Commit graph

286 commits

Author SHA1 Message Date
Alexandre Pujol
b8c2380da4
feat(profile): add epiphany providers. 2023-11-27 19:23:35 +00:00
Alexandre Pujol
aa1553388b
feat(flatpak): add flatpak integration.
- Add flatpak profile
- Add flatpak-bwrap subprofile: it manage the sandbox creation & has some larger access.
- Add flatpak-app, default profile for sandboxed app.

See Full system policy #252
2023-11-26 23:19:09 +00:00
Alexandre Pujol
e41779f576
feat(full): add default bwrap profiles.
On  full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application.
It is not enabled by default as the sandbox profile is quite large.

Also integrate with the gnome app that use bwrap as sandbox manager.

Update other related profiles

See Full system policy #252
2023-11-26 23:12:35 +00:00
Alexandre Pujol
d8ff8c8cd6
feat(kde): add some kde profiles. 2023-11-26 23:07:02 +00:00
Alexandre Pujol
a49d83993a
feat(profile): add snapd-apparmor 2023-11-22 20:58:05 +00:00
Alexandre Pujol
07acb8043b
feat(profiles): rename all systemd generator. 2023-11-22 20:51:10 +00:00
Alexandre Pujol
9ab0745e2d
feat(full): add default fallback profile.
See #252
2023-11-22 20:12:20 +00:00
Alexandre Pujol
23be43ebd0
feat(full): improve how systemd handle services 2023-11-22 18:42:23 +00:00
Alexandre Pujol
e84750453c
fix: dpkg build. 2023-11-19 23:04:43 +00:00
Alexandre Pujol
908aba0385
feat(profiles): add some ubuntu specific profiles. 2023-11-19 21:42:31 +00:00
Alexandre Pujol
dd767f13c0
chore: update flags list. 2023-11-19 21:39:04 +00:00
Alexandre Pujol
59140f5411
feat(full): improve systemd profile.
See https://apparmor.pujol.io/development/structure/#full-system-policy
2023-11-19 21:31:57 +00:00
Alexandre Pujol
d64ef39bd1
build: minor fixes. 2023-11-19 21:04:58 +00:00
Alexandre Pujol
1b48e419f4
build(suse): add systemd-userdbd drop in file. 2023-11-19 15:38:36 +00:00
Alexandre Pujol
9e04743156
build: do not use rsync to synchronise file anymore. 2023-11-19 14:47:55 +00:00
Alexandre Pujol
a66debd2fb
build(dpkg): ignore libvirt profiles. 2023-11-13 22:22:40 +00:00
Alexandre Pujol
5760c0129c
build: add ignore file for whonix. 2023-11-09 20:53:30 +00:00
Alexandre Pujol
3ab5046d5d
build: ignore non suse profiles on other dists. 2023-11-09 20:53:03 +00:00
Alexandre Pujol
18da36238e
build: add some flags definition. 2023-11-09 20:51:34 +00:00
Alexandre Pujol
84ecf85c0b
feat(profiles): add dell cctk. 2023-10-26 22:40:21 +01:00
Alexandre Pujol
cdf601ca5c
build: minor improvements. 2023-10-21 21:51:23 +01:00
Alexandre Pujol
4276ede03c
feat(profile): rewrite update-ca-certificates. 2023-10-20 23:43:36 +01:00
Alexandre Pujol
958cc671b2
build: ignore chronyd profile on apt dist. 2023-10-08 13:57:23 +01:00
Alexandre Pujol
92bfdfa64a
build: do not install the man profile as it is provided by apparmor itself. 2023-10-01 14:27:48 +01:00
Alexandre Pujol
b122d9424f
feat(profiles): enforce some stable profiles. 2023-10-01 13:20:59 +01:00
