Alexandre Pujol
9650df00e3
feat(aa-log): add -r option to convert the log into rules.
2023-08-17 23:14:11 +01:00
Alexandre Pujol
d06a474b0c
feat(aa-log): parse log file to AA object to allow easy print.
2023-08-17 23:12:46 +01:00
Alexandre Pujol
574891d445
feat(aa-log): add AppArmorProfile.String using a template.
2023-08-17 23:11:11 +01:00
Alexandre Pujol
4f40cb6d78
feat(aa-log): add a new constructors for aa rules.
2023-08-17 23:05:07 +01:00
Alexandre Pujol
a8470dfa38
feat(aa-log): add a new apparmor profile struct
...
Also rewrite variables resolution to this new struct.
2023-08-17 23:00:52 +01:00
Alexandre Pujol
b2d093e125
feat(abs): restric abstraction by using new @{int} and @{rand} variables.
2023-08-17 21:24:02 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables
...
* 'tunables' of https://github.com/nobody43/apparmor.d :
dbus temp tails
Update apparmor.d
Update gdm-runtime-config
more unrelated changes
adjust date-time
random tails
rename to int, convert more profiles
fixes
tunables
2023-08-17 20:01:53 +01:00
curiosityseeker
7b018a60bd
Update pacman ( #193 )
...
* Update pacman
`@{exec_path} mr,` is causing the following errors:
```
ALLOWED pacman exec owner /usr/bin/pacman -> pacman//null-/usr/bin/pacman comm=bash requested_mask=x denied_mask=x
ALLOWED pacman//null-/usr/bin/pacman file_inherit owner /dev/pts/4 comm=pacman requested_mask=wr denied_mask=wr
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/bin/pacman comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/lib/ld-linux-x86-64.so.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r
etc.
```
`@{exec_path} mrix,` fixes it.
Commits for new profiles for `checkrebuild` and `pkgfile` will follow.
* Fix pacman update
* Update apparmor.d/groups/pacman/pacman
Co-authored-by: Alex <roddhjav@users.noreply.github.com>
---------
Co-authored-by: Alex <roddhjav@users.noreply.github.com>
2023-08-17 18:49:56 +00:00
curiosityseeker
c2c745888c
Update complete
...
Move entries from child-open to this abstraction.
2023-08-17 19:43:29 +01:00
curiosityseeker
2299eb00f6
Partially revert change in child-open
2023-08-17 19:43:29 +01:00
curiosityseeker
f2511210af
Update complete
...
Adding `kde-open`
2023-08-17 19:43:29 +01:00
curiosityseeker
c409fe84d2
Create complete
...
`child-open` includes the `xdg-open` abstraction which in turn includes the `kde-open5` abstraction which contains `/usr/bin/kde-open5 rix,` but NOT `/usr/bin/kde-open rix,`causing an error.
2023-08-17 19:43:29 +01:00
curiosityseeker
9da2809695
Update child-open
...
Adding gwenview and libreoffice
2023-08-17 19:43:29 +01:00
curiosityseeker
6fc8cd3e60
Brave: adjust @{exec_path} ( #161 )
...
The path in Ubuntu is:
/opt/brave.com/brave/brave
The path in Arch is:
/opt/brave-bin/brave
That's why Brave was not confined on Arch.
2023-08-17 18:41:13 +00:00
ShellCode
cc8210a1bd
Fix xdg user dirs ( #186 )
...
* Rename XDG_*_HOME to XDG_*_DIR for consistent naming
* tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override
2023-08-17 18:28:10 +00:00
Alexandre Pujol
e821470d0d
fix: go test.
2023-08-17 19:15:21 +01:00
Alexandre Pujol
e0f79b9c9a
feat(aa-log): resolve all main apparmor vars in log.
...
This also deprecate the anonymize option
2023-08-17 19:12:02 +01:00
Alexandre Pujol
5ee31716ae
feat(profile): split evince profiles in multiple files.
2023-08-17 18:47:53 +01:00
Alexandre Pujol
f3ab8d2c71
refractor: rename some vscode related profile
2023-08-17 18:47:01 +01:00
Alexandre Pujol
555b53192c
fix: ensure some required flags are set.
2023-08-17 18:45:41 +01:00
Alexandre Pujol
3f8d559dcc
feat(profiles): add some thunderbird related profiles.
2023-08-17 18:45:10 +01:00
Alexandre Pujol
5d47dfba95
feat(profiles): general update.
2023-08-17 18:43:56 +01:00
Alexandre Pujol
f7b9ff959a
feat(profiles): rewrite the signal-desktop profile.
2023-08-17 18:37:36 +01:00
Alexandre Pujol
5911c43930
Merge branch 'main' of github.com:roddhjav/apparmor.d
...
