mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 23:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1358 commits 6 branches 0 tags 16 MiB
Commit graph

1043 commits

Author SHA1 Message Date
Alexandre Pujol
c453484eab
fix(profiles): docker pull need full access of the container. 2022-12-10 15:18:00 +00:00
Alexandre Pujol
ee83e1c33c
feat(profiles): general update. 2022-12-09 19:14:56 +00:00
Alexandre Pujol
19d005bf59
feat(profiles): add the @{XDG_WORK_DIR} variable. 2022-12-09 19:13:06 +00:00
Alexandre Pujol
2246e8ae63
feat(profiles): merge the two packagekitd profiles in one. 2022-12-09 19:12:19 +00:00
Alexandre Pujol
90dc848766
feat(profiles): mkinitcpio support for systemd hooks. 2022-12-09 18:55:42 +00:00
Alexandre Pujol
372766f757
Merge branch 'master' of github.com:roddhjav/apparmor.d 
* 'master' of github.com:roddhjav/apparmor.d:
  wireshark
 2022-12-09 18:54:11 +00:00
Alexandre Pujol
ac25454f02
feat(profiles): improve x11 integraion. 2022-12-09 18:53:18 +00:00
Alexandre Pujol
dd232695d3
feat(profiles): refractor all chromium based browsers. 
All chromium based browser now use the new chromium abstraction.
 2022-12-09 18:50:57 +00:00
Alexandre Pujol
7f231caf1b
feat(profiles): update some dbus rules. 2022-12-07 20:42:36 +00:00
Alexandre Pujol
bec892b179
fix: disk-write need access to /dev/mapper/ too. 2022-12-07 20:41:07 +00:00
Alexandre Pujol
53e04cc10e
feat(profiles): update chrome profiles. 2022-12-07 20:40:34 +00:00
nobody43
038e2882b5 wireshark 2022-11-30 20:45:13 +00:00
Alexandre Pujol
f8b6dfae5c
fix: ensure sys/device/cpu/possible is in the base abs for all dist. 2022-11-29 20:24:38 +00:00
Alexandre Pujol
1e5d90afe8
feat(profiles): general update. 2022-11-29 12:02:38 +00:00
Alexandre Pujol
d52a7bd52a
fix(profiles): fix wayland cursor path. 2022-11-29 11:57:23 +00:00
Alexandre Pujol
f5cb901eef
feat(profiles): new wayland cursor file. 2022-11-28 18:08:01 +00:00
Alexandre Pujol
9a46df81b9
feat(profiles): remove rules promoted into the base abstraction. 2022-11-28 18:05:29 +00:00
Alexandre Pujol
1fa427ca81
feat(profiles): general update. 2022-11-20 11:42:08 +00:00
Alexandre Pujol
0837c158cb
feat(profiles): general update. 2022-11-13 18:27:47 +00:00
Alexandre Pujol
26f838b73f
feat(profiles): general update. 2022-11-11 22:18:55 +00:00
Alexandre Pujol
fd88162c55
feat(profiles): disks access - add NBD devices. 2022-11-11 21:41:04 +00:00
Alexandre Pujol
dd13de385e
feat(profiles): general update. 2022-11-05 17:25:27 +00:00
Alexandre Pujol
18a8b42cbf
feat(profiles): add initial version of iwctl. 2022-11-05 17:13:39 +00:00
Alexandre Pujol
157e2a5df6
feat(profiles): grub update. 2022-11-03 21:42:16 +00:00
Alexandre Pujol
a90cdbe879
feat(profiles): general update. 2022-11-03 21:40:01 +00:00
Alexandre Pujol
fabddee9d6
feat(profiles): add os-prober. 2022-10-23 11:27:50 +01:00
Alexandre Pujol
d6cd1af9c8
feat(profiles): add initial version of nmcli. 2022-10-23 11:26:42 +01:00
Alexandre Pujol
0168f8b13b
feat(profiles): add gnome-software. 2022-10-23 11:25:23 +01:00
nobody43
f94faf697e
Read-only root compatibility (#86) 
* Read-only root compatibility

* remove complain

Co-authored-by: nobodysu <nobodysu@users.noreply.github.com>
 2022-10-18 18:23:52 +00:00
Alexandre Pujol
5fdbc2d00e
fix(profiles): minor bug fixes. 2022-10-18 19:20:12 +01:00
nobody43
81fd594be2
Update apparmor.d/profiles-g-l/htop 
Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2022-10-17 15:09:52 +00:00
nobodysu
8d61d3256a more profiles 2022-10-17 17:07:26 +03:00
nobodysu
349689cba4 polishing2 2022-10-16 17:46:39 +03:00
nobodysu
41659f073c polishing 2022-10-16 17:45:00 +03:00
nobodysu
c6ca84ded4 remove spaces 2022-10-16 17:20:49 +03:00
nobodysu
f637c70f99 remove complain 2022-10-16 17:17:53 +03:00
nobodysu
ac7c42eefd New user login 2022-10-16 17:12:23 +03:00
Alexandre Pujol
c15f2fbb7b
feat(profiles): ensure ibus-daemon integration with Ubuntu. 2022-10-16 12:15:12 +01:00
Alexandre Pujol
e7fbf5fbef
feat(profiles): better ubuntu integration. 2022-10-15 18:03:23 +01:00
Alexandre Pujol
2aa4618dda
feat(profiles): gnome-session-binary ensure compatibility across distribution. 2022-10-15 17:32:01 +01:00
nobodysu
643a84997e
Unbreak Debian 11 and partially Ubuntu 22.04 (Wayland+GDM+Gnome) (#81) 
* Unbreaking Debian 11 and partially Ubuntu 22.04

* pre-cleanup

* pre-cleanup2

* Update im-launch

* Update gnome-extension-ding

* polishing

* not yet

* Update ubuntu.flags

Allow GDM to boot. `No new privs` fix.

