apparmor.d

mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 18:25:05 +01:00

Author	SHA1	Message	Date
Alexandre Pujol	7269ac6ca9	fix: profile compilation.	2024-02-11 12:49:04 +00:00
Alexandre Pujol	9cbeb127a3	feat(profile): minor improvment for kde.	2024-02-11 12:45:35 +00:00
Alexandre Pujol	04683eeccb	feat(profile): general update.	2024-02-11 12:44:40 +00:00
Alexandre Pujol	4619e13f1b	fix: possible hardware blocking issue. See #296	2024-02-11 12:41:37 +00:00
Alexandre Pujol	738f7cc0c2	feat(fsp): add intial mount rules on systemd.	2024-02-10 01:22:50 +00:00
Alexandre Pujol	309ad9e506	feat(fsp): cleanup systemd profile.	2024-02-10 01:09:27 +00:00
monsieuremre	ce85d482e9	Update systemd	2024-02-08 16:04:20 +00:00
Alexandre Pujol	b1d0ebe918	feat(tunable): add the browsers_path variable.	2024-02-07 15:10:54 +00:00
Alexandre Pujol	cdaf72eb3d	feat(profile): general update.	2024-02-07 13:50:40 +00:00
Alexandre Pujol	9b705ab76c	feat(profiles): add plasma_session.	2024-02-07 13:47:28 +00:00
Alexandre Pujol	14a6f3fc5a	fix(profile): sddm issue when starting kde.	2024-02-07 12:32:55 +00:00
Alexandre Pujol	2cd14aa6bb	chore: add missing and update copyright year.	2024-02-07 00:16:21 +01:00
Alexandre Pujol	c006371e5b	feat(fsp): rewrite systemd-user profile. Works fine when fsp is not enabled, still has issue in fsp mode.	2024-02-06 22:41:12 +01:00
Alexandre Pujol	d0a052b7ae	feat(profile): add signal from systemd-user.	2024-02-06 22:37:59 +01:00
monsieuremre	968da5518b	profile name fix (#289 )	2024-02-05 17:41:56 +00:00
Alexandre Pujol	1b8f652795	feat(profile): cleanup doublon.	2024-02-01 18:48:51 +00:00
Alexandre Pujol	dbbb2150e2	feat(fsp): reorganise systemd.service.	2024-02-01 18:33:19 +00:00
Alexandre Pujol	0a74d5c6fe	feat(profile): general update.	2024-02-01 13:19:19 +00:00
Alexandre Pujol	46641e6cc6	chore: update links to the documentation website.	2024-01-30 15:45:03 +00:00
Alexandre Pujol	4672694d39	feat(profile): update kde profiles.	2024-01-30 14:59:26 +00:00
Alexandre Pujol	c08f93de50	feat(abs): add kde-strict abstraction	2024-01-30 14:16:18 +00:00
Alexandre Pujol	049e89b379	feat(profile): general update (2).	2024-01-28 22:33:45 +00:00
Alexandre Pujol	9b49999414	feat(dbus): general update.	2024-01-28 22:29:37 +00:00
Alexandre Pujol	a5c5ee70a2	feat(profile): general update.	2024-01-28 21:09:14 +00:00
Alexandre Pujol	4234c54f52	feat(profile): add keyboxd.	2024-01-27 19:43:12 +00:00
Alexandre Pujol	72ade58c98	feat(profile): add dbus-broker.	2024-01-27 19:39:54 +00:00
Alexandre Pujol	78d5ce9ecc	feat(profile): general update.	2024-01-27 19:39:14 +00:00
Alexandre Pujol	c2d88c9bff	fix(profile): ensure firefox can print to pdf. fix #283	2024-01-27 15:00:31 +00:00
Alexandre Pujol	1a1daeae07	feat(profile): general update.	2024-01-25 22:46:22 +00:00
Alexandre Pujol	55ae6d2b75	feat(full): improve fps setup.	2024-01-25 22:42:29 +00:00
Alexandre Pujol	cc98c21cbf	feat(tunable): add the coreutils variable.	2024-01-25 22:40:49 +00:00
Alexandre Pujol	7d3d01ac01	fix(fsp): conflicting x modifiers	2024-01-25 21:18:09 +00:00
Alexandre Pujol	134a487ff3	fix(profile): borg needs console access. Fix #280	2024-01-25 13:22:20 +00:00
Alexandre Pujol	a30c2e5e85	feat: add the new shells variable to ensure support for all interactive shell. Fix #269	2024-01-25 13:16:40 +00:00
nobody43	b376e9fade	Tunables polishing (#281 ) * adjust xorg display number * remove wildcard from python version * python wildcard #2 * unconventional tails * Delete apparmor.d/groups/apps/android-studio --------- Co-authored-by: nobody43 <nobody43@users.noreply.github.com>	2024-01-25 12:44:47 +00:00
Alexandre Pujol	293f651a4f	Merge branch 'Updating-polkit,-sddm,-unix-chkpwd,btrfs' of https://github.com/curiosityseeker/apparmor.d into curiosityseeker-Updating-polkit,-sddm,-unix-chkpwd,btrfs * 'Updating-polkit,-sddm,-unix-chkpwd,btrfs' of https://github.com/curiosityseeker/apparmor.d: Update login Update btrfs Update polkitd: @{PROC}/@{pid}/fdinfo/@{int} Update unix-chkpwd Update needrestart: adding unix_chkpwd Update sddm: adding unix_chkpwd	2024-01-25 12:07:36 +00:00
Alexandre Pujol	9a65da3605	feat(profile): apply profile guideline on secure-time-sync.	2024-01-24 21:03:49 +00:00
npwc	c3e92b3408	Create profile for secure-time-sync (#274 ) * Create profile for secure-time-sync Related to https://gitlab.com/madaidan/secure-time-sync * Update secure-time-sync * Update secure-time-sync * Update secure-time-sync	2024-01-24 21:00:08 +00:00
Alexandre Pujol	8f825473c6	feat(profile): apply profile guideline on sing-box.	2024-01-24 20:58:23 +00:00
npwc	e7dc2fbf06	Create profile for sing-box (#273 ) * Create profile for sing-box * Update sing-box	2024-01-24 20:53:14 +00:00
Alexandre Pujol	46cb726834	feat(profile): add dbus-broker-launch.	2024-01-21 13:27:19 +00:00
Alexandre Pujol	42fc4622ed	feat(profile): general update.	2024-01-21 11:56:02 +00:00
Alexandre Pujol	05b47adb13	feat(profile): remove some unused profiles.	2024-01-21 11:51:00 +00:00
Alexandre Pujol	b4a8733f39	feat(profile): improve chromium based profiles.	2024-01-21 11:50:28 +00:00
Alexandre Pujol	81e98bf71d	feat(profile): update some dbus rules.	2024-01-21 11:49:25 +00:00
curiosityseeker	2e396c11f9	Update login	2024-01-19 18:14:23 +01:00
curiosityseeker	d44d2491b9	Update btrfs	2024-01-19 16:44:21 +01:00
nobody43	6556856fed	Tighten `firefox` (#275 ) * Update firefox * Remove `sys_ptrace` line	2024-01-19 15:42:13 +00:00
curiosityseeker	a5db3d02d7	Update polkitd: @{PROC}/@{pid}/fdinfo/@{int}	2024-01-19 16:39:24 +01:00
curiosityseeker	056384ba90	Update unix-chkpwd	2024-01-19 16:37:28 +01:00
curiosityseeker	4bad072ddd	Update needrestart: adding unix_chkpwd	2024-01-19 16:36:18 +01:00
curiosityseeker	d0eb140d5c	Update sddm: adding unix_chkpwd	2024-01-19 16:35:06 +01:00
Alexandre Pujol	7581eacdc6	fix(profile): mariadb install on debian. fix #272	2024-01-14 11:52:52 +00:00
curiosityseeker	a16cbede0b	Various updates (#271 ) * Update kwin_wayland * Update plasmashell * Update pacman-hook-fontconfig * Update ksplashqml `/usr/share/qt/translations/.qm r,` is also in the qt5 abstraction. However, it seems that all other rules therein are not needed so I didn't use that abstraction. Update startplasma	2024-01-10 20:03:11 +00:00
Alexandre Pujol	e8651dc367	fix(profile): ensure pacman keyring update works.	2024-01-10 15:41:18 +00:00
Alexandre Pujol	62d548890d	fix: xorg on nvidia gpu.	2023-12-20 10:52:45 +00:00
Alexandre Pujol	6a81d335f8	feat(profile): general update.	2023-12-19 23:52:43 +00:00
Alexandre Pujol	ef1776b8d5	feat(profile): start using new abstractions (3)	2023-12-19 23:49:30 +00:00
Alexandre Pujol	a79a3f3311	feat(profile): start using new abstractions (2)	2023-12-19 23:42:30 +00:00
Alexandre Pujol	b7140c9b2b	feat(profile): start using new abstraction.	2023-12-19 23:29:15 +00:00
