-06 20:53:29 +01:00
Alexandre Pujol	f567c0eff7	fix(profile): do not use aa:exec in flatpak-app to avoid conflicting x.	2024-05-06 20:49:30 +01:00
Alexandre Pujol	c2d786200f	feat(profile): cleanup xsession logs.	2024-05-06 20:47:08 +01:00
Alexandre Pujol	4b4e14b1d6	fix(profile): various fix & cleanup	2024-05-06 20:33:01 +01:00
Alexandre Pujol	e2c69f18fa	Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update ... * 'feat/update' of https://github.com/Jeroen0494/apparmor.d: Cleanup Remove temp Various updates all over Various profile updates	2024-05-06 20:08:13 +01:00
Alex	f75e5047df	Merge branch 'main' into feat/update	2024-05-06 19:56:11 +01:00
Alexandre Pujol	9f7d53c692	fix(tunable): definition of msedge_lib_dirs	2024-05-06 19:32:12 +01:00
Alexandre Pujol	f607fee8e1	feat(tunable): limit suse multiarch on opensuse.	2024-05-06 19:26:04 +01:00
Alexandre Pujol	88387956de	feat(tunable): add gvfs dir to MOUNTS.	2024-05-06 19:25:31 +01:00
Alexandre Pujol	9924da261f	feat(tunable): reorganise program & path defintions.	2024-05-06 19:25:07 +01:00
Alexandre Pujol	3b41ee93dc	feat(tunable): add the user defined private directories ... - Add @{XDG_PRIVATE_DIR} & @{user_private_dirs} - This directories are denied in file browser and search engine.	2024-05-06 19:21:04 +01:00
Jose Maldonado	8224ac2b3f	Fix access to OpenSC configuration (#326)	2024-05-06 18:16:39 +00:00
Alexandre Pujol	89f896a0fd	feat(profile): cleanup flatpak share access.	2024-05-05 18:17:52 +01:00
Alexandre Pujol	0ffd70319b	feat(tunable): add @{hex16}	2024-05-05 17:49:45 +01:00
Alexandre Pujol	d544c386f7	fix(profile): ensure PAM & systemd-homed compatibility. ... see #321	2024-05-05 17:42:32 +01:00
Fusion future	bfd9e9e3d6	plasmashell: add local wallpaper rules (#324) ... Allow plasmashell to access wallpapers in the cache folder and the user share folder.	2024-05-05 11:47:59 +00:00
Fusion future	06619cef0a	plasmashell: add flatpak mime folder (#325) ... It's read by the krunner plugin.	2024-05-05 11:47:40 +00:00
Alexandre Pujol	d69dcad46d	feat(profile): add epiphany. ... Fix #322	2024-05-04 13:19:03 +01:00
Alexandre Pujol	9dba91296a	fix: typo in abs name.	2024-05-04 00:24:41 +01:00
Alexandre Pujol	f38f1ad651	feat(profile): improve kde profiles.	2024-05-04 00:21:03 +01:00
Alexandre Pujol	683bfed4ad	feat(profile): modernise some profiles.	2024-05-04 00:14:07 +01:00
Alexandre Pujol	40abc98201	feat(profile): general update.	2024-05-03 18:16:12 +01:00
Alexandre Pujol	3a90d82a1e	feat: remove the deprecated ucf profile.	2024-05-02 22:27:00 +01:00
Alexandre Pujol	3f69b9fec4	feat(profile): use the new @{tmp} variable. ... It is only used with the owner statement.	2024-05-02 22:12:02 +01:00
Alexandre Pujol	0bbbe71422	feat(tunable): add the new @{tmp} variable ... Mostly used to handle libpam-tmpdir. See #318 #320	2024-05-02 21:42:33 +01:00
Alexandre Pujol	db87c56f37	feat(profile): general update.	2024-05-01 14:22:42 +01:00
Alexandre Pujol	4d9ea026c7	feat(abs): add the fish shell abstraction.	2024-05-01 13:49:51 +01:00
Alexandre Pujol	12c4ab122b	feat(profile): add gnome-firmware.	2024-05-01 12:32:31 +01:00
Alexandre Pujol	e1e96d90dc	feat(profile): add gnome-maps.	2024-05-01 12:30:14 +01:00
Alexandre Pujol	8c84d74fe6	feat(profile): add gnome-weather.	2024-05-01 12:29:48 +01:00
Alexandre Pujol	0787ef9906	feat(profile): add sync.	2024-05-01 12:26:09 +01:00
Alexandre Pujol	19c192685d	feat(profile): add uuidgen.	2024-05-01 12:25:42 +01:00
Alexandre Pujol	01dd9ebb0c	feat(profile): general update.	2024-05-01 12:25:01 +01:00
Alexandre Pujol	a1d6d318cc	feat(profile): tweak the new msedge profiles a bit.	2024-05-01 12:11:43 +01:00
Jose Maldonado aka Yukiteru	fd590e9199	Fix exec_path in profiles for Edge and copyright headers	2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru	0a941e7d87	Fix for access video devices and opensc in Chromium profile ... This commit fix two issues for abstractions/app/chromium 1.- Access to /dev/video (not merged in last commit) 2.- Access to /etc/opensc/opensc.conf in Debian (and derivates)	2024-05-01 11:40:32 +01:00
Jose Maldonado aka Yukiteru	d0ea5f50a3	New profile for Microsoft Edge and better support in abstractions/app/chromium ... This commit add new profile for Microsoft Edge browser and variants (beta,dev). The new profile is based in actual chrome profile. Tested with actual Edge, in Debian Stable and enforced rules. All ok using GPU Rasterization and Vulkan, not HWAccel for encoding video because this is very unstable yet in all Chromium based browsers. Add support for libpam-tmpdir for abstractions/app/chromium and all browser using this absctractions (Chrome, Chromium, Edge, and others). This fix access and use of browser with libpam-tmpdir installed (Debian and Whonix) Fix a denied access to RADV user cache (Vulkan-amdgpu) in abstractions/app/chromium (Vulkan is optional in Chromium-based browser, but the backend is perfectly usable now).	2024-05-01 11:40:32 +01:00