Alexandre Pujol
ab0ee1a317
feat(profiles): add initial version of passim passimd. 2023-10-01 13:10:17 +01:00
Alexandre Pujol
2aace6bccb
feat(profile): improve kde integration. 2023-09-29 19:33:09 +01:00
Alexandre Pujol
4047921300
fix(build): update backport repo. 2023-09-20 23:08:17 +01:00
Alexandre Pujol
1eda792122
chore: cosmetic. 2023-09-20 19:01:52 +01:00
Alexandre Pujol
b34356ca03
build(rpm): add apparmor-profiles as deps. 2023-09-19 20:37:07 +01:00
Alexandre Pujol
cd48bb5ba0
fix(rpm): remove unused config dir. 2023-09-19 20:22:33 +01:00
Alexandre Pujol
55d46631da
ci: add rpm pkg build. 2023-09-19 20:16:55 +01:00
Alexandre Pujol
0797debd1d
build: add rpm packaging files. 2023-09-19 19:04:12 +01:00
Alexandre Pujol
975f7e0d6d
refractort: dists/build -> dists/docker 2023-09-18 17:26:28 +01:00
Alexandre Pujol
9a8a919b6c
feat(kde): add baloorunner. 2023-09-11 21:33:19 +01:00
Alexandre Pujol
b9fb4b72d2
fix: minor profiles fixes. 2023-09-10 12:41:47 +01:00
curiosityseeker
aaed7a25da
Various updates (#209) 2023-09-10 10:59:26 +00:00
nobody43
03384ab0d0 flags 2023-09-10 11:58:13 +01:00
Alexandre Pujol
6b159fe918
feat: cleanup ignored profile list. 2023-09-07 17:58:47 +01:00
Alexandre Pujol
7c24dde028
feat(profile): rewrite profile for vscode (wip). 2023-09-05 19:15:01 +01:00
curiosityseeker
41525621aa
Various updates (#204) 2023-09-04 13:58:07 +00:00
Alexandre Pujol
aea0034fcc
chore: various cosmetic changes. 2023-09-01 19:26:52 +01:00
Alexandre Pujol
a30d3dd415
feat(profiles): add element-desktop. 2023-08-27 15:42:30 +01:00
Alexandre Pujol
28af1fd642
chore: cleanup flags file. 2023-08-27 15:35:01 +01:00
Alexandre Pujol
22e57b3620
feat(profiles): apply guideline on some profile. Update flags list. 2023-08-27 15:30:18 +01:00
Alexandre Pujol
7a5096e7d8
feat(profiles): add inital version of dolphin. 2023-08-27 15:24:54 +01:00
Alexandre Pujol
ad3e5a5dcf
feat(profiles): add protonmail-bridge. 2023-08-27 15:17:36 +01:00
Alexandre Pujol
8cfe2780d4
feat(profiles): rewrite the spotify profile. 2023-08-27 15:00:02 +01:00
Alexandre Pujol
b0eed1ae39
feat(profiles): add transmission-gtk 2023-08-27 14:59:02 +01:00
Alexandre Pujol
4d79af2203
feat(profiles): add gnome-extension-gsconnect 2023-08-27 14:57:50 +01:00
Alexandre Pujol
5704d1ba20
feat(profiles): various profile fixes. 2023-08-19 14:01:50 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables
* 'tunables' of https://github.com/nobody43/apparmor.d:
  dbus temp tails
  Update apparmor.d
  Update gdm-runtime-config
  more unrelated changes
  adjust date-time
  random tails
  rename to int, convert more profiles
  fixes
  tunables
2023-08-17 20:01:53 +01:00
Alexandre Pujol
555b53192c
fix: ensure some required flags are set. 2023-08-17 18:45:41 +01:00
Alexandre Pujol
3f8d559dcc
feat(profiles): add some thunderbird related profiles. 2023-08-17 18:45:10 +01:00
Alexandre Pujol
09943156bc
feat(profiles): add multipath profiles
See #134