* Update debian.flags

Allow GDM to boot. `No new privs` fix.

* Update CONTRIBUTING.md

* fixes

* reverting w

* move setpriv to main.flags
 2022-10-14 21:21:56 +00:00
Alexandre Pujol
bdcaa040fe
feat(profiles): add packagekitd. 2022-10-14 22:18:49 +01:00
Alexandre Pujol
b1950cbe91
feat(profiles): general update. 2022-10-14 22:17:27 +01:00
Alexandre Pujol
3c841e6d6a
fix(profiles): ensure all firefox start is cached. 2022-10-14 22:13:23 +01:00
Alexandre Pujol
513abeb59d
refactor: move child profiles into children group. 2022-10-14 22:12:46 +01:00
Alexandre Pujol
eddf6bfc4f
feat(profiles): general update. 2022-10-08 13:13:44 +01:00
Alexandre Pujol
e226f4eb03
feat(profiles): add iwd. 2022-10-06 21:13:05 +01:00
Alexandre Pujol
736e44a483
feat(profiles): general update. 2022-10-06 20:53:54 +01:00
Alexandre Pujol
ddedb39f3d
refactor: move profile in correct group. 2022-10-06 20:51:30 +01:00
Alexandre Pujol
e4e54a26ef
feat(profiles): restrict path access in pacman. 2022-10-06 20:50:41 +01:00
Alexandre Pujol
ece6524886
fix(profile): fix gio-launch-desktop attachments. 2022-10-06 20:48:08 +01:00
Alexandre Pujol
418107f11e
feat(profiles): allow gvfs-metadata on some profile that really need it. 2022-10-06 20:47:22 +01:00
Alexandre Pujol
1c97feb5c2
feat(profiles): add modprobed-db. 2022-10-06 20:45:31 +01:00
Alexandre Pujol
c2952b1ec5
feat(profiles): more flexibility in password-store dir name. 2022-10-06 20:43:39 +01:00
Alexandre Pujol
ac47e292ac
feat(profiles): general update. 2022-10-04 21:11:13 +01:00
Alexandre Pujol
d0a8030af8
fix(profile): add deny-sensitive-home abstraction. 2022-10-01 19:18:54 +01:00
Alexandre Pujol
8a55eb8330
fix(profile): fontconfig-cache-write needs /var/cache/fontconfig/ access. 2022-10-01 19:11:19 +01:00
Alexandre Pujol
f45c07dfa1
feat(profiles): child-open integration 2/2 2022-10-01 19:10:00 +01:00
Alexandre Pujol
b29f9675eb
feat(profiles): browser - add child-open integration & cleanup. 2022-10-01 19:08:15 +01:00
Alexandre Pujol
7d3c52036b
feat(profiles): add child-open. 2022-10-01 19:05:44 +01:00
Alexandre Pujol
e7d73243af
refactor: move child-systemctl the children group. 2022-10-01 19:04:35 +01:00
Alexandre Pujol
39740f9369
feat(profiles): add systemd-dissect. 2022-10-01 18:56:02 +01:00
Alexandre Pujol
1a73271a1a
feat(profiles): add localectl. 2022-10-01 18:53:11 +01:00
Alexandre Pujol
65bf8278bc
feat(profiles): add gnome-browser-connector-host. 2022-10-01 18:47:49 +01:00
Alexandre Pujol
7c3fcf260c
feat(profiles): add systemd-id128. 2022-10-01 18:46:32 +01:00
Alexandre Pujol
4681a495b3
feat(profiles): general update. 2022-10-01 18:45:08 +01:00
Alexandre Pujol
5580a34184
refactor: move chrome-gnome-shell to the gnome group. 2022-10-01 18:38:29 +01:00
Alexandre Pujol
768e50c6ab
fix: remove not modified lxc rules. 
Fix #79
 2022-09-28 11:54:29 +01:00
Alexandre Pujol
9f2b68dd5d
feat(profiles): add ubuntu-advantage-desktop-daemon. 2022-09-26 14:59:54 +01:00
Alexandre Pujol
205c2d7184
feat(profiles): new children group. 
This group is reserved for profile  without an attachment path because
it is ended to be used only via "Px -> <profile-name>".
 2022-09-26 14:59:18 +01:00
Alexandre Pujol
42f305b244
feat(profiles): add XDG_GAMES_DIR and user_games_dirs variables. 2022-09-24 18:23:11 +01:00
Alexandre Pujol
060ea3acc9
feat(profiles): add archlinux-keyring-wkd-sync. 2022-09-24 18:21:56 +01:00
Alexandre Pujol
8ff571549a
feat(profiles): add gnome-extension-manager. 2022-09-24 18:09:05 +01:00
Alexandre Pujol
a02e67d980
feat(profiles): askpass -> code-askpass. 2022-09-24 18:08:00 +01:00
Alexandre Pujol
f2989321eb
feat(profiles): general update. 2022-09-24 18:06:06 +01:00
Alexandre Pujol
ae6cecde52
feat(profiles): deny gvfs-metadata when possible. 2022-09-24 17:59:20 +01:00
beroal
fcee586e9e
viewing DjVu and PostScript files (#78) 2022-09-24 11:13:21 +00:00
Alexandre Pujol
a432d656c8
feat(profiles): add sbctl. 2022-09-18 11:21:33 +01:00
Alexandre Pujol
4920922394
feat(profiles): add busctl. 2022-09-13 18:39:41 +01:00
Alexandre Pujol
3c7dda5060
feat(profiles): allow most dbus access to gnome. 2022-09-13 18:17:11 +01:00
Alexandre Pujol
58e060c470
Merge branch 'master' of github.com:roddhjav/apparmor.d 
* 'master' of github.com:roddhjav/apparmor.d:
  bulk cross-OS awk (#75)
 2022-09-11 20:48:03 +01:00
Alexandre Pujol
80a8be6d9e
feat(profiles): move some flags definition in main.flags 2022-09-11 20:47:49 +01:00
Alexandre Pujol
8ff5ed7a69
feat(profiles): general update. 2022-09-11 20:45:14 +01:00
nobodysu
78a180b2f6
bulk cross-OS awk (#75) 2022-09-11 19:40:34 +00:00
nobodysu
8fb8e7ced3 lost abi 2022-09-06 22:03:19 +01:00
nobodysu
912a6c48e5 cleanup2 2022-09-06 22:03:19 +01:00
nobodysu
7720802dac cleanup 2022-09-06 22:03:19 +01:00
nobodysu
cd646ea899 broader gdm 2022-09-06 22:03:19 +01:00
nobodysu
71a7c25a6d Delete lightdm-guest-session 2022-09-06 22:02:21 +01:00
nobodysu
fe59b4d3f8 Delete lightdm_chromium-browser 2022-09-06 22:02:21 +01:00
nobodysu
f02ec5d273 Delete lightdm 2022-09-06 22:02:21 +01:00
Jeroen
9818daba5f
LVM and general update (#68) 
* Small fixes