Alexandre Pujol	9f49052529	feat(profile): add some dbus rules.	2023-12-19 23:24:44 +00:00
Alexandre Pujol	53f3a27e16	feat(abs): add a new set of graphics absractions.	2023-12-19 18:36:58 +00:00
Alexandre Pujol	df20d29832	feat(abs): cleanup X-strict.	2023-12-18 19:24:25 +00:00
Alexandre Pujol	0c2b8f612b	feat(abs): add a new (generic) desktop abstraction.	2023-12-18 19:23:07 +00:00
Alexandre Pujol	c3d9c9ea48	feat(abs): add a new dri abstaction.	2023-12-18 19:22:27 +00:00
Alexandre Pujol	4032ead9b4	feat(profile): general update.	2023-12-17 23:47:16 +00:00
Alexandre Pujol	f362975ce7	feat(profile): add the open_path variable.	2023-12-17 23:43:14 +00:00
Alexandre Pujol	a46dfaad61	feat(profile): general update.	2023-12-17 17:39:56 +00:00
Alexandre Pujol	ee328f727b	fix(gpg): due to how apt keyring is managed, the generic gpg needs apt keyring access. fix #265	2023-12-17 17:33:42 +00:00
Alexandre Pujol	ca85373e3a	feat(dbus): start using the new dbus directive.	2023-12-17 14:14:42 +00:00
Alexandre Pujol	e2682b3072	fix(profile): userns not resolved.	2023-12-17 13:52:06 +00:00
Alexandre Pujol	1934a32004	fix(profile): missing label in update-manager	2023-12-17 13:08:33 +00:00
Alexandre Pujol	e1a30cbf7d	feat(profile): unify udev char dynamic assignment ranges.	2023-12-17 12:46:27 +00:00
Alexandre Pujol	ceb4c582e1	feat(dbus): update dbus rules.	2023-12-16 21:30:47 +00:00
Alexandre Pujol	dc3f292d45	feat(dbus): add/update dbus abstraction.	2023-12-16 21:26:10 +00:00
Alexandre Pujol	79ad345034	fix: mqueue rules.	2023-12-15 23:21:28 +00:00
Alexandre Pujol	b1212c6e62	feat(dbus): replace some rule by the new directives.	2023-12-15 22:26:35 +00:00
Alexandre Pujol	d2fc3c3325	fix(profile): merge flatpak-bwrap & flatpak-app. See #264	2023-12-15 18:07:18 +00:00
Alexandre Pujol	a1b86b56d2	feat(profile): general update.	2023-12-13 20:09:52 +00:00
Alexandre Pujol	ecb7f2e79f	feat(profiles): remove some old and unused profiles/abs.	2023-12-13 17:40:22 +00:00
Alexandre Pujol	23be6d904e	fix(profile): ensure xinit does not block unsupported programs. See #263	2023-12-13 17:38:26 +00:00
Alexandre Pujol	da8480b427	feat: remove some unused profiles & abs.	2023-12-12 18:29:44 +00:00
Alexandre Pujol	ab9e1932da	feat(profiles): general update.	2023-12-12 18:29:08 +00:00
Alexandre Pujol	42ea537687	fix(profile): ensure gio can launch its lib.	2023-12-11 20:49:48 +00:00
Alexandre Pujol	d2078fcb3a	feat(profile): general update.	2023-12-10 15:27:44 +00:00
Alexandre Pujol	4b973554db	feat(dbus): add more bus abstraction.	2023-12-10 14:47:24 +00:00
Alexandre Pujol	032d805666	feat(profile): general update.	2023-12-10 14:34:38 +00:00
Alexandre Pujol	c84af9e698	feat(profiles): add torbrowser profiles.	2023-12-09 16:21:06 +00:00
Alexandre Pujol	ccf4b4df06	feat(profiles): add some whonix specific profiles. Dev only, they may be moved into whonix repo later.	2023-12-09 16:19:42 +00:00
Alexandre Pujol	29b0e3e2e3	feat(profile): general update.	2023-12-09 16:14:22 +00:00
Alexandre Pujol	386402ed70	feat(profile): add some new profiles.	2023-12-09 11:39:10 +00:00
Alexandre Pujol	ed1ea18a9e	feat(profile): general update.	2023-12-09 11:28:23 +00:00
Alexandre Pujol	a9c864fe60	feat(profile): initial support for whonix.	2023-12-09 11:25:38 +00:00
Alexandre Pujol	f4505dd97d	feat(dbus): add new dbus abstraction.	2023-12-08 18:07:07 +00:00
Alexandre Pujol	c54d72543e	feat(profile): update flatpak.	2023-12-08 18:03:47 +00:00
Alexandre Pujol	d81bce5559	feat(profile): general update.	2023-12-08 18:01:39 +00:00
Alexandre Pujol	52e52f06db	feat(abs): unify app launcher abstraction.	2023-12-08 17:53:51 +00:00
Alexandre Pujol	9e402987c6	feat(tunables): add paths tunable To track common path of some major software.	2023-12-08 17:51:08 +00:00
Alexandre Pujol	bb947318a5	feat(profile): use the @{pci} varibale when possible.	2023-12-08 17:46:05 +00:00
Alexandre Pujol	013f1c5a83	feat(dbus): improve gnome-shell dbus rules.	2023-12-08 17:39:36 +00:00
Alexandre Pujol	853668e492	feat(dbus): improve dbus integration.	2023-12-08 17:38:21 +00:00
Alexandre Pujol	55a1fb6f9c	refractor(dbus): remove old dbus additions.	2023-12-06 22:03:54 +00:00
Alexandre Pujol	1cf268b770	refractor(dbus): use the new bus-{systemd,session} abstractions.	2023-12-06 21:56:59 +00:00
Alexandre Pujol	9861f005d4	feat(dbus): rewrite dbus rule for gnome-shell.	2023-12-06 20:23:15 +00:00
Alexandre Pujol	17c3faf09d	fix: issue in dbus rule.	2023-12-06 20:16:55 +00:00
Alexandre Pujol	4bddfd8690	refractor(dbus): bus/x -> bus-x.	2023-12-06 20:14:53 +00:00
Alexandre Pujol	0568ef0d45	feat(profile): add structure for some cups profile. They are empty, and forced into complain mode.	2023-12-06 20:06:49 +00:00
Alexandre Pujol	c0bab81e45	feat(profile): add some network deps profile.	2023-12-06 20:03:28 +00:00
Alexandre Pujol	a777161846	feat(profile): add initial structure some snap tools.	2023-12-06 20:02:15 +00:00
Alexandre Pujol	cc133e5f57	feat(profile): general update.	2023-12-06 20:00:40 +00:00
Alexandre Pujol	1307250250	feat(dbus): rewrite some dbus rules (9).	2023-12-06 19:55:48 +00:00
Alexandre Pujol	3425419f0e	feat(dbus): rename dbus abstractions.	2023-12-06 19:38:47 +00:00
Alexandre Pujol	401606b1aa	feat(dbus): add more dbus abstraction.	2023-12-06 19:21:06 +00:00
Alexandre Pujol	799b778480	feat(dbus): rename all new dbus abstractions. Use the dbus name as abstraction name.	2023-12-06 19:19:55 +00:00
Alexandre Pujol	aa1491a3c0	feat(dbus): add new unified main dbus abstraction. specify the aa profile in the peer label.	2023-12-06 19:10:23 +00:00
Alexandre Pujol	6a3cc952e1	feat(dbus): rewrite some dbus rules (8).	2023-12-05 21:27:03 +00:00
Alexandre Pujol	c4b48b06e2	feat(dbus): add login-session dbus abstraction.	2023-12-05 21:04:50 +00:00
Alexandre Pujol	538ec25001	feat(dbus): rewrite some dbus rules (7).	2023-12-05 21:01:26 +00:00
Alexandre Pujol	081c8a4fa1	feat(abs): add gnome-strict abstraction.	2023-12-05 20:50:22 +00:00
Alexandre Pujol	319b976beb	feat(profile): general update.	2023-12-05 20:45:13 +00:00
Alexandre Pujol	bf973760fd	feat(dbus): update some abs (2)	2023-12-05 20:37:31 +00:00
Alexandre Pujol	5d6c5e7baa	feat(dbus): update some abs.	2023-12-05 20:32:02 +00:00
Alexandre Pujol	95b62568b1	feat(dbus): add new dbus abstraction	2023-12-05 20:30:34 +00:00
Alexandre Pujol	94ff73c51b	fix: ensure all ibus deamon can run. Fix #260	2023-12-05 13:07:59 +00:00
Alexandre Pujol	c066ef0036	feat(dbus): rewrite some dbus rules (6).	2023-12-05 00:19:43 +00:00
Alexandre Pujol	da3b5103e4	feat(dbus): rewrite some dbus rules (5).	2023-12-04 21:54:45 +00:00
Alexandre Pujol	f5862c9862	feat(dbus): update common dbus abs.	2023-12-04 21:28:10 +00:00
Alexandre Pujol	8162c0aa2a	feat(dbus): add more dbus abstraction (2)	2023-12-04 21:27:18 +00:00