Signed-off-by: @cboltz
2023-08-13 20:06:08 +01:00
ShellCode
0f9b7cb474
Fix #184 (#185)
* Replace @{HOME}/.config with @{user_config_dirs}

* Replace @{HOME}/.cache with @{user_cache_dirs}

* Replace @{HOME}/.local/state with @{user_state_dirs}

* Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d

* Update docs/variables.md

* Replace @{HOME}/.local/share with @{user_share_dirs}

* Replace @{HOME}/.local/lib with @{user_lib_dirs}

* Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d"

This reverts commit 9525003098.
2023-07-27 11:20:19 +00:00
Alexandre Pujol
015db89b4d
fix: do not install code-wrapper profile yet. 2023-07-23 16:22:42 +01:00
Alexandre Pujol
e5ed57c041
fix: ensure flags for plasmashell. 2023-07-20 21:17:47 +01:00
Alexandre Pujol
1424fb5493
feat(profiles): add iio-sensor-proxy 2023-07-20 21:09:18 +01:00
Alexandre Pujol
33a9b062ff
refactor(profiles): do not enable vs code yet. 2023-07-20 20:56:48 +01:00
Alexandre Pujol
db35aa9249
feat(profiles): add firefox glxtest & vaapitest profiles. 2023-07-12 21:59:13 +01:00
Alexandre Pujol
59469b57b4
feat(profiles): general update. 2023-07-09 12:30:09 +01:00
Alexandre Pujol
7deac2c904
feat(profiles): add mutter-x11-frames. 2023-07-08 12:39:24 +01:00
Alexandre Pujol
6715564053
feat(profiles): general update. 2023-07-08 12:37:40 +01:00
Alexandre Pujol
a1946aa171
feat: support for debian 12, drop support for debian 11. 2023-06-18 11:44:56 +01:00
Alexandre Pujol
d4d1b949cd
fix: ensure mount has the disconnected flag.
See #170
2023-06-14 22:31:00 +01:00
Alexandre Pujol
35ca2692c9
feat(kde): add more kde profiles. 2023-04-30 21:50:08 +01:00
Alexandre Pujol
ee10658d09
feat(kde): big kde profiles update. 2023-04-30 21:46:10 +01:00
Alexandre Pujol
c9ef8f55c4
feat(profiles): add firefox-kmozillahelper. 2023-04-30 21:38:59 +01:00
Alexandre Pujol
30e623d73c
fix(profiles): ensure some flags on some profiles. 2023-04-30 15:00:55 +01:00
Alexandre Pujol
1083520225
feat(kde): add initial version for more kde profles. 2023-04-27 22:27:16 +01:00
Alexandre Pujol
e569f907e2
build: etc.d -> multiarch.d as debian does not have etc.d yet. 2023-04-25 21:47:01 +01:00
Alexandre Pujol
7ddba7230d
feat(profiles): update kde integration.
See #134
2023-04-24 18:56:28 +01:00
Alexandre Pujol
9727d1ce1f
fix(build): ubuntu & debian share some build spec. 2023-04-24 00:17:00 +01:00
Alexandre Pujol
c2e4dfa07e
fix(build): add missing trash abs on Ubuntu. 2023-04-23 17:27:49 +01:00
Alexandre Pujol
2e466bab20
build: remove dists file for arch based distribution. 2023-04-19 19:02:05 +01:00
Alexandre Pujol
912f3be8ab
build: remove ubuntu core integration. 2023-04-19 19:00:15 +01:00
Alexandre Pujol
ffa0f7bc3d
build: drop lsb-release build deps. 2023-04-19 18:57:31 +01:00
Alexandre Pujol
7c0863867e
fix(build): ensure a minimum go version in the build process. 2023-04-17 11:26:09 +01:00
Alexandre Pujol
d717a24adc
build: better way to handle package build for development purpose. 2023-04-16 21:25:52 +01:00
Alexandre Pujol
15029a198a
feat(kde): add akonadi_* profiles. 2023-04-16 20:44:29 +01:00
Alexandre Pujol
77955aac3d
feat(kde): add kded5. 2023-04-16 19:27:27 +01:00
Alexandre Pujol
12456486f1
feat(kde): general update. 2023-04-16 19:10:14 +01:00
Alexandre Pujol
5ea6ede589
feat(profile): general update. 2023-04-15 11:52:00 +01:00
Alexandre Pujol
4f22a6ebaa
feat(kde): add kauth helper. 2023-04-05 23:51:27 +01:00
nobody43
fb92aa5716 fixes 2023-04-03 18:20:15 +01:00
Alexandre Pujol
ac75f2ee5c
feat(kde): add xdg-desktop-portal-kde 2023-03-31 17:06:03 +01:00
Alexandre Pujol
0efc3e0703
feat(kde): rewrite polkit-kde-authentication-agent. 2023-03-31 17:03:47 +01:00