* General update

* Add LVM

* Various small fixes

* Add profile

* Typo

* sbin to regex

* Date and time to extends

* Read cmdline

* Remove grep duplicate

* Small fixes

* Typo

* Permissions for warning scripts

* Add net_admin for multipath
 2022-09-06 21:01:17 +00:00
nobodysu
1649b427f8
Ubuntu 22.04, third batch (#65) 
* initial

* ready

* cleanup

* cleanup2

* Update dbus-gtk
 2022-09-06 17:00:18 +00:00
Alexandre Pujol
70aea89ad4
Revert "fix: the trash abstraction has been upstreamed." 
This reverts commit 688a62e9bc.

Fix #71
 2022-09-06 17:52:08 +01:00
Alexandre Pujol
746a36bfb4
feat(profiles): add our virt-aa-helper. 2022-09-03 16:10:17 +01:00
Alexandre Pujol
769627fc25
feat(profiles): remove libvirt abstractions. 2022-09-03 16:06:31 +01:00
Alexandre Pujol
892d44cca2
feat(profiles): remove unused abstractions. 2022-09-03 16:05:37 +01:00
Alexandre Pujol
688a62e9bc
fix: the trash abstraction has been upstreamed. 2022-09-03 16:04:53 +01:00
Alexandre Pujol
3b56d3ff0f
feat(profiles): use the new hex variable. 2022-09-03 14:43:34 +01:00
Alexandre Pujol
5d0c521e44
feat(profiles): move aurpublish profile. 2022-09-03 14:29:07 +01:00
Alexandre Pujol
14fd88aa2f
feat(profiles): add profiles for cups. 2022-08-31 22:10:41 +01:00
Alexandre Pujol
30f0b69a67
feat(profiles): add losetup profile. 2022-08-31 21:58:55 +01:00
Alexandre Pujol
0f61c4649c
feat(profiles): general update. 2022-08-31 21:54:33 +01:00
Alexandre Pujol
0238adaaf1
Merge branch 'ubuntu2204__2' of https://github.com/nobodysu/apparmor.d into nobodysu-ubuntu2204__2 
* 'ubuntu2204__2' of https://github.com/nobodysu/apparmor.d:
  Update pkexec
  Update polkitd
  update
  polishing
  polishing
  Ubuntu 22.04, second batch
 2022-08-22 22:10:46 +01:00
nobodysu
bea1aab15a
Update pkexec 2022-08-21 21:24:20 +00:00
nobodysu
43a366cca3
Update polkitd 2022-08-21 21:23:05 +00:00
Alexandre Pujol
9d4956df0d
feat(profiles): general update. 2022-08-21 20:16:29 +01:00
Alexandre Pujol
e1e7d611ed
fix(profiles): ensure pinentry can start. See #66. 2022-08-20 13:45:42 +01:00
Alexandre Pujol
79860f207d
feat(profiles): initial support for dockerd. 2022-08-19 21:26:17 +01:00
Alexandre Pujol
e6c91fdfd7
feat(profiles): general update. 2022-08-19 21:10:10 +01:00
Jeroen Rijken
af603fbc62 Revert "tty and pts are part of abstractions/consoles" 
This reverts commit 51a33f3f5e.
 2022-08-19 19:25:22 +01:00
Jeroen Rijken
35087ea4bb Add missing brackets 2022-08-19 19:25:22 +01:00
Jeroen Rijken
d538d2a718 Add write to block 2022-08-19 19:25:22 +01:00
Jeroen Rijken
be2a66afff read all block devices 2022-08-19 19:25:22 +01:00
Jeroen Rijken
c680dfe7db sort rules 2022-08-19 19:25:22 +01:00
Jeroen Rijken
e64011c4de zed temp file 2022-08-19 19:25:22 +01:00
Jeroen Rijken
3c634e8967 Create sanoid under run 2022-08-19 19:25:22 +01:00
Jeroen Rijken
f5634b2803 Move update-grub to grub 2022-08-19 19:25:22 +01:00
Jeroen Rijken
5c6bf4c91b Remove duplicate consoles 2022-08-19 19:25:22 +01:00
Jeroen Rijken
75a66e573e Use openssl abstraction 2022-08-19 19:25:22 +01:00
Jeroen Rijken
af0c622b35 Replace rm with mr. 2022-08-19 19:25:22 +01:00
Jeroen
e62465b72f Use multiarch for lib 
Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2022-08-19 19:25:22 +01:00
Jeroen Rijken
20f7e01ccc Brackets 2022-08-19 19:25:22 +01:00
Jeroen Rijken
7621dc9974 Fix typo's 2022-08-19 19:25:22 +01:00
Jeroen Rijken
689f48b217 motd fixes 2022-08-19 19:25:22 +01:00
Jeroen Rijken
cf63b97c9b Add avahi 2022-08-19 19:25:22 +01:00
Jeroen Rijken
099a97cb36 General update 2022-08-19 19:25:22 +01:00
Jeroen Rijken
575d781c88 Various ZFS fixes 2022-08-19 19:25:22 +01:00
Jeroen Rijken
005dec1a53 tty and pts are part of abstractions/consoles 2022-08-19 19:25:22 +01:00
Jeroen Rijken
7ee9644325 Add profiles for whoami, whereis, which, findmnt, users, sanoid and syncoid. 2022-08-19 19:25:22 +01:00
Jeroen Rijken
6af5c76fb8 Add and update CNI profiles 2022-08-19 19:25:22 +01:00
Jeroen Rijken
b1112e35a7 Add templates for all grub commands 2022-08-19 19:25:22 +01:00
