Commit Graph

1887 Commits

Author SHA1 Message Date
Alexandre Pujol
31bc5a6053
feat(profiles): general update. 2023-11-22 21:37:09 +00:00
Alexandre Pujol
a49d83993a
feat(profile): add snapd-apparmor 2023-11-22 20:58:05 +00:00
Alexandre Pujol
c62b45964d
feat(profile): add e2scrub_all. 2023-11-22 20:56:42 +00:00
Alexandre Pujol
17d187e93b
feat(profiles): ensure apparmor_parser works with snap. 2023-11-22 20:55:47 +00:00
Alexandre Pujol
e247a3949e
feat(systemd): add initial version of all missing generator. 2023-11-22 20:55:01 +00:00
Alexandre Pujol
0d124065b9
build: enforce the use on the default profile on full mode. 2023-11-22 20:52:25 +00:00
Alexandre Pujol
07acb8043b
feat(profiles): rename all systemd generator. 2023-11-22 20:51:10 +00:00
Alexandre Pujol
ba1cad7f73
feat(profile): improve child-open. 2023-11-22 20:12:59 +00:00
Alexandre Pujol
9ab0745e2d
feat(full): add default fallback profile.
See #252
2023-11-22 20:12:20 +00:00
Alexandre Pujol
da51cdba64
feat(profiles): improve freedesktop profiles. 2023-11-22 20:07:31 +00:00
Alexandre Pujol
6c6646e1f6
feat(profiles): minor kde additions. 2023-11-22 20:06:39 +00:00
Alexandre Pujol
ae99433595
feat(full): simplify the service profiles. 2023-11-22 20:04:17 +00:00
Alexandre Pujol
04513af863
feat: cleanup child-systemctl 2023-11-22 18:43:43 +00:00
Alexandre Pujol
23be43ebd0
feat(full): improve how systemd handle services 2023-11-22 18:42:23 +00:00
Alexandre Pujol
f2ef493ca7
build: full system for whonix. 2023-11-22 18:16:03 +00:00
Alexandre Pujol
7909bb1948
fix(build): tunable path. 2023-11-19 23:21:50 +00:00
Alexandre Pujol
e84750453c
fix: dpkg build. 2023-11-19 23:04:43 +00:00
Alexandre Pujol
157798e93c
tests(packer): improve debian vm. 2023-11-19 21:48:38 +00:00
Alexandre Pujol
908aba0385
feat(profiles): add some ubuntu specific profiles. 2023-11-19 21:42:31 +00:00
Alexandre Pujol
e29e839c62
feat(profiles): update apt related profiles. 2023-11-19 21:40:12 +00:00
Alexandre Pujol
07e7810d15
feat(full): add some services profile. 2023-11-19 21:39:36 +00:00
Alexandre Pujol
dd767f13c0
chore: update flags list. 2023-11-19 21:39:04 +00:00
Alexandre Pujol
f43f950c90
feat(full): improve systemd-user profile. 2023-11-19 21:35:53 +00:00
Alexandre Pujol
59140f5411
feat(full): improve systemd profile.
See https://apparmor.pujol.io/development/structure/#full-system-policy
2023-11-19 21:31:57 +00:00
Alexandre Pujol
d64ef39bd1
build: minor fixes. 2023-11-19 21:04:58 +00:00
Alexandre Pujol
8686cc458f
Merge branch 'main' of github.com:roddhjav/apparmor.d
* 'main' of github.com:roddhjav/apparmor.d:
  Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249)
2023-11-19 20:54:34 +00:00
monsieuremre
83a2a1cbf9
Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249)
* full-policy

* change path

* change

* big fix

* Delete apparmor.d/groups/_full/systemd

* Update and rename full-policy to systemd
2023-11-19 20:54:09 +00:00
Alexandre Pujol
3aa07e4d64
tests(packer): add arch-server and ubuntu 24.04 images. 2023-11-19 16:09:25 +00:00
Alexandre Pujol
f0cdadbdaf
feat(abs): improve mesa abstraction. 2023-11-19 15:39:02 +00:00
Alexandre Pujol
1b48e419f4
build(suse): add systemd-userdbd drop in file. 2023-11-19 15:38:36 +00:00
Alexandre Pujol
185187b608
doc: rewrite full system policy section. 2023-11-19 14:49:08 +00:00
Alexandre Pujol
edab2be894
doc: add nnp section. 2023-11-19 14:48:25 +00:00
Alexandre Pujol
9e04743156
build: do not use rsync to synchronise file anymore. 2023-11-19 14:47:55 +00:00
Alexandre Pujol
5eb120cdbb
build: new system origin path. 2023-11-19 14:34:42 +00:00
Alexandre Pujol
96ea9d17ae
feat(full): disable nnp flag on some services. 2023-11-19 14:32:57 +00:00
Alexandre Pujol
f564347580
refractor: move default systemd drop in files. 2023-11-19 14:20:14 +00:00
Alexandre Pujol
d1c8471b1d
fix: rule compilation. 2023-11-19 11:39:24 +00:00
Alexandre Pujol
88555a12d0
feat(profiles): add initial userns rule.
Require apparmor 4 to be enabled.
2023-11-19 11:19:24 +00:00
Alexandre Pujol
6dc990ac02
feat(full): set systemd profile name on build time. 2023-11-19 11:14:31 +00:00
Alexandre Pujol
2143fb03af
feat(full): add new systemd variable. 2023-11-19 11:13:40 +00:00
Alexandre Pujol
b79a1fcd31
feat(profile): general update.
Also include some preparation for the systemd profile.
2023-11-19 11:08:35 +00:00
Alexandre Pujol
3197f52a97
feat(aa-log): improve log to rule conversion. 2023-11-19 10:59:46 +00:00
Alexandre Pujol
58b577385e
build(ci): add gitlab ci for whonix. 2023-11-13 23:41:41 +00:00
Alexandre Pujol
aa84d08ef6
tests: improve tests image content. 2023-11-13 23:40:51 +00:00
Alexandre Pujol
e8fcc12c98
feat(profiles): cleanup dbus daemon related profile. 2023-11-13 23:10:00 +00:00
Alexandre Pujol
e99f7de703
fix(profiles): fix slow startup of gnome
at-spi-bus-launcher  starts the accessibility bus.
We need to ensure all buses are initally started by the same profile,
otherwise  the accessibility fail to start.

See #74, #80 & #235
2023-11-13 22:59:10 +00:00
Alexandre Pujol
a66debd2fb
build(dpkg): ignore libvirt profiles. 2023-11-13 22:22:40 +00:00
Alexandre Pujol
d3084839d1
feat(profiles): improve support for debian over gnome. 2023-11-13 22:14:54 +00:00
Alexandre Pujol
31edd15e8a
feat(profiles): improve kde integration. 2023-11-13 22:11:12 +00:00
Alexandre Pujol
6f98bb9bfb
feat(abs): add more possible resolv.conf path in nameservice.
Used a lot by debian.
2023-11-13 19:32:04 +00:00