* 'main' of github.com:roddhjav/apparmor.d:
fix: signal-desktop (#195 )
2023-08-17 18:35:50 +01:00
Cyril Levis
b49bd32564
fix: signal-desktop ( #195 )
...
issue: https://github.com/roddhjav/apparmor.d/issues/194
2023-08-14 15:55:02 +00:00
Alexandre Pujol
1db6f5f67c
feat(profiles): improve ibus entry point.
2023-08-13 21:19:16 +01:00
Alexandre Pujol
09943156bc
feat(profiles): add multipath profiles
...
See #134
Signed-off-by: @cboltz
2023-08-13 20:06:08 +01:00
Alexandre Pujol
a2c35b07a5
fix: libvirtd profile.
2023-08-06 16:45:39 +02:00
Alexandre Pujol
03cf850666
feat(profile): support for diverse wayland compositors.
...
See #165
2023-08-06 16:31:49 +02:00
Alexandre Pujol
1cac6715db
feat(profiles): general update.
2023-08-06 16:30:38 +02:00
Alexandre Pujol
cdc10fdb31
feat(profiles): general update.
...
See #134
2023-08-06 16:06:17 +02:00
Alexandre Pujol
5938079dfd
fix: missing "startplasma-wayland" profile, but "sddm" tries to transition to it.
...
#188
2023-08-06 10:22:05 +02:00
curiosityseeker
4894d6a3c4
Adding /dev/tty[0-9]* and /dev/pts/[0-9]* to various profiles; update kded5 and reflector ( #183 )
...
* Update update-mime-database
* Update btrfs
* Update update-grub
* Update pacman-hook-depmod
* Update pacman
* Update systemd-sysusers
* Update lscpu
* Update pacman-hook-systemd
* Update pacman-hook-perl
* Update pacman-hook-gtk
* Update needrestart-iucode-scan-versions
* Update reflector
* Update kded5
2023-07-27 11:23:04 +00:00
ShellCode
0f9b7cb474
Fix #184 ( #185 )
...
* Replace @{HOME}/.config with @{user_config_dirs}
* Replace @{HOME}/.cache with @{user_cache_dirs}
* Replace @{HOME}/.local/state with @{user_state_dirs}
* Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d
* Update docs/variables.md
* Replace @{HOME}/.local/share with @{user_share_dirs}
* Replace @{HOME}/.local/lib with @{user_lib_dirs}
* Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d"
This reverts commit 9525003098
.
2023-07-27 11:20:19 +00:00
Alexandre Pujol
fe0238250a
fix: ubuntu build.
2023-07-25 23:06:14 +01:00
Alexandre Pujol
c36801700c
chore: fix go linter.
2023-07-25 22:07:38 +01:00
Alexandre Pujol
f2e755b77b
build: allow a larger set of distribution.
...
See #180
2023-07-25 22:02:18 +01:00
Alexandre Pujol
6ea2df19eb
build: simplify profile struct.
2023-07-25 22:01:07 +01:00
curiosityseeker
714971911a
Update needrestart ( #181 )
2023-07-24 10:31:03 +00:00
Alexandre Pujol
c6a048c9ca
build: add FlagDir variable in prebuild code.
2023-07-23 20:36:48 +01:00
Alexandre Pujol
6325314825
feat(aa-log): minor structure improvments.
2023-07-23 17:00:52 +01:00
Alexandre Pujol
85e7832f0b
feat: do not set autostart or read access to log by default
...
These settings are legitimate however:
- Start aa-notify only applies to desktop, and it is already enabled by default in some distribution.
- Allow the user to read the apparmor log is out of the scope of this project.
2023-07-23 16:37:09 +01:00
Alexandre Pujol
015db89b4d
fix: do not install code-wrapper profile yet.
2023-07-23 16:22:42 +01:00
Alexandre Pujol
98c701f33d
feat(aa-log): show target in log, show access as owner too.
2023-07-20 23:45:14 +01:00
Alexandre Pujol
2307c536b3
feat: add XDG_MAIL_DIR variable
2023-07-20 21:19:23 +01:00
Alexandre Pujol
e5ed57c041
fix: ensure flags for plasmashell.
2023-07-20 21:17:47 +01:00
Alexandre Pujol
9b4be2d2c4
feat(profiles): rewrite the thunderbird profile.
...
Only thunderbird version 115+ is supported.
2023-07-20 21:12:37 +01:00
Alexandre Pujol
a79f03f038
feat(kde): improve support for kde.
2023-07-20 21:10:19 +01:00
Alexandre Pujol
1424fb5493
feat(profiles): add iio-sensor-proxy
2023-07-20 21:09:18 +01:00
Alexandre Pujol
af1eda51bd
feat(profiles): general update.
2023-07-20 21:07:27 +01:00