Jeroen Rijken
169a730d3f Add profiles for grub-mkconfig, grub-mkrelpath, grub-probe, grub-script-check and update-grub. 2022-08-19 19:25:22 +01:00
Alexandre Pujol
c0356e92e5
feat(aa-log): add support dbus session log using journactl. 2022-08-19 19:05:46 +01:00
nobodysu
e65a78972b
Merge branch 'master' into ubuntu2204__2 2022-08-18 15:36:21 +00:00
nobodysu
355d958e26 update 2022-08-18 18:22:56 +03:00
Alexandre Pujol
a2fa2421cb
feat(profiles): add the @{hex} variables. 2022-08-13 20:44:59 +01:00
Alexandre Pujol
66b529497d
feat(profiles): initial support for steam & steam games. 2022-08-13 20:36:52 +01:00
Alexandre Pujol
3e331bd656
fix(profiles): @{PROC}/@{uid} -> @{PROC}/@{pid} 2022-08-13 20:33:58 +01:00
Alexandre Pujol
c148aa978c
feat(profiles): general update. 2022-08-13 20:31:57 +01:00
Jeroen Rijken
e02b12aa6d Add libexec for apt 2022-08-13 15:21:35 +01:00
Jeroen Rijken
cd93d98bf4 Add support for adding snapshots to grub. 2022-08-13 15:21:35 +01:00
Jeroen Rijken
30cbac1181 Fix typo 2022-08-13 15:21:35 +01:00
Jeroen Rijken
5646c90d4c Fix zsysd profile name 2022-08-13 15:21:35 +01:00
Jeroen Rijken
b6b510aa36 Remove entries duplicate with base abstractions. 2022-08-13 15:21:35 +01:00
Jeroen Rijken
ddf5f1f512 Use nameservice-strict, fix exec 2022-08-13 15:21:35 +01:00
Jeroen Rijken
e2e14510ff Small fixes 2022-08-13 15:21:35 +01:00
Jeroen Rijken
2affbf6734 Cosmetic fixes 2022-08-13 15:21:35 +01:00
Jeroen Rijken
03881d5614 Add capability, dbus and some proc 2022-08-13 15:21:35 +01:00
Jeroen Rijken
a9fd0706d1 Move complain flag 2022-08-13 15:21:35 +01:00
Jeroen Rijken
d083e927a4 Initial support for zsys 2022-08-13 15:21:35 +01:00
nobodysu
33ff1abc35
Update thunderbird 2022-08-12 14:41:58 +00:00
nobodysu
db8e881c06
Merge branch 'master' into thunderbird2 2022-08-12 14:35:53 +00:00
nobodysu
00a1e70720 polishing 2022-08-12 17:23:13 +03:00
nobodysu
f2394963d0 cleanup 2022-08-08 02:39:35 +03:00
nobodysu
2c2f6e5557 rearrangement 2022-08-02 19:31:00 +03:00
nobodysu
af49797425 cleanup 2022-08-02 01:59:54 +03:00
nobodysu
c96b6d8ee7 dbus-gtk 2022-08-02 01:47:47 +03:00
Alexandre Pujol
2878fa6a2e
feat(profiles): general update. 2022-07-29 16:47:09 +01:00
Jeroen Rijken
58cfe9ad37 Small fixes 2022-07-29 16:41:19 +01:00
Jeroen Rijken
616753aea0 Consolidate rules 2022-07-29 16:41:19 +01:00
Jeroen Rijken
fcea04c69b Remove complain flags 2022-07-29 16:41:19 +01:00
Jeroen Rijken
e724d835ed Add ps to ptrace 2022-07-29 16:41:19 +01:00
Jeroen Rijken
e4d118365a Add Kubernetes pause container 2022-07-29 16:41:19 +01:00
Jeroen Rijken
e6525e1f04 Add missing volumes 2022-07-29 16:41:19 +01:00
Jeroen Rijken
07f1db2725 Fix some typo's 2022-07-29 16:41:19 +01:00
Jeroen Rijken
465a31c638 General updates 2022-07-29 16:41:19 +01:00
Jeroen Rijken
33da7af6e8 container updates 2022-07-29 16:41:19 +01:00
Jeroen Rijken
3af11c4d16 ZFS updates 2022-07-29 16:41:19 +01:00
Alexandre Pujol
7aca29b244
feat(profiles): initial snap support. 2022-07-21 22:40:06 +01:00
Alexandre Pujol
177d27d94c
feat(profiles): general update. 2022-07-21 22:37:17 +01:00
Alexandre Pujol
58b96a7ba9
feat(profiles): add aptd profile. 2022-07-21 22:31:59 +01:00
Alexandre Pujol
595a27560f
feat(profiles): add mullvad profiles. 2022-07-21 20:17:03 +01:00
Alexandre Pujol
48c023d4bd
feat(profiles): containerd support for docker & cosmetic. 2022-07-21 20:15:02 +01:00
Jeroen Rijken
55bd85796c packagekitd dbus updates 2022-07-21 20:05:56 +01:00
Jeroen Rijken
137433ce6e dbus to NetworkManager 2022-07-21 20:05:56 +01:00
Jeroen Rijken
eb87e035b8 Initial containerd-shim-runc support 2022-07-21 20:05:56 +01:00
Jeroen Rijken
266d5c6dc0 Add IPV6 2022-07-21 19:46:45 +01:00
Jeroen Rijken
b404d7e4c4 Move xtables-nft to separate profile 2022-07-21 19:46:45 +01:00
Jeroen Rijken
130c562488 Allow containerd signal from k3s 2022-07-21 19:46:45 +01:00
Jeroen Rijken
61eab33cd8 Add ptrace subprofile 2022-07-21 19:46:45 +01:00
Jeroen Rijken
d6d9c943ae Add missing permission 2022-07-21 19:46:45 +01:00