Alexandre Pujol	7f81da3a71	feat(profile): allow custom GUI launcher to start in xinit. See #259	2023-12-04 20:22:34 +00:00
Alexandre Pujol	16c2bf5662	feat(dbus): add more dbus abstraction.	2023-12-04 18:58:03 +00:00
Alexandre Pujol	2432414ae2	feat(dbus): rewrite some dbus rules (4).	2023-12-04 18:52:10 +00:00
Alexandre Pujol	dd1d9107e8	feat(profile): general update.	2023-12-03 16:57:50 +00:00
Alexandre Pujol	1edf507abf	feat(dbus): rewrite some dbus rules (4).	2023-12-03 16:53:25 +00:00
Alexandre Pujol	2af165403a	feat(dbus): rewrite some dbus rules (3).	2023-12-02 16:05:40 +00:00
Alexandre Pujol	92ebab604a	feat(dbus): add more dbus abstractions.	2023-12-02 15:52:00 +00:00
Alexandre Pujol	6810f4b050	fix(profile): add config dir on yt-dlp fix #258	2023-12-01 21:57:01 +00:00
Alexandre Pujol	3fc787e073	fix(profile): add cache dir for MPV. See #257	2023-12-01 21:53:59 +00:00
Alexandre Pujol	505770cd5a	feat(dbus): rewrite some dbus rules (2).	2023-12-01 21:53:09 +00:00
Alexandre Pujol	6d1ff256af	feat(dbus): rewrite some dbus rules (1).	2023-12-01 20:58:21 +00:00
Alexandre Pujol	d6888a65c4	feat(dbus): add initial polkit abstraction.	2023-12-01 20:42:41 +00:00
Alexandre Pujol	7f38dd255e	feat(profile): general update.	2023-12-01 13:22:45 +00:00
Alexandre Pujol	952ef478c0	fix(profile): brave-sandbox lib_dirs path. See: #255	2023-12-01 11:13:34 +00:00
Alexandre Pujol	4382a34b9e	feat(profile): add rfkill on networkd. See #256	2023-12-01 11:09:46 +00:00
Alexandre Pujol	8e45076077	feat(abs): add initial version of dbus abs.	2023-11-30 23:35:54 +00:00
Alexandre Pujol	d75fa9bbd5	feat(dbus): dbus rules cleanup (3)	2023-11-30 23:20:29 +00:00
Alexandre Pujol	cd391bae01	feat(dbus): dbus rules cleanup (2)	2023-11-30 22:42:49 +00:00
Alexandre Pujol	8a49f2ebe1	feat(dbus): dbus rules cleanup (1) - move common rule to abs - ensure peer name or label are always present - try to make rule more standard/easier to read	2023-11-30 22:39:44 +00:00
Alexandre Pujol	9517800a9d	feat(dbus): simple dbus rules cleaning.	2023-11-30 21:32:50 +00:00
Alexandre Pujol	dd06e3da65	feat(profile): modernise the calibre profile.	2023-11-30 21:25:41 +00:00
Alexandre Pujol	796cf32076	feat(profile): better kde integration. See #237	2023-11-30 19:04:59 +00:00
Alexandre Pujol	c27ec457d0	feat(profile): cleanup some dbus path/interfaces	2023-11-30 00:29:37 +00:00
Alexandre Pujol	459fe7c905	feat(profile): use the new bus/atspi abstraction in the profiles.	2023-11-30 00:22:34 +00:00
Alexandre Pujol	fe0cb4b48d	feat(profile): some cleanup in thunderbird.	2023-11-29 22:58:35 +00:00
Alexandre Pujol	5af4d3c921	fix(profiles): modernise plank & kstart - Still wip profile - Should enable additional DE to boot	2023-11-29 22:29:41 +00:00
Alexandre Pujol	f06f01a36a	Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update * 'feat/update' of https://github.com/Jeroen0494/apparmor.d: signal to socket Add kstart, XDG KDE updates Plank profile containerd and KDE updates	2023-11-29 22:20:29 +00:00
Alexandre Pujol	f5e7cd7d0c	feat(abs): add some common dbus rules.	2023-11-29 22:10:23 +00:00
Alexandre Pujol	94f18ed6c1	feat(abs): add new atspi dbus abstraction.	2023-11-29 22:09:05 +00:00
Alexandre Pujol	60e4a01a76	feat(abs): add some files into the base abstaction.	2023-11-29 17:50:26 +00:00
Alexandre Pujol	34630b2adf	fix(profile): private-files abs already included in private-files-strict. See `c8fd896`	2023-11-28 11:04:26 +00:00
Alexandre Pujol	a48daa9c9e	fix(profile): reduce the number of profile transition. See: `209688f`	2023-11-28 10:57:48 +00:00
Alexandre Pujol	209688fe86	feat(profile): general update.	2023-11-27 19:35:42 +00:00
Alexandre Pujol	fade97486d	feat(profile): add udev child & low-memory profiles.	2023-11-27 19:32:50 +00:00
Alexandre Pujol	cdfa76924b	feat(profile): add dleyna profiles.	2023-11-27 19:27:44 +00:00
Alexandre Pujol	c8fd896a0b	feat(profile): add nautilus previewer.	2023-11-27 19:26:13 +00:00
Alexandre Pujol	4c689dbad9	feat(profile): add gdm init profiles.	2023-11-27 19:25:34 +00:00
Alexandre Pujol	b8c2380da4	feat(profile): add epiphany providers.	2023-11-27 19:23:35 +00:00
Alexandre Pujol	52278490ab	feat(profile): general update.	2023-11-27 19:00:18 +00:00
Alexandre Pujol	319bea17c3	fix(full): fix pivot_root rule.	2023-11-27 18:56:39 +00:00
Alexandre Pujol	aa1553388b	feat(flatpak): add flatpak integration. - Add flatpak profile - Add flatpak-bwrap subprofile: it manage the sandbox creation & has some larger access. - Add flatpak-app, default profile for sandboxed app. See Full system policy #252	2023-11-26 23:19:09 +00:00
Alexandre Pujol	e41779f576	feat(full): add default bwrap profiles. On full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application. It is not enabled by default as the sandbox profile is quite large. Also integrate with the gnome app that use bwrap as sandbox manager. Update other related profiles See Full system policy #252	2023-11-26 23:12:35 +00:00
Alexandre Pujol	3da0ad2572	feat(full): add bwrap-app abstraction.	2023-11-26 23:08:02 +00:00
Alexandre Pujol	d8ff8c8cd6	feat(kde): add some kde profiles.	2023-11-26 23:07:02 +00:00
Alexandre Pujol	c2bc6f26ae	feat(profile): update kde profiles.	2023-11-26 23:05:01 +00:00
Alexandre Pujol	8250e202a0	feat(profile): general update.	2023-11-26 21:24:40 +00:00
Alexandre Pujol	cd1de59aad	feat(abs): improve audio abstraction.	2023-11-24 18:17:26 +00:00
Alexandre Pujol	ef1023156e	feat(profile): minor kde improvment on opensuse. see #208	2023-11-23 11:19:38 +00:00
Alexandre Pujol	31bc5a6053	feat(profiles): general update.	2023-11-22 21:37:09 +00:00
Alexandre Pujol	a49d83993a	feat(profile): add snapd-apparmor	2023-11-22 20:58:05 +00:00
Alexandre Pujol	c62b45964d	feat(profile): add e2scrub_all.	2023-11-22 20:56:42 +00:00
Alexandre Pujol	17d187e93b	feat(profiles): ensure apparmor_parser works with snap.	2023-11-22 20:55:47 +00:00
Alexandre Pujol	e247a3949e	feat(systemd): add initial version of all missing generator.	2023-11-22 20:55:01 +00:00
Alexandre Pujol	07acb8043b	feat(profiles): rename all systemd generator.	2023-11-22 20:51:10 +00:00
Alexandre Pujol	ba1cad7f73	feat(profile): improve child-open.	2023-11-22 20:12:59 +00:00
Alexandre Pujol	9ab0745e2d	feat(full): add default fallback profile. See #252	2023-11-22 20:12:20 +00:00
Alexandre Pujol	da51cdba64	feat(profiles): improve freedesktop profiles.	2023-11-22 20:07:31 +00:00
Alexandre Pujol	6c6646e1f6	feat(profiles): minor kde additions.	2023-11-22 20:06:39 +00:00
Alexandre Pujol	ae99433595	feat(full): simplify the service profiles.	2023-11-22 20:04:17 +00:00
Alexandre Pujol	04513af863	feat: cleanup child-systemctl	2023-11-22 18:43:43 +00:00
Alexandre Pujol	23be43ebd0	feat(full): improve how systemd handle services	2023-11-22 18:42:23 +00:00