Alexandre Pujol
19d1a59bd3
feat(kde): add new kde profiles. 2023-03-31 17:02:49 +01:00
Alexandre Pujol
1131fdf412
feat(profiles): add kgx. 2023-03-31 16:49:41 +01:00
Alexandre Pujol
b43c3fe0c9
chore: finaly remove dockerfile 2023-03-29 00:22:20 +01:00
Alexandre Pujol
6cbc1a5b47
build: remove local dockerfile for build.
They have been moved to https://gitlab.com/roddhjav/builders
2023-03-29 00:16:31 +01:00
Alexandre Pujol
c7cf156de9
feat(profiles): add most virtio related profiles. 2023-03-25 15:54:20 +00:00
Alexandre Pujol
98a1a00a14
feat(profiles): add gsettings. 2023-03-12 15:30:33 +00:00
Alexandre Pujol
d23348c689
feat(flags): cleanup and enforce some profiles. 2023-03-12 15:14:15 +00:00
Alexandre Pujol
0a2efe7fee
feat: add initial support for Ubuntu Core. 2023-02-24 20:38:48 +00:00
nobody43
a873af1f26 general_initial 2023-02-22 21:52:55 +00:00
Alexandre Pujol
a804fe7b56
feat(systemd): add systemd-cryptsetup 2023-02-19 20:35:03 +00:00
Alexandre Pujol
eca22caf8a
feat(systemd): add some systemd-user-generators. 2023-02-19 20:32:18 +00:00
Alexandre Pujol
5d6a4e4e4c
feat(systemd): add systemd-user{db,work} 2023-02-19 20:29:22 +00:00
Alexandre Pujol
c2076a213b
feat(systemd): add systemd-home{d,work} 2023-02-19 20:28:00 +00:00
Alexandre Pujol
4d317cf807
feat(profiles): remove setpriv.
This program should be included by other profile, not generally confined.
2023-02-11 20:20:45 +00:00
Alexandre Pujol
77b9699270
feat(profiles): add sdcv.
Co-authored-by: Andy Ramos <maplewood_broer@8shield.net>
2023-02-08 16:39:37 +00:00
Alexandre Pujol
11cc454fe2
build: add ignore & glags file for opensuse. 2023-02-06 21:29:26 +00:00
Alexandre Pujol
53d1b7a3fd
feat(profiles): update flags. 2023-02-05 00:00:55 +00:00
nobody43
bbdccd0597 complain 2023-01-28 15:25:01 +00:00
Alexandre Pujol
8bed975d55
fix(build): create build links for manjaro. 2023-01-26 20:00:55 +00:00
Alexandre Pujol
dc8134589d
build: initial build support for full system policy. 2023-01-24 20:17:00 +00:00
Cherkah
291450a050 create manjarolinux.flags 2023-01-22 20:20:52 +00:00
Cherkah
909e2f1d94 create manjarolinux.ignore 2023-01-22 20:20:38 +00:00
name.tar.xz
9a53a047d2 add support for cachyos 2023-01-22 12:46:04 +00:00
Alexandre Pujol
b4a1cf963f
build(arch): include crron profiles in Archlinux.
See #101
2023-01-15 17:47:00 +00:00
Alexandre Pujol
f20aa4f548
feat(profiles): general update. 2023-01-14 13:28:21 +00:00
Alexandre Pujol
2431ba98aa
feat(profile): include more rule from #94. 2023-01-14 13:00:01 +00:00
Alexandre Pujol
11cc9bd672
feat: merge pacman mkinitcpio hooks. 2022-12-10 19:12:10 +00:00
Alexandre Pujol
2246e8ae63
feat(profiles): merge the two packagekitd profiles in one. 2022-12-09 19:12:19 +00:00
leah
6916eefc1b use symbolic link instead 2022-11-08 22:58:22 +00:00
leah
4ed0f824d0 add support for endeavour os 2022-11-08 22:58:22 +00:00
Alexandre Pujol
18a8b42cbf
feat(profiles): add initial version of iwctl. 2022-11-05 17:13:39 +00:00
Alexandre Pujol
82ebbd33a4
feat(profiles): update flags. 2022-11-05 17:12:47 +00:00
Alexandre Pujol
157e2a5df6
feat(profiles): grub update. 2022-11-03 21:42:16 +00:00
Alexandre Pujol
a90cdbe879
feat(profiles): general update. 2022-11-03 21:40:01 +00:00
Alexandre Pujol
fabddee9d6
feat(profiles): add os-prober. 2022-10-23 11:27:50 +01:00
Alexandre Pujol
d6cd1af9c8
feat(profiles): add initial version of nmcli. 2022-10-23 11:26:42 +01:00
Alexandre Pujol
0168f8b13b
feat(profiles): add gnome-software. 2022-10-23 11:25:23 +01:00
Alexandre Pujol
2ed2ed8034
Revert "buid(debian): remove config-package build deps."
config-package-dev is required for files hide and displace in the Debian
pkg.