Jeroen Rijken
dca33292f7 Update ruleset for clean installation. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
a1f4dbee50 First batch of cleanups based on PR comments. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
c03c624472 Allow signals from containerd to calico 2022-07-21 19:46:45 +01:00
Jeroen Rijken
8f81a39df1 Support read AppArmor profiles 2022-07-21 19:46:45 +01:00
Jeroen Rijken
560250cf5f Fix mode 2022-07-21 19:46:45 +01:00
Jeroen Rijken
2deb2a48a6 Fix name range. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
a3415dc42c Typo and calico proc. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
c84455cca4 Fixes for container network creation. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
3e006e3c76 Fix for calico unable to create network namespace. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
5565217c91 Move xtables profile to child profile of k3s. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
78cfb23bff Apply suggested fixes from PR 2022-07-21 19:46:45 +01:00
Jeroen Rijken
5af6cda328 Allow dbus messages and user database reading. 2022-07-21 19:46:45 +01:00
Jeroen Rijken
28a3584c14 Initial support for xtables-nft-multi 2022-07-21 19:46:45 +01:00
Jeroen Rijken
463da2a8f4 Initial support for k3s 2022-07-21 19:46:45 +01:00
nobodysu
b8445e3b45 dbus style 2022-07-20 00:48:58 +03:00
Alexandre Pujol
f4dd2745d1
feat(profiles): add software-properties-dbus. 2022-07-19 00:03:01 +01:00
Alexandre Pujol
5b01f7963b
feat(profiles): add file-roller. 2022-07-18 23:58:12 +01:00
Alexandre Pujol
9692926752
feat(profiles): general update. 2022-07-18 23:57:25 +01:00
Jeroen Rijken
2ec802d40d Remove deny root 2022-07-18 19:45:04 +01:00
Jeroen Rijken
e9bcd3f820 Small fixes 2022-07-18 19:45:04 +01:00
Jeroen Rijken
70aa5fdbb2 Small fixes 2022-07-18 19:45:04 +01:00
Jeroen Rijken
5a02490082 Needed for certain containers like calico 2022-07-18 19:45:04 +01:00
Jeroen Rijken
13aee74df9 Various containerd fixes 2022-07-18 19:45:04 +01:00
Alexandre Pujol
c750cb1b77
feat(profiles): general update. 2022-07-18 11:36:16 +01:00
Jeroen
081308db2f
Add ZFS Event Daemon (#56) 2022-07-17 22:04:13 +00:00
Alexandre Pujol
eb6c7548f5
feat(profiles): general update. 2022-07-15 21:55:59 +01:00
Jeroen Rijken
682df516bf Make calico part of cni 2022-07-15 21:43:08 +01:00
Jeroen Rijken
02ad72b024 Allow containerd to (u)mount cni devices, and loopback to access them. 2022-07-15 21:43:08 +01:00
Jeroen Rijken
6c8e50534b Cleanup profile 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2022-07-15 21:43:08 +01:00
nobodysu
2d7ec5ad2c
Update spectre-meltdown-checker (#50) 
* Update spectre-meltdown-checker
 2022-07-15 20:42:15 +00:00
Alexandre Pujol
63f1a98c37
feat(profiles): add cron-ubuntu-fan. 2022-07-10 14:30:56 +01:00
Alexandre Pujol
23642eb0be
feat(profiles): general update. 2022-07-10 14:28:44 +01:00
Alexandre Pujol
c0e62f30bb
feat(profiles): add wireguard. 2022-07-10 14:24:30 +01:00
Alexandre Pujol
d8449de55e
feat(profiles): add and merge some cni profiles. 2022-07-10 14:24:09 +01:00
Alex
40d8c68f22
Merge branch 'master' into feat/cni 2022-07-10 13:41:50 +01:00
Jeroen Rijken
d10f2c073c Alphabetical sorting, group common options. 2022-07-10 13:39:01 +01:00
Jeroen Rijken
59f8b893ff Cleanup profiles according to standards 2022-07-10 13:39:01 +01:00
Jeroen Rijken
c9b4423e45 Allow mount-zfs access to pts 2022-07-10 13:39:01 +01:00
Jeroen Rijken
da08ef6aa6 Typo 2022-07-10 13:39:01 +01:00
Jeroen Rijken
cc5d1a0e07 Initramfs generation updates 2022-07-10 13:39:01 +01:00
Jeroen Rijken
99c311e699 Executable updates for zpool 2022-07-10 13:39:01 +01:00
Jeroen Rijken
3810c1668e Basic ZFS support 2022-07-10 13:39:01 +01:00
Alex
6e1e7dc32b
Apply suggestions from code review 2022-07-10 12:38:11 +00:00
Jeroen Rijken
8a13d71edb Update CNI path, set containerd to attach_disconnected, cleanups. 2022-07-10 13:36:44 +02:00
Jeroen Rijken
9fb43325a3 Add headers to new policies 2022-07-10 12:49:33 +02:00
Jeroen Rijken