Alexandre Pujol	908aba0385	feat(profiles): add some ubuntu specific profiles.	2023-11-19 21:42:31 +00:00
Alexandre Pujol	e29e839c62	feat(profiles): update apt related profiles.	2023-11-19 21:40:12 +00:00
Alexandre Pujol	07e7810d15	feat(full): add some services profile.	2023-11-19 21:39:36 +00:00
Alexandre Pujol	f43f950c90	feat(full): improve systemd-user profile.	2023-11-19 21:35:53 +00:00
Alexandre Pujol	59140f5411	feat(full): improve systemd profile. See https://apparmor.pujol.io/development/structure/#full-system-policy	2023-11-19 21:31:57 +00:00
monsieuremre	83a2a1cbf9	Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249 ) * full-policy * change path * change * big fix * Delete apparmor.d/groups/_full/systemd * Update and rename full-policy to systemd	2023-11-19 20:54:09 +00:00
Alexandre Pujol	f0cdadbdaf	feat(abs): improve mesa abstraction.	2023-11-19 15:39:02 +00:00
Alexandre Pujol	d1c8471b1d	fix: rule compilation.	2023-11-19 11:39:24 +00:00
Alexandre Pujol	88555a12d0	feat(profiles): add initial userns rule. Require apparmor 4 to be enabled.	2023-11-19 11:19:24 +00:00
Alexandre Pujol	2143fb03af	feat(full): add new systemd variable.	2023-11-19 11:13:40 +00:00
Alexandre Pujol	b79a1fcd31	feat(profile): general update. Also include some preparation for the systemd profile.	2023-11-19 11:08:35 +00:00
Alexandre Pujol	e8fcc12c98	feat(profiles): cleanup dbus daemon related profile.	2023-11-13 23:10:00 +00:00
Alexandre Pujol	e99f7de703	fix(profiles): fix slow startup of gnome at-spi-bus-launcher starts the accessibility bus. We need to ensure all buses are initally started by the same profile, otherwise the accessibility fail to start. See #74, #80 & #235	2023-11-13 22:59:10 +00:00
Alexandre Pujol	d3084839d1	feat(profiles): improve support for debian over gnome.	2023-11-13 22:14:54 +00:00
Alexandre Pujol	31edd15e8a	feat(profiles): improve kde integration.	2023-11-13 22:11:12 +00:00
Alexandre Pujol	6f98bb9bfb	feat(abs): add more possible resolv.conf path in nameservice. Used a lot by debian.	2023-11-13 19:32:04 +00:00
Alexandre Pujol	f0a2cb3897	feat(profiles): general update.	2023-11-11 22:02:47 +00:00
Alexandre Pujol	02115a194b	chore: cleanup abstraction' headers.	2023-11-11 20:25:55 +00:00
Alexandre Pujol	758991f67b	feat(profiles): general update.	2023-11-09 17:31:45 +00:00
Alexandre Pujol	ee658c41a6	refractor(profiles): improve child profile structure.	2023-11-09 17:29:34 +00:00
Alexandre Pujol	499b9e785d	feat(full): update full system structure. - Aims to be compatible with full-policy profile - Required by systemd	2023-11-09 17:27:19 +00:00
Jeroen Rijken	d042526ca4	signal to socket Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:32:07 +01:00
Jeroen Rijken	c5998d37a2	Add kstart, XDG KDE updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:32:07 +01:00
Jeroen Rijken	eaf9bdb32b	Plank profile Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:31:32 +01:00
Jeroen Rijken	90e98b6b56	containerd and KDE updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-10-31 16:31:32 +01:00
Alexandre Pujol	84ecf85c0b	feat(profiles): add dell cctk.	2023-10-26 22:40:21 +01:00
Alexandre Pujol	471b544d99	feat(profiles): better integration with not existing profile.	2023-10-26 22:38:39 +01:00
Alexandre Pujol	0031c9e86f	feat(profiles): minor dbus improvment.	2023-10-26 22:37:56 +01:00
Alexandre Pujol	aa7fe16a20	feat(profile): improve opensuse integration. See #208	2023-10-20 23:50:26 +01:00
Alexandre Pujol	4276ede03c	feat(profile): rewrite update-ca-certificates.	2023-10-20 23:43:36 +01:00
Alexandre Pujol	ed7585c3d0	refractor(profile): clean some dbus rules.	2023-10-20 23:15:39 +01:00
Alexandre Pujol	e26302b155	feat(profile): general update.	2023-10-20 23:13:11 +01:00
curiosityseeker	04cae35e6e	Update pacman-key (#230 )	2023-10-20 21:50:56 +00:00
curiosityseeker	38648bcba1	Update pipewire (#231 ) Necessary after the recent pipewire update, otherwise audio devices are no longer available.	2023-10-20 11:36:09 +00:00
Alexandre Pujol	ec5311413a	fix(tunables): better mountdirs.	2023-10-16 22:48:36 +01:00
Alexandre Pujol	e43ce58de1	feat(profiles): improve kde integration. See #208	2023-10-16 22:48:13 +01:00
Alexandre Pujol	5f47df0b79	feat(profiles): general update.	2023-10-13 00:05:53 +01:00
Alexandre Pujol	387f2f91fc	fix(profiles): fix brave entry point.	2023-10-13 00:03:29 +01:00
Alexandre Pujol	f5e3c86c6c	feat(profile): improve kde integration See #208	2023-10-09 21:13:40 +01:00
Alexandre Pujol	1cfe802172	feat(profile): support open suse path for git. See #208	2023-10-09 21:01:49 +01:00
Alexandre Pujol	b5fbef8eef	feat(profiles): general update.	2023-10-08 14:00:21 +01:00
Alexandre Pujol	352c444ae6	feat(profiles): general update.	2023-10-01 16:06:28 +01:00
Alexandre Pujol	ab0ee1a317	feat(profiles): add initial version of passim passimd.	2023-10-01 13:10:17 +01:00
Alexandre Pujol	70dc9b7844	feat(profile): remove the atom profile.	2023-09-29 19:47:08 +01:00
Alexandre Pujol	2aace6bccb	feat(profile): improve kde integration.	2023-09-29 19:33:09 +01:00
curiosityseeker	047c819e8c	Update fontconfig-cache-write	2023-09-29 19:28:51 +01:00
curiosityseeker	3d1c8e8b22	Update kwin_wayland	2023-09-29 19:28:51 +01:00
curiosityseeker	901cd72199	Update kwin_wayland	2023-09-29 19:28:51 +01:00
curiosityseeker	4eaa560dd2	Update systemd-logind	2023-09-29 19:28:51 +01:00
curiosityseeker	45cfd7a145	Update kwin_wayland	2023-09-29 19:28:51 +01:00
curiosityseeker	4a62b3c46b	Update systemd-logind	2023-09-29 19:28:51 +01:00
curiosityseeker	65d0513ebb	Update kde-powerdevil	2023-09-29 19:28:51 +01:00
curiosityseeker	db71240aca	Update xkbcomp	2023-09-29 19:28:51 +01:00
curiosityseeker	a0e8801f7c	Update uname	2023-09-29 19:28:51 +01:00
curiosityseeker	2438497385	Update which	2023-09-29 19:28:51 +01:00
curiosityseeker	2ec1f7daa1	Update kwin_wayland	2023-09-29 19:28:51 +01:00
Alexandre Pujol	c8ee832c11	feat(profile): general update	2023-09-29 19:25:30 +01:00
Alexandre Pujol	24affe46f2	fix(abs): SSD Nvme devices pci path.	2023-09-18 19:08:07 +01:00
Alexandre Pujol	c12f089af3	fix(tunables): ensure pci devices are correctly catched. It is less restrictive, but is is guaranted to work.	2023-09-17 21:58:30 +01:00
Alexandre Pujol	d3f05fb334	chore: cosmetic	2023-09-17 21:55:11 +01:00
Alexandre Pujol	2d76c6fc31	refractor(profiles): change variable stryle in thunderbird.	2023-09-15 22:03:51 +01:00
Alexandre Pujol	0713599eb4	feat(profiles): update vlc profile.	2023-09-15 22:02:45 +01:00
Alexandre Pujol	6a78b17d23	feat(profiles): general update.	2023-09-15 22:01:08 +01:00
Alexandre Pujol	f7d1931bdf	feat(dbus): improve dbus introspectable rules.	2023-09-15 18:14:39 +01:00
Alexandre Pujol	2d2693bd99	refractor(profiles): unify the name of the local variables.	2023-09-13 20:55:20 +01:00