This reverts commit d618583390.
2022-10-16 12:05:28 +01:00
Alexandre Pujol
d618583390
buid(debian): remove config-package build deps. 2022-10-15 23:14:09 +01:00
nobodysu
643a84997e
Unbreak Debian 11 and partially Ubuntu 22.04 (Wayland+GDM+Gnome) (#81)
* Unbreaking Debian 11 and partially Ubuntu 22.04

* pre-cleanup

* pre-cleanup2

* Update im-launch

* Update gnome-extension-ding

* polishing

* not yet

* Update ubuntu.flags

Allow GDM to boot. `No new privs` fix.

* Update debian.flags

Allow GDM to boot. `No new privs` fix.

* Update CONTRIBUTING.md

* fixes

* reverting w

* move setpriv to main.flags
2022-10-14 21:21:56 +00:00
Alexandre Pujol
bdcaa040fe
feat(profiles): add packagekitd. 2022-10-14 22:18:49 +01:00
Alexandre Pujol
e226f4eb03
feat(profiles): add iwd. 2022-10-06 21:13:05 +01:00
Alexandre Pujol
75b25c7e07
build: update flags list. 2022-10-06 20:59:07 +01:00
Alexandre Pujol
41b3f37a3f
build: ignore autostart on Ubuntu. 2022-10-06 20:57:55 +01:00
Alexandre Pujol
7632a2c168
build: better change build dev container name. 2022-10-06 20:54:55 +01:00
Alexandre Pujol
fa1f71a151
build: allow to build the package in a clean container. 2022-10-04 23:17:11 +01:00
Alexandre Pujol
7d3c52036b
feat(profiles): add child-open. 2022-10-01 19:05:44 +01:00
Alexandre Pujol
39740f9369
feat(profiles): add systemd-dissect. 2022-10-01 18:56:02 +01:00
Alexandre Pujol
1a73271a1a
feat(profiles): add localectl. 2022-10-01 18:53:11 +01:00
Alexandre Pujol
65bf8278bc
feat(profiles): add gnome-browser-connector-host. 2022-10-01 18:47:49 +01:00
Alexandre Pujol
7c3fcf260c
feat(profiles): add systemd-id128. 2022-10-01 18:46:32 +01:00
Alexandre Pujol
8ff571549a
feat(profiles): add gnome-extension-manager. 2022-09-24 18:09:05 +01:00
Alexandre Pujol
a432d656c8
feat(profiles): add sbctl. 2022-09-18 11:21:33 +01:00
Alexandre Pujol
4920922394
feat(profiles): add busctl. 2022-09-13 18:39:41 +01:00
Alexandre Pujol
c242a59996
fix(profiles): remove not yet commited profiles from flag definition. 2022-09-13 18:19:42 +01:00
Alexandre Pujol
80a8be6d9e
feat(profiles): move some flags definition in main.flags 2022-09-11 20:47:49 +01:00
Alexandre Pujol
14fd88aa2f
feat(profiles): add profiles for cups. 2022-08-31 22:10:41 +01:00
Alexandre Pujol
66b529497d
feat(profiles): initial support for steam & steam games. 2022-08-13 20:36:52 +01:00
Alexandre Pujol
7aca29b244
feat(profiles): initial snap support. 2022-07-21 22:40:06 +01:00
Alexandre Pujol
595a27560f
feat(profiles): add mullvad profiles. 2022-07-21 20:17:03 +01:00
Alexandre Pujol
4a37cd1149
feat(profiles): add software-properties-gtk & ubuntu-advantage. 2022-07-03 20:29:45 +01:00
Alexandre Pujol
55c0827c2a
chore: better profile ignore definition. 2022-06-14 19:40:25 +01:00