Alexandre Pujol	065f2233ac	feat(abs): ensure pam-tmpdir-helper is allowed in the auth abs for all distribution.	2024-04-29 11:58:55 +01:00
Jeroen Rijken	e8eadcc7ec	Cleanup ... Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-04-28 16:25:45 +02:00
Jeroen Rijken	c40bdcece7	Remove temp ... Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-04-28 16:19:01 +02:00
Jeroen Rijken	8b3613fa48	Various updates all over ... Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-04-28 16:08:03 +02:00
Jeroen Rijken	821e753572	Various profile updates ... Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-04-28 15:57:27 +02:00
Alexandre Pujol	2aa8986a21	feat(profile): update gvfsd-recent.	2024-04-28 13:57:27 +01:00
Alexandre Pujol	454daa9602	feat(profile): restrict torbrowser.	2024-04-28 13:53:25 +01:00
Alexandre Pujol	a63201486b	feat(profile): update flatpak profiles stack.	2024-04-28 13:51:57 +01:00
Alexandre Pujol	65d0cfafe4	feat(profile): general update.	2024-04-28 13:50:48 +01:00
Jose Maldonado	b4e5837bb9	Fix access to /tmp using libpam-tmpdir in Debian (#318) ... In Debian with the use of libpam-tmpdir, the paths for $TMP and $TMPDIR for PAM sessions are affected by much stronger rules and permissions, providing additional security to the environment. Those rules for the directory /tmp/user/@{uid}/<affected_program> In the case of qBitorrent this applies to the following directory: /tmp/user/@{uid}/.qBitorrent This PR fixes the bug and allows qBittorrent to work correctly under these conditions. Note: This PR would also have positive effects on Whonix, which uses libpam-tmpdir according to this link (https://forums.whonix.org/t/make-symlink-attacks-and-other-tmp-based-attacks-harder-or-impossible-using-libpam-tmpdir/8488)	2024-04-28 10:27:39 +00:00
Jose Maldonado aka Yukiteru	2f3d55e924	Fix out-of-scope in abstractions/video and bad use abstraction in chromium	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	d88e88767e	Fix minitube profile for support Qt5CT and Qt6CT	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	df52a5aa50	Fix support for Qt5CT and Qt6CT in profiles-s-z ... This fix the next apps/binaries *smplayer *smtube *strawberry *thunderbird *transmission-qt *usbguard-applet-qt *vidcutter *vlc *wpa-gui	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	7ed52e44cd	Fix support for Qt5CT and Qt6CT in profiles-m-r ... This fix the next apps/binaries *megasync *merkaator *mkvtoolnix-gui *pinentry-qt *psi *psi-plus *qnapi *qpdfview *qtox *quiterss *rpi-imager	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	917a754206	Fix suppport for Qt5CT and Qt6CT in profiles-g-l ... This fix support for this profiles *kanyremote *keepassxc *linssid	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	5c35b1d69c	Fix profiles for support Qt5CT and Qt6CT ... This fix the next profiles *Birdtray *Convertall *Fritzing	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	72784f4cbc	Fix support for Qt5CT and Qt6CT in kde groups profiles ... This fix support in this apps/binaries *kio_http *kiod *kscreenlocker *kwalletd *kwalletmanager *kwin_wayland *sddm-greeter	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	7ba5adc6f2	Fix qt5ct and qt6ct support in freedesktop group profiles	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	35f947aaa9	Fix Calibre group profile ... Forgotten qt5ct line in Calibre group profile.	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	d26b86c5d7	Fix support for Qt5 and Qt5 in apps groups ... This changes fix access to qt5ct and qt6ct for: *Calibre *Flameshot *Telegram	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	004572349d	Fix support for Qt5 and Qt6 in Akonadi group	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	5d1fae1121	Better support for video devices (ex: webcam) ... Actually, Wirepumbler profile fail to access to /dev/video devices this update fix this problem.	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	3291fa7f8f	Better support for Qt in abstractions/chromium	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	4355f707db	Add support for qt5ct and qt6ct	2024-04-27 23:51:48 +01:00
Jose Maldonado aka Yukiteru	4874bd8c7e	Fix path in abstractions/qt5	2024-04-26 00:16:25 +01:00
Jose Maldonado aka Yukiteru	0adb00212a	Changes for use @{user_config_dirs} for abstractions/qt5.d integration	2024-04-26 00:16:25 +01:00
Jose Maldonado aka Yukiteru	c733d6b9c2	Modifications for qbittorrent profile and qt5.d abstractions ... This modifications allow read system and user qt5ct configs for better integrations with other DEs (not-KDE).	2024-04-26 00:16:25 +01:00
Alexandre Pujol	e4c3f1f076	fix: flatpak-app was too strict for some app. ... See #314	2024-04-25 13:26:11 +01:00