Alexandre Pujol	57f914d7fd	feat(profiles): ensure some major program can launch from dbus-daemon-launch-helper See: #216	2023-09-12 23:15:57 +01:00
Alexandre Pujol	6f8ad7ab81	fix: profile compilation.	2023-09-12 23:00:40 +01:00
Alexandre Pujol	6db83003c7	feat(profiles): general update.	2023-09-12 22:59:07 +01:00
Alexandre Pujol	6c397882ad	feat(dbus): update dbus rules.	2023-09-12 22:55:24 +01:00
Alexandre Pujol	600a71a6b1	refractor: move vlc profile.	2023-09-12 22:49:20 +01:00
Alexandre Pujol	9a8a919b6c	feat(kde): add baloorunner.	2023-09-11 21:33:19 +01:00
Jose Maldonado	9fec58db35	Fix access to /tmp folders for Firefox ESR in Debian (#215 ) Firefox ESR in Debian Stable require access to additional folders in /tmp when use a configuration with multiple profiles.	2023-09-11 16:51:01 +00:00
Jose Maldonado aka Yukiteru	4aaa9379a1	Update ignore and better defaults for mpv Add access to GPU ids (amdgpu) for hwaccel in mpv, and better defaults for user_config. Update gitnore and debian/control	2023-09-11 10:03:51 +01:00
Alexandre Pujol	b9fb4b72d2	fix: minor profiles fixes.	2023-09-10 12:41:47 +01:00
Alexandre Pujol	e381aace56	feat(profiles): ensure child-open is available.	2023-09-10 12:10:14 +01:00
Alexandre Pujol	3147f7d59a	feat(snap): do not confine snap. Curently ignored because of some incompatibilities with snap-confine. snap-confine is more important to confine than snap itself.	2023-09-10 12:07:35 +01:00
curiosityseeker	aaed7a25da	Various updates (#209 )	2023-09-10 10:59:26 +00:00
nobody43	5d7ce06a62	scratch that	2023-09-10 11:58:13 +01:00
nobody43	d414083113	Debian 12 Gnome DE	2023-09-10 11:58:13 +01:00
Jose Maldonado aka Yukiteru	0687c32df2	Add a Music Player Daemon profile This is a simple Music Player Daemon (mpd) profile. Tested in my workstation (actually this is my setup for music) using Debian Stable.	2023-09-10 11:00:27 +01:00
Jose Maldonado aka Yukiteru	43ade39bbd	Fix access to /tmp/user/@{uid} in Debian Stable Firefox require access to /tmp/user/@{uid}/ for downloads in Firefox ESR for actual Debian Stable (FirefoxESR-102.15.0esr-1-deb12u1)	2023-09-10 11:00:27 +01:00
Alexandre Pujol	f008e9c6cf	feat: remove some useless or deprecated profiles	2023-09-07 17:59:29 +01:00
Alexandre Pujol	6b159fe918	feat: cleanup ignored profile list.	2023-09-07 17:58:47 +01:00
Alexandre Pujol	1fb2de0acd	feat(profiles): general update.	2023-09-05 23:36:46 +01:00
Alexandre Pujol	7b4979cc63	feat(profiles): update snap profiles.	2023-09-05 23:33:58 +01:00
Alexandre Pujol	245db40b2d	fix(abs): update pci path for disk acess.	2023-09-05 23:32:11 +01:00
Alexandre Pujol	19c1bcc2c7	fix(tunable): pci id are hex.	2023-09-05 23:23:06 +01:00
Alexandre Pujol	7c24dde028	feat(profile): rewrite profile for vscode (wip).	2023-09-05 19:15:01 +01:00
Alexandre Pujol	73ff7efe60	refractor(profile): merge swapon & swapoff	2023-09-05 19:09:11 +01:00
Alexandre Pujol	9a614a3502	feat(profiles): improve opensuse integration. See: #208	2023-09-05 16:53:50 +01:00
Alexandre Pujol	155ef6bef1	feat(profiles): general update.	2023-09-05 16:42:06 +01:00
Alexandre Pujol	1fb5475ad1	fix(profiles): compatibilty with some dist. See #191	2023-09-05 16:36:20 +01:00
Alexandre Pujol	a3cacccd90	fix(profiles): ensure some profile do not break when sandboxed. See #191	2023-09-05 16:34:22 +01:00
Alexandre Pujol	e169ea5ccf	fix(profiles): ensure entry points for snap work.	2023-09-05 13:59:37 +01:00
curiosityseeker	41525621aa	Various updates (#204 )	2023-09-04 13:58:07 +00:00
glitsj16	090349bed2	xdg-user-dirs.d/apparmor.d: ftx typo (#207 )	2023-09-04 08:58:29 +00:00
Alexandre Pujol	ad13a1a0c3	feat(profiles): remove profile for wget.	2023-09-03 20:28:31 +01:00
Alexandre Pujol	ca2469c470	feat(profiles): add aa-teardown	2023-09-03 20:27:32 +01:00
Alexandre Pujol	b2fa7bacb8	feat(profiles): general update.	2023-09-01 22:50:43 +01:00
Alexandre Pujol	0c151259d2	feat(profiles): update kde group.	2023-09-01 22:47:37 +01:00
Alexandre Pujol	aea0034fcc	chore: various cosmetic changes.	2023-09-01 19:26:52 +01:00
curiosityseeker	c2bb733624	Various updates (#201 )	2023-09-01 18:09:45 +00:00
curiosityseeker	86b1ee4df2	Updating sddm, plasmashell, kwin_wayland, startplasma, kscreenlocker-greet and mesa and wayland abstractions (#200 ) * Update sddm * Update plasmashell * Update kwin_wayland * Update kscreenlocker-greet * Update startplasma * Update complete Needed by various applications, e.g. kwin_wayland. * Mesa rules for sddm	2023-08-30 18:48:25 +00:00
Alexandre Pujol	266db5d030	chore: cosmetic.	2023-08-27 15:50:51 +01:00
Alexandre Pujol	993d490a62	feat(profiles): add aa-complain.	2023-08-27 15:47:49 +01:00
Alexandre Pujol	a30d3dd415	feat(profiles): add element-desktop.	2023-08-27 15:42:30 +01:00
Alexandre Pujol	22e57b3620	feat(profiles): apply guideline on some profile. Update flags list.	2023-08-27 15:30:18 +01:00
Alexandre Pujol	7a5096e7d8	feat(profiles): add inital version of dolphin.	2023-08-27 15:24:54 +01:00
Alexandre Pujol	ad3e5a5dcf	feat(profiles): add protonmail-bridge.	2023-08-27 15:17:36 +01:00
Alexandre Pujol	8cfe2780d4	feat(profiles): rewrite the spotify profile.	2023-08-27 15:00:02 +01:00
Alexandre Pujol	b0eed1ae39	feat(profiles): add transmission-gtk	2023-08-27 14:59:02 +01:00
Alexandre Pujol	4d79af2203	feat(profiles): add gnome-extension-gsconnect	2023-08-27 14:57:50 +01:00
Alexandre Pujol	75ef5ef6ad	feat(profiles): general update.	2023-08-27 14:54:04 +01:00
Alexandre Pujol	19331acaa9	feat(profiles): improve dbus related rules.	2023-08-27 14:46:49 +01:00
Alexandre Pujol	2db6b12a9b	chore: cosmetic on snap profiles.	2023-08-27 14:42:13 +01:00
Alexandre Pujol	eb1c03949f	feat(abs): improve some abstraction.	2023-08-27 14:40:56 +01:00
Alexandre Pujol	ec3c5cd62e	feat(profiles): improve kde integration.	2023-08-27 14:32:08 +01:00
Alexandre Pujol	41e0ac6ba8	feat(profiles): rewrite dpkg profile.	2023-08-27 13:30:01 +01:00
curiosityseeker	7f4cef2fff	Kwin wayland, kwin wayland wrapper and sddm (#198 ) * Update kwin_wayland Please check the udev rules and change them if needed - I'm not familiar with them. * Update kwin_wayland_wrapper * Update sddm * Update kwin_wayland_wrapper Reverting change for @{run}/user/@{uid} * Update kwin_wayland: Correct udev rule * Update kwin_wayland: adding the wayland abs * Update sddm: reverting owner /tmo rules * Update sddm: reverting /usr/share/X11/xkb rule * Update sddm: adding the mesa abs * Update kwin_wayland: order udev rules	2023-08-27 11:19:13 +00:00
Alexandre Pujol	393f7001dc	fix(aa-log): profile template. See #182	2023-08-26 11:32:56 +01:00
Alexandre Pujol	d80b758968	feat(abs): modernize disk-read/write abs.	2023-08-24 19:34:21 +01:00
Alexandre Pujol	25782cb925	feat(abs): devices-usb - remove unneeded udev rule.	2023-08-24 19:32:45 +01:00