7524bfa343 Syntax fixes 2022-07-10 12:43:52 +02:00
Jeroen Rijken
8413f6b9e6 Allow containerd to access SSL certs for pulling container images. 2022-07-10 11:51:15 +02:00
Jeroen Rijken
edcd130432 Calico profile cleanup. 2022-07-09 20:53:21 +02:00
Jeroen Rijken
2ffa3d1339 Cleanup profiles according to standards part 1/2 2022-07-09 20:46:59 +02:00
Jeroen Rijken
3d63f9e21e Add AppArmor support to containerd 2022-07-06 20:50:14 +02:00
Jeroen Rijken
9ea910d1a0 Add CNI for containerd 2022-07-06 20:49:52 +02:00
Alexandre Pujol
4a37cd1149
feat(profiles): add software-properties-gtk & ubuntu-advantage. 2022-07-03 20:29:45 +01:00
Alexandre Pujol
d04bb8f5b2
feat(profiles): add systemd-resolve. 2022-07-03 20:28:26 +01:00
Alexandre Pujol
f6de2fbe7a
feat(profiles): general update. 2022-07-03 20:27:48 +01:00
Alexandre Pujol
1d45e8ec2e
feat(profiles): add do-release-upgrade. 2022-06-26 23:07:00 +01:00
Alexandre Pujol
72a042e6ef
feat(profiles): add notify-reboot-required. 2022-06-26 23:06:42 +01:00
Alexandre Pujol
6c89ee8630
feat(profiles): add gnome-characters-backgroudservice. 2022-06-26 23:05:53 +01:00
Alexandre Pujol
8969786104
feat(profiles): add plymouthd. 2022-06-26 23:05:24 +01:00
Alexandre Pujol
08beefe867
feat(profiles): general update. 2022-06-26 23:05:09 +01:00
Alexandre Pujol
e087349662
feat(profiles): define more xdg variables. 2022-06-26 17:32:12 +01:00
Alexandre Pujol
e69182e1df
feat(profiles): general update. 2022-06-26 16:40:48 +01:00
Alexandre Pujol
c04363c1b6
feat(profiles): reorganise a few profiles. 2022-06-25 00:18:26 +01:00
Alexandre Pujol
fcbe764ccf
feat(profiles): general update. 2022-06-25 00:16:05 +01:00
Alexandre Pujol
e942c057bd
feat(profiles): move netstat 2022-06-25 00:08:51 +01:00
Alexandre Pujol
20fd8376bd
feat(profiles): Rewrite and largelly restrict the libvirtd profile. 2022-06-18 22:49:32 +01:00
Alexandre Pujol
56afb90084
fix(profiles): fix some abstraction definitions. 2022-06-18 21:56:09 +01:00
Alexandre Pujol
393e339b48
feat(profiles): apply rule from #51. 2022-06-14 22:54:26 +01:00
Alexandre Pujol
d93879d9df
chore: move some cron profiles. 2022-06-14 20:14:32 +01:00
Alexandre Pujol
08bb1b44a6
style(profiles): small rules improvment. 2022-06-14 19:25:45 +01:00
Alexandre Pujol
454456a844
style(profiles): better header for the abstractions. 2022-06-14 19:17:41 +01:00
Alexandre Pujol
10de7941b0
feat(profiles): add fprintd. 2022-06-14 19:12:38 +01:00
Alexandre Pujol
9ccda2a0a5
feat(profiles): initial version of mount.zfs 2022-06-14 19:11:46 +01:00
Alexandre Pujol
a792c4cb4e
feat(profiles): add some missing ubuntu profiles. 2022-06-14 19:09:50 +01:00
Alexandre Pujol
fb61f8ebff
feat(profiles): add language-validate. 2022-06-14 19:07:35 +01:00
Alexandre Pujol
9d81f5e88f
feat(profiles): reorganise the cron & run-parts profiles. 2022-06-14 19:06:34 +01:00
Alexandre Pujol
cc78beddda
feat(profiles): disks add support for zfs. 2022-06-14 19:03:46 +01:00
Alexandre Pujol
8487f5475a
feat(profiles): update ubuntu advantage profiles. 2022-06-13 22:18:17 +01:00
Alexandre Pujol
20303f53e3
feat(profiles): add the XDG_SCREENSHOTS_DIR variable. 2022-06-13 22:16:25 +01:00
Alexandre Pujol
2c6843f5fe
feat(profiles): add audit related profiles. 2022-06-13 22:15:13 +01:00
Alexandre Pujol
939363a9a7
feat(profiles): add mdevctl. 2022-06-13 22:14:29 +01:00
Alexandre Pujol
391131aad1
feat(profiles): update pkexec. 2022-06-13 22:14:11 +01:00
Alexandre Pujol
f71c0e41f8
feat(profiles): minor improvments. 2022-06-13 22:13:17 +01:00
Alexandre Pujol
7c2e92ba03
feat(profiles): add nologin. 2022-06-13 22:09:23 +01:00
Alexandre Pujol
10148786d2
feat(profiles): add some freedesktop related profiles. 2022-06-13 22:08:33 +01:00
Alexandre Pujol
039b7ab2cb
feat(profiles): update polkit-mate-authentication-agent. 2022-06-13 22:05:03 +01:00
Alexandre Pujol
d998b1dd6e
feat(profiles): improve ubuntu compatibility. 2022-06-13 22:04:12 +01:00
Alexandre Pujol
0cbcbb29a4
feat(profiles): improve/update apt related profiles. 2022-06-13 21:42:25 +01:00