Alexandre Pujol	07cfbcd952	feat(profiles): modernize udev access.	2023-08-24 19:31:54 +01:00
Alexandre Pujol	73cb5a4545	feat(profiles): add kwin_wayland.	2023-08-23 18:14:22 +01:00
curiosityseeker	80b2124807	kded5, plasmashell, startplasma and sddm updates (#197 ) * Update kded5 * Update startplasma * Update plasmashell * Update sddm	2023-08-23 12:54:28 +00:00
Alexandre Pujol	96b8f96137	feat(profiles): general update.	2023-08-22 23:23:47 +01:00
Alexandre Pujol	261778dbb3	revertL dbus session unix address.	2023-08-22 18:54:39 +01:00
Alexandre Pujol	360230b2a5	feat(profiles): general update.	2023-08-21 23:32:10 +01:00
Alexandre Pujol	6756ca8138	fix(abs): gstreamer cache structure.	2023-08-21 23:27:35 +01:00
Alexandre Pujol	3c6898db5a	fix(tunables): pci devices path.	2023-08-21 23:27:00 +01:00
Alexandre Pujol	0ed036efd5	feat(firefox): minor firefox update.	2023-08-21 23:23:08 +01:00
Alexandre Pujol	5dbc42aaab	feat(abs): update some abstractions.	2023-08-21 23:21:14 +01:00
Alexandre Pujol	310f36f433	feat(tunables): some variables tweak definition.	2023-08-21 23:10:31 +01:00
Alexandre Pujol	5badb6f32c	feat(tunables): add a new @{rand10} variable.	2023-08-19 14:33:07 +01:00
Alexandre Pujol	5704d1ba20	feat(profiles): various profile fixes.	2023-08-19 14:01:50 +01:00
Alexandre Pujol	1dbced42ed	feat(tunables): add a new @{pci} variable.	2023-08-18 22:35:32 +01:00
Alexandre Pujol	275d6b6e62	feat(profiles): replace old [0-9]* glob by @{int} Beware some [0-9]* glob are actually not proper @{int}.	2023-08-18 17:09:53 +01:00
Alexandre Pujol	8ea4491a56	fix(abs): some block device use more than int as identifier.	2023-08-18 15:24:22 +01:00
Alexandre Pujol	b2d093e125	feat(abs): restric abstraction by using new @{int} and @{rand} variables.	2023-08-17 21:24:02 +01:00
Alexandre Pujol	557d905543	Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables * 'tunables' of https://github.com/nobody43/apparmor.d: dbus temp tails Update apparmor.d Update gdm-runtime-config more unrelated changes adjust date-time random tails rename to int, convert more profiles fixes tunables	2023-08-17 20:01:53 +01:00
curiosityseeker	7b018a60bd	Update pacman (#193 ) * Update pacman `@{exec_path} mr,` is causing the following errors: ``` ALLOWED pacman exec owner /usr/bin/pacman -> pacman//null-/usr/bin/pacman comm=bash requested_mask=x denied_mask=x ALLOWED pacman//null-/usr/bin/pacman file_inherit owner /dev/pts/4 comm=pacman requested_mask=wr denied_mask=wr ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/bin/pacman comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/lib/ld-linux-x86-64.so.2 comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman open owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r ALLOWED pacman//null-/usr/bin/pacman getattr owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r etc. ``` `@{exec_path} mrix,` fixes it. Commits for new profiles for `checkrebuild` and `pkgfile` will follow. * Fix pacman update * Update apparmor.d/groups/pacman/pacman Co-authored-by: Alex <roddhjav@users.noreply.github.com> --------- Co-authored-by: Alex <roddhjav@users.noreply.github.com>	2023-08-17 18:49:56 +00:00
curiosityseeker	c2c745888c	Update complete Move entries from child-open to this abstraction.	2023-08-17 19:43:29 +01:00
curiosityseeker	2299eb00f6	Partially revert change in child-open	2023-08-17 19:43:29 +01:00
curiosityseeker	f2511210af	Update complete Adding `kde-open`	2023-08-17 19:43:29 +01:00
curiosityseeker	c409fe84d2	Create complete `child-open` includes the `xdg-open` abstraction which in turn includes the `kde-open5` abstraction which contains `/usr/bin/kde-open5 rix,` but NOT `/usr/bin/kde-open rix,`causing an error.	2023-08-17 19:43:29 +01:00
curiosityseeker	9da2809695	Update child-open Adding gwenview and libreoffice	2023-08-17 19:43:29 +01:00
curiosityseeker	6fc8cd3e60	Brave: adjust @{exec_path} (#161 ) The path in Ubuntu is: /opt/brave.com/brave/brave The path in Arch is: /opt/brave-bin/brave That's why Brave was not confined on Arch.	2023-08-17 18:41:13 +00:00
ShellCode	cc8210a1bd	Fix xdg user dirs (#186 ) * Rename XDG__HOME to XDG__DIR for consistent naming * tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override	2023-08-17 18:28:10 +00:00
Alexandre Pujol	5ee31716ae	feat(profile): split evince profiles in multiple files.	2023-08-17 18:47:53 +01:00
Alexandre Pujol	f3ab8d2c71	refractor: rename some vscode related profile	2023-08-17 18:47:01 +01:00
Alexandre Pujol	3f8d559dcc	feat(profiles): add some thunderbird related profiles.	2023-08-17 18:45:10 +01:00
Alexandre Pujol	5d47dfba95	feat(profiles): general update.	2023-08-17 18:43:56 +01:00
Alexandre Pujol	f7b9ff959a	feat(profiles): rewrite the signal-desktop profile.	2023-08-17 18:37:36 +01:00
Alexandre Pujol	5911c43930	Merge branch 'main' of github.com:roddhjav/apparmor.d * 'main' of github.com:roddhjav/apparmor.d: fix: signal-desktop (#195)	2023-08-17 18:35:50 +01:00
Cyril Levis	b49bd32564	fix: signal-desktop (#195 ) issue: https://github.com/roddhjav/apparmor.d/issues/194	2023-08-14 15:55:02 +00:00
Alexandre Pujol	1db6f5f67c	feat(profiles): improve ibus entry point.	2023-08-13 21:19:16 +01:00
Alexandre Pujol	09943156bc	feat(profiles): add multipath profiles See #134 Signed-off-by: @cboltz	2023-08-13 20:06:08 +01:00
Alexandre Pujol	a2c35b07a5	fix: libvirtd profile.	2023-08-06 16:45:39 +02:00
Alexandre Pujol	03cf850666	feat(profile): support for diverse wayland compositors. See #165	2023-08-06 16:31:49 +02:00
Alexandre Pujol	1cac6715db	feat(profiles): general update.	2023-08-06 16:30:38 +02:00
Alexandre Pujol	cdc10fdb31	feat(profiles): general update. See #134	2023-08-06 16:06:17 +02:00
Alexandre Pujol	5938079dfd	fix: missing "startplasma-wayland" profile, but "sddm" tries to transition to it. #188	2023-08-06 10:22:05 +02:00
curiosityseeker	4894d6a3c4	Adding /dev/tty[0-9]* and /dev/pts/[0-9]* to various profiles; update kded5 and reflector (#183 ) * Update update-mime-database * Update btrfs * Update update-grub * Update pacman-hook-depmod * Update pacman * Update systemd-sysusers * Update lscpu * Update pacman-hook-systemd * Update pacman-hook-perl * Update pacman-hook-gtk * Update needrestart-iucode-scan-versions * Update reflector * Update kded5	2023-07-27 11:23:04 +00:00
ShellCode	0f9b7cb474	Fix #184 (#185 ) * Replace @{HOME}/.config with @{user_config_dirs} * Replace @{HOME}/.cache with @{user_cache_dirs} * Replace @{HOME}/.local/state with @{user_state_dirs} * Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d * Update docs/variables.md * Replace @{HOME}/.local/share with @{user_share_dirs} * Replace @{HOME}/.local/lib with @{user_lib_dirs} * Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d" This reverts commit `9525003098`.	2023-07-27 11:20:19 +00:00