Alexandre Pujol
7b0ef88358
feat(profiles): add some missing dbus rules. 2022-06-13 21:41:48 +01:00
Alexandre Pujol
6898bac12f
feat(profiles): add some missing dbus, MOUNTS and dconf rules. 2022-06-13 21:38:14 +01:00
Alexandre Pujol
50a18aac08
feat(profiles): add some core dbus rules. 2022-06-12 23:50:58 +01:00
Alexandre Pujol
24056c8cd1
feat(profiles): ensure bin, sbin compatibility for (u)mount. 2022-06-12 22:56:27 +01:00
Alexandre Pujol
779853dc7f
feat(profiles): new definition for MOUNTs, add MOUNTDIRS. 2022-06-12 22:51:37 +01:00
Alexandre Pujol
9493e783ce
feat(profiles): rethink the su & sudo profiles. 2022-06-12 22:19:13 +01:00
Alexandre Pujol
0896343bbc
feat(profiles): rethink the app launchers. 2022-06-12 22:17:38 +01:00
Alexandre Pujol
a5c9a58c3c
feat(profiles): complete the dbus-session abstactions and related rules. 2022-06-12 22:15:21 +01:00
Alexandre Pujol
8f53366cd8
feat(profiles): allow gnome-shell to send signal to all profiles. 2022-06-12 12:04:24 +01:00
Alexandre Pujol
80b337bdf4
revert(profiles): remove tor related profiles. 2022-06-12 12:02:16 +01:00
Alexandre Pujol
f53550525e
feat(profiles): add the X-strict abstraction. 2022-06-09 22:45:14 +01:00
Alexandre Pujol
5d45b8e7a7
feat(profiles): add the dconf-write abstraction. 2022-06-09 21:55:55 +01:00
Alexandre Pujol
583d7a15f0
feat(profiles): add dbus rules for some common profiles. 2022-06-05 23:06:14 +01:00
Alexandre Pujol
e949654614
feat(profiles): dbus abstactions and related rules. 2022-06-05 22:57:29 +01:00
Alexandre Pujol
63e5980d8d
feat(profiles): general update. 2022-06-05 22:47:37 +01:00
Alexandre Pujol
f6b6e99cde
feat(profiles): initial dbus rules for systemd profiles. 2022-06-05 14:53:10 +01:00
nobodysu
a333a77cb5 polishing 2022-06-05 15:36:10 +03:00
nobodysu
2bea426d27 polishing 2022-06-03 23:00:08 +03:00
Alexandre Pujol
a6a72cd5c3
feat(profiles): initial dbus integration (no dbus rule yet). 2022-06-03 20:38:23 +01:00
Alexandre Pujol
aa606bbdc4
feat(profiles): add swtpm_ioctl. 2022-06-03 20:23:28 +01:00
Alexandre Pujol
9ad819a196
feat(profiles): add install-catalog. 2022-06-03 20:22:07 +01:00
Alexandre Pujol
aa9a673fb6
feat(profiles): add anacron. 2022-06-03 20:21:20 +01:00
Alexandre Pujol
24cf14ff3a
feat(profiles): initial version of some ubuntu related profiles. 2022-06-03 20:20:32 +01:00
Alexandre Pujol
b9552c3f66
feat(profiles): add networkd-dispatcher. 2022-06-03 20:17:08 +01:00
Alexandre Pujol
82bbe96bfa
feat(profiles): add ModemManager. 2022-06-03 20:16:38 +01:00
Alexandre Pujol
82e6dc13e9
feat(profiles): add gnome-remote-desktop-daemon. 2022-06-03 20:15:23 +01:00
Alexandre Pujol
5987818b42
feat(profiles): add gnome-control-center-goa-helper. 2022-06-03 20:14:38 +01:00
Alexandre Pujol
c32b19a808
feat(profiles): general update. 2022-06-03 20:13:11 +01:00
Alexandre Pujol
879416b062
feat(profiles): better system nss rules in nameservice-strict. 2022-06-03 19:38:34 +01:00
Alexandre Pujol
d9a0e24e40
revert(profiles): remove deprecated profiles. 2022-06-03 19:06:06 +01:00
nobodysu
8b58289500 more polishing 2022-06-03 17:42:22 +00:00
nobodysu
722ce7f78f logrotate: add shred 2022-06-03 17:42:22 +00:00
nobodysu
4a76a69632 polishing 2022-06-03 17:42:22 +00:00
nobodysu
9dab6b9794 stricter logind 2022-06-03 17:42:22 +00:00
nobodysu
6b4ae79806 up to date version 2022-06-03 17:42:22 +00:00
nobodysu
e547f6c7bd lost somehow 2022-06-03 17:42:22 +00:00
nobodysu
db9bccc42a complain 2022-06-03 17:42:22 +00:00
nobodysu
b42b8c66cc Ubuntu 22.04, first batch and misc 2022-06-03 17:42:22 +00:00
nobodysu
599ed6464c Ubuntu 22.04, second batch 2022-06-02 19:27:15 +03:00
nobodysu
936431411c ubuntu2204 2022-06-02 02:00:16 +03:00
nobodysu
db649628a5
Update htop (#48) 2022-06-01 17:54:31 +00:00
nobodysu
7db753f0c9
Alphanumeric systemd sessions (#47) 2022-06-01 17:54:07 +00:00
nobodysu
b45161a68e
Armbian mmap (#45) 2022-06-01 17:50:27 +00:00
nobodysu
b4f7ed185c
More consoles requirement after sshd introduction (#44) 
* consoles requirement after sshd introduction