curiosityseeker	714971911a	Update needrestart (#181 )	2023-07-24 10:31:03 +00:00
Alexandre Pujol	2307c536b3	feat: add XDG_MAIL_DIR variable	2023-07-20 21:19:23 +01:00
Alexandre Pujol	9b4be2d2c4	feat(profiles): rewrite the thunderbird profile. Only thunderbird version 115+ is supported.	2023-07-20 21:12:37 +01:00
Alexandre Pujol	a79f03f038	feat(kde): improve support for kde.	2023-07-20 21:10:19 +01:00
Alexandre Pujol	1424fb5493	feat(profiles): add iio-sensor-proxy	2023-07-20 21:09:18 +01:00
Alexandre Pujol	af1eda51bd	feat(profiles): general update.	2023-07-20 21:07:27 +01:00
Alexandre Pujol	a3d121fe23	feat(kde): improve support for support.	2023-07-20 21:04:22 +01:00
Alexandre Pujol	d2a650f6c6	feat(profiles): improve dbus integration.	2023-07-20 21:00:41 +01:00
Alexandre Pujol	2a4fa1e6de	refactor(profiles): move thunderbird and code profiles.	2023-07-20 20:54:36 +01:00
Alexandre Pujol	ce7209f2a1	feat(kde): improve kde integration (wip).	2023-07-18 22:30:01 +01:00
Alexandre Pujol	9c08b36182	feat(profiles): general update.	2023-07-18 22:28:30 +01:00
Alexandre Pujol	b4311dac65	fix(profiles): add missing firefox_config_dirs.	2023-07-12 22:01:28 +01:00
Alexandre Pujol	db35aa9249	feat(profiles): add firefox glxtest & vaapitest profiles.	2023-07-12 21:59:13 +01:00
Alexandre Pujol	0bf068d3f2	fix: add missing lib vars.	2023-07-09 15:15:20 +01:00
Alexandre Pujol	dab27a492d	feat(profiles): update dhcpcd.	2023-07-09 15:13:59 +01:00
Alexandre Pujol	1f75dc9956	build: update build for new bin & lib variables	2023-07-09 15:09:32 +01:00
Alexandre Pujol	2b2c42d23c	refactor(profiles): use @{bin} and @{lib} in profiles (7)	2023-07-09 14:59:53 +01:00
Alexandre Pujol	7c2c806ffa	refactor(profiles): use @{bin} and @{lib} in profiles (6)	2023-07-09 14:46:56 +01:00
Alexandre Pujol	fcedbbfd95	refactor(profiles): use @{bin} and @{lib} in profiles (5)	2023-07-09 14:34:42 +01:00
Alexandre Pujol	43b0f09b65	refactor(profiles): use @{bin} and @{lib} in profiles (4)	2023-07-09 14:23:22 +01:00
Alexandre Pujol	27daa7c9bb	refactor(profiles): use @{bin} and @{lib} in profiles (3)	2023-07-09 14:09:55 +01:00
Alexandre Pujol	2eed3b725f	refactor(profiles): use @{bin} and @{lib} in profiles (2)	2023-07-09 13:30:27 +01:00
Alexandre Pujol	bb71f49598	refactor(profiles): use @{bin} and @{lib} in profiles (1)	2023-07-09 13:20:25 +01:00
Alexandre Pujol	59469b57b4	feat(profiles): general update.	2023-07-09 12:30:09 +01:00
Alexandre Pujol	1a82f00d2f	feat(profiles): rewrite vscode profile.	2023-07-09 12:26:38 +01:00
Alexandre Pujol	6d7996a2fd	fix: allow thunderbird to be started by gnome. fix #175	2023-07-08 12:58:58 +01:00
Alexandre Pujol	501d0afa35	feat(profiles): akonadi update.	2023-07-08 12:44:05 +01:00
Alexandre Pujol	7deac2c904	feat(profiles): add mutter-x11-frames.	2023-07-08 12:39:24 +01:00
Alexandre Pujol	6715564053	feat(profiles): general update.	2023-07-08 12:37:40 +01:00
Alexandre Pujol	62cb1d9b96	feat: improve firefox profile - New subprofile - Restric udev/data	2023-07-08 12:30:01 +01:00
Alexandre Pujol	2e69fa0a01	feat: remove unsuported profiles.	2023-07-08 12:28:47 +01:00
Alexandre Pujol	03753373a9	fix: discord entrypoint. fix #174	2023-07-08 12:28:07 +01:00
curiosityseeker	10bd4973c5	General update (#172 ) * Update akonadi_mailfilter_agent * Update plasmashell https://github.com/roddhjav/apparmor.d/discussions/168 Adding k, to the "targets" suggested by audit.log * Update pacman	2023-07-04 09:55:51 +00:00
Alexandre Pujol	69490ed262	feat: add @{lib} and @{bin} variable def.	2023-07-03 14:11:07 +01:00
Alexandre Pujol	11617131ce	feat(profiles): general update.	2023-07-03 14:09:25 +01:00
curiosityseeker	98e59e9336	Akonadi and plasmashell updates (#163 ) * Update plasmashell * Update akonadi_akonotes_resource * Update akonadi_archivemail_agent * Update akonadi_birthdays_resource * Update akonadi_contacts_resource * Update akonadi_control * Update akonadi_followupreminder_agent * Update akonadi_ical_resource * Update akonadi_indexing_agent * Update akonadi_maildir_resource * Update akonadi_maildispatcher_agent * Update akonadi_mailfilter_agent * Update akonadi_mailmerge_agent * Update akonadi_migration_agent * Update akonadi_newmailnotifier_agent * Update akonadi_sendlater_agent * Update akonadi_unifiedmailbox_agent * Revert change * Revert change * Revert change * Revert change * Revert change and add dri-enumerate abstraction * Revert change * Revert change and add dri-enumerate abstraction * Revert change * Revert change * Revert change * Revert change * Revert change and add dri-enumerate abstraction * Revert change * Revert change * Revert change * Revert change * Removing /usr/share/icons/{,*} again Adding the audio abstraction * Adding the consoles abstraction * plasmashell: adding back /dev/shm/ r, and /dev/ptmx rw, * akonadi_mailfilter_agent: removing the user-tmp abstraction I haven't been able to observe new related requests. --------- Co-authored-by: Alex <roddhjav@users.noreply.github.com>	2023-06-14 21:46:34 +00:00
Jeroen Rijken	96c79417cc	Add vscodium & thunderbird Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-06-13 17:58:22 +01:00
Jeroen Rijken	d0553ff4f7	Add apt-overlay Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-06-13 17:58:22 +01:00
Jeroen Rijken	83bff808dc	dpkg updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-06-13 17:58:22 +01:00
Jeroen Rijken	a84f0b540c	Add unix domain socket Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-06-13 17:58:22 +01:00
Jeroen Rijken	5ccd92e12f	General update Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2023-06-13 17:58:22 +01:00
curiosityseeker	0a468caff2	Revert adding the user-tmp abstraction	2023-06-13 17:53:14 +01:00
curiosityseeker	a93c80fac0	Fix kde-powerdevil copy and paste error	2023-06-13 17:53:14 +01:00
curiosityseeker	0bb8937cc2	Update mullvad-daemon	2023-06-13 17:53:14 +01:00
curiosityseeker	6227a51d86	Update kde-powerdevil	2023-06-13 17:53:14 +01:00
curiosityseeker	4deb8f135a	Update mount	2023-06-13 17:53:14 +01:00
Alexandre Pujol	a98a86600a	feat(profiles): general update.	2023-06-13 17:15:37 +01:00
Alexandre Pujol	3c41453591	feat: better wayland client integration.	2023-05-27 23:54:53 +01:00
Alexandre Pujol	526dcc3252	feat(profiles): general update.	2023-05-07 20:34:00 +01:00
Vladimir Bauer	b740a1c3e6	allow k for user_publicshare_dirs ALLOWED libvirtd file_lock /home/vbauer/Public/archlinux/archlinux-2023.05.03-x86_64.iso comm=qemu-event requested_mask=k denied_mask=k class=file ALLOWED libvirtd file_lock /home/vbauer/Public/archlinux/archlinux-2023.05.03-x86_64.iso comm=rpc-libvirtd requested_mask=k denied_mask=k class=file	2023-05-06 19:01:07 +01:00
Alexandre Pujol	fe2edb31d8	feat(abs): qt5 - additional resource.	2023-04-30 21:50:53 +01:00