* one more
 2022-06-01 17:50:05 +00:00
nobodysu
e2b7f6594c
disks-read: Armbian / DietPi (#40) 2022-06-01 17:49:07 +00:00
nobodysu
d5f3d7f686 more egl paths 2022-06-01 20:04:20 +03:00
nobodysu
76417058a6 remove obsolete abstraction 2022-06-01 20:02:48 +03:00
nobodysu
8deddc8a2c
sshd: Ubuntu compatibility (#37) 
* Ubuntu, allow fallback

* reverting to Ubuntu compatibility only
 2022-05-23 22:16:22 +00:00
nobodysu
481b6d621b pids and header 2022-05-23 20:30:46 +03:00
nobodysu
9a48515089
Add pstree (#38) 2022-05-23 16:55:58 +00:00
nobodysu
6c30e362ee
Add consoles abstraction where needed (#36) 
* add consoles abstraction where needed

* not now
 2022-05-23 16:43:42 +00:00
nobodysu
a3f94f62b1 uuid 2022-05-23 01:47:42 +03:00
nobodysu
b263321c73 Ubuntu compatibility 2022-05-23 01:44:25 +03:00
Alexandre Pujol
d3d9277978
feat(profiles): more integration for ubuntu 22.04 2022-05-21 17:27:28 +01:00
Alexandre Pujol
e28f5a3bb4
feat(profiles): general update. 2022-05-21 17:25:31 +01:00
Alexandre Pujol
3d2197d7f0
feat(profiles): rewrite the system-config-printer profile. 2022-05-21 17:18:05 +01:00
Alexandre Pujol
df8cb3fe91
feat(profiles): add switcheroo-control. 2022-05-21 17:17:14 +01:00
Alexandre Pujol
6058ef7439
feat(profiles): add systemd-vconsole-setup 2022-05-21 17:16:33 +01:00
Alexandre Pujol
21250f5eec
feat(profiles): add needrestart-iucode-scan-versions. 2022-05-21 17:13:03 +01:00
Alexandre Pujol
1d284c03c3
feat(profiles): add spice-vdagent. 2022-05-21 17:11:20 +01:00
Alexandre Pujol
7a1304720e
feat(profiles): add qemu-ga. 2022-05-21 17:10:49 +01:00
Alexandre Pujol
a5b73375a2
feat(profiles): add im-launch 2022-05-21 17:10:14 +01:00
Alexandre Pujol
e46e9cfcf4
feat(profiles): add boltd. 2022-05-21 17:09:12 +01:00
Alexandre Pujol
59ba69a167
feat(profiles): add ubuntu specific profiles. 2022-05-21 17:07:37 +01:00
Alexandre Pujol
4c7ebb3a39
feat(profile): add gnome-extension-ding 
When it is installed as a system extension only.
 2022-05-21 16:52:59 +01:00
Alexandre Pujol
8b41f7c9c5
feat(profiles): add some ibus related profiles. 2022-05-21 16:51:46 +01:00
Alexandre Pujol
035bb74b29
feat(profiles: add plymouth. 2022-05-21 16:50:22 +01:00
Alexandre Pujol
0dbe0d2790
feat(profiles) add initial support for ubuntu 22.04 2022-05-21 16:49:45 +01:00
Alexandre Pujol
3ac7d41bf5
chore(profiles): needrestart profiles' apt -> m-r. 2022-05-21 16:38:16 +01:00
Alexandre Pujol
5c382d7eb3
feat(profiles): general update. 2022-05-15 22:56:42 +01:00
Alexandre Pujol
0b66933b45
feat(profiles): general update. 2022-05-09 21:51:18 +01:00
Alexandre Pujol
940c9de083
chore: reorganise the freedesktop group. 2022-05-07 13:18:36 +01:00
Alexandre Pujol
da1b3e1f1c
feat(profiles): general update. 2022-05-07 11:42:18 +01:00
Alexandre Pujol
6aadd82293
feat(profiles): add support for distribution that use /usr/libexec. 2022-05-07 11:35:21 +01:00
Alexandre Pujol
7377aed016
fix: remove absraction from upstream. 2022-05-06 21:29:06 +01:00
Alexandre Pujol
c91363a0b6
fix: abstraction gtk -> gtk complete. 2022-05-06 21:28:41 +01:00
Alexandre Pujol
82e53fd919
feat(profiles): add swtpm, swtpm_localca and swtpm_setup. 2022-05-02 18:12:07 +01:00
Alexandre Pujol
3018ce3bbd
feat(profiles): add flatpak-portal. 2022-05-02 18:07:15 +01:00
Alexandre Pujol
c61181b548
feat(profiles): add sshd profile. 2022-05-02 17:56:06 +01:00
Alexandre Pujol
b87f1859cf
refactor(profiles): merge apt & apt-get profiles. 2022-05-02 17:50:47 +01:00
Alexandre Pujol
8353f0f37f
feat(profiles): add needrestart. 2022-05-02 17:49:03 +01:00