Alexandre Pujol	35ca2692c9	feat(kde): add more kde profiles.	2023-04-30 21:50:08 +01:00
Alexandre Pujol	ee10658d09	feat(kde): big kde profiles update.	2023-04-30 21:46:10 +01:00
Alexandre Pujol	57e995e4be	feat(apt): improve apt/dpkg integration with ubuntu.	2023-04-30 21:42:42 +01:00
Alexandre Pujol	b45987ee8c	feat(profiles): improve some profiles related to kde (with xorg).	2023-04-30 21:41:23 +01:00
Alexandre Pujol	c9ef8f55c4	feat(profiles): add firefox-kmozillahelper.	2023-04-30 21:38:59 +01:00
Alexandre Pujol	f086f71ba9	feat(firefox): distributions have many paths for ff.	2023-04-30 20:29:22 +01:00
Alexandre Pujol	a95da2e5b8	feat(abs): window_decorations is also needed in gtk abs.	2023-04-30 20:27:45 +01:00
Alexandre Pujol	a1236d583b	feat(kde): add fonts to akonadi & .xinitrc rPix See #134	2023-04-30 14:59:47 +01:00
Alexandre Pujol	fd3e7ba820	fix( libvirtd): add missing resources. See #158	2023-04-30 14:51:09 +01:00
Alexandre Pujol	697e196e42	feat(openvpn): improve integration accross profiles. See #157	2023-04-30 14:49:44 +01:00
curiosityseeker	97a76b4872	Small addition for ...pulse/cookie	2023-04-30 14:26:21 +01:00
curiosityseeker	119c3a27fd	More additions for plasmashell	2023-04-30 14:26:21 +01:00
curiosityseeker	570cd70df0	Update plasmashell	2023-04-30 14:26:21 +01:00
curiosityseeker	49b491b803	Update ksmserver	2023-04-30 14:25:22 +01:00
curiosityseeker	72227923c8	run-parts: 0anacron rPUx -> rix, and some other additions The rule `/etc/cron.{hourly,daily,weekly,monthly}/0anacron rPUx, ` causes the error: `ALLOWED run-parts exec /etc/cron.hourly/0anacron info="no new privs" comm=run-parts requested_mask=x denied_mask=x class=file error=-1`	2023-04-30 14:25:22 +01:00
curiosityseeker	2e4788c51e	Update run-parts Correct include statement	2023-04-28 17:20:31 +01:00
curiosityseeker	1cf1fc35e3	run-parts: include <nameservice-strict>	2023-04-28 17:20:31 +01:00
curiosityseeker	98badeb77d	Update run-parts	2023-04-28 17:20:31 +01:00
curiosityseeker	0560bc18fb	Update run-parts	2023-04-28 17:20:31 +01:00
Alexandre Pujol	1083520225	feat(kde): add initial version for more kde profles.	2023-04-27 22:27:16 +01:00
Alexandre Pujol	aca0501d10	feat(kde): update kde profiles.	2023-04-27 22:22:24 +01:00
Alexandre Pujol	ff2aae77b9	feat(kde): update akonadi profiles.	2023-04-27 22:20:46 +01:00
Alexandre Pujol	1e533ec656	feat(profiles): general update.	2023-04-26 18:39:23 +01:00
Alexandre Pujol	ba27ac1f12	fix(firefox): kmozillahelper path.	2023-04-25 23:20:14 +01:00
Alexandre Pujol	11506d5416	feat(abs): improve browser entry point handling.	2023-04-25 23:19:48 +01:00
Alexandre Pujol	e569f907e2	build: etc.d -> multiarch.d as debian does not have etc.d yet.	2023-04-25 21:47:01 +01:00
Alexandre Pujol	ef687d7149	feat(profiles): general update.	2023-04-24 18:58:58 +01:00
Alexandre Pujol	4523a61425	feat(abs): add floppy disk to disk abs.	2023-04-24 18:57:04 +01:00
Alexandre Pujol	7ddba7230d	feat(profiles): update kde integration. See #134	2023-04-24 18:56:28 +01:00
Alexandre Pujol	52d49fa3ec	feat(profiles): update akonadi. See #134	2023-04-24 18:53:36 +01:00
Alexandre Pujol	a4dd6d52cd	feat(profile): improve rootless container support See: #101	2023-04-24 15:43:19 +01:00
Alexandre Pujol	9afb6b93ef	fix: lol	2023-04-24 15:37:23 +01:00
Alexandre Pujol	203f8accdb	feat(profiles): yt-dlp needs rwk on video files. See: #101	2023-04-24 15:34:49 +01:00
Alexandre Pujol	538d708ec0	feat(profiles): improve integration with xfce and small fixes. See: #137	2023-04-24 15:15:40 +01:00
Alexandre Pujol	d224aa4e6a	feat: various mount related fixes. See #152	2023-04-24 12:27:05 +01:00
Alexandre Pujol	b9b3d0fab1	fix(build): debian specificities build.	2023-04-24 00:01:35 +01:00
Alexandre Pujol	03be191442	fix: remove useless ubuntu core integration.	2023-04-23 23:49:17 +01:00
Alexandre Pujol	2b61f3e82e	chore: add missing structure for full system confinment.	2023-04-19 22:05:35 +01:00
Alexandre Pujol	8982bda7c6	fix: cleanup variable definition.	2023-04-19 22:02:35 +01:00
Alexandre Pujol	51c07d3555	build: libexec is now generated by the prebuild job.	2023-04-19 21:55:09 +01:00
Alexandre Pujol	2f455786e7	feat(profiles): general update.	2023-04-16 20:48:14 +01:00
Alexandre Pujol	03b98ad7de	feat(pass): restrict secret dir path.	2023-04-16 20:46:17 +01:00
Alexandre Pujol	15029a198a	feat(kde): add akonadi_* profiles.	2023-04-16 20:44:29 +01:00
Alexandre Pujol	77955aac3d	feat(kde): add kded5.	2023-04-16 19:27:27 +01:00
Alexandre Pujol	12456486f1	feat(kde): general update.	2023-04-16 19:10:14 +01:00
Alexandre Pujol	0edde44e1d	feat(kde): improve integration with various launcher.	2023-04-15 11:58:34 +01:00
Alexandre Pujol	0e21955b0e	feat(profiles): general update.	2023-04-15 11:55:41 +01:00
Alexandre Pujol	c039fe6c99	feat(abs): improve vulkan resource definition.	2023-04-15 11:54:00 +01:00
Alexandre Pujol	e69f997be3	feat(abs): add intel oneapi support.	2023-04-15 11:53:24 +01:00
Alexandre Pujol	5ea6ede589	feat(profile): general update.	2023-04-15 11:52:00 +01:00
curiosityseeker	9a612f754c	Fix dhcpcd	2023-04-06 13:13:22 +01:00
curiosityseeker	cb741490c6	Update pacman	2023-04-06 13:13:22 +01:00
curiosityseeker	4eea83d623	Update mullvad-daemon	2023-04-06 13:13:22 +01:00
curiosityseeker	7c9b908ba1	Update grub-mkrelpath	2023-04-06 13:13:22 +01:00
Alexandre Pujol	a01c0ec989	feat(kde): better packagekit support.	2023-04-06 00:01:37 +01:00
Alexandre Pujol	26b4c574e3	feat(kde): improve integration.	2023-04-05 23:52:45 +01:00
Alexandre Pujol	4f22a6ebaa	feat(kde): add kauth helper.	2023-04-05 23:51:27 +01:00
Alexandre Pujol	1a09d74df3	fix: ensure /boot/ is a directory. See `de54984`	2023-04-05 21:37:07 +01:00
curiosityseeker	bde3ca0d08	Update cupsd	2023-04-05 13:52:23 +01:00
curiosityseeker	aeb3dc0ea3	Update sddm	2023-04-05 13:52:23 +01:00
curiosityseeker	1fb7d3a90b	Update pipewire Oops, forgotten comma :-(	2023-04-04 14:37:04 +01:00
curiosityseeker	07e5a0d43a	Update cupsd	2023-04-04 13:51:02 +01:00
curiosityseeker	f3698ad4fe	Update dnscrypt-proxy dnscrypt-proxy should be able to read all files in /etc/dnscrypt-proxy	2023-04-04 13:51:02 +01:00
curiosityseeker	392bd49136	Update pipewire	2023-04-04 13:51:02 +01:00
curiosityseeker	1d4477e770	Update run-parts	2023-04-04 13:51:02 +01:00
curiosityseeker	24526961c8	Update smartd	2023-04-04 13:51:02 +01:00
curiosityseeker	6e7b4af93f	Update dhcpcd	2023-04-04 13:51:02 +01:00
curiosityseeker	222e9b96eb	Update aa-status	2023-04-04 13:51:02 +01:00
curiosityseeker	7aa48480e6	Update mullvad-daemon	2023-04-04 13:51:02 +01:00
curiosityseeker	e044053207	Update pacman-conf	2023-04-04 13:51:02 +01:00
curiosityseeker	27eae0e067	Update systemd-tty-ask-password-agent	2023-04-04 13:51:02 +01:00
curiosityseeker	d59c7322f7	Update wget	2023-04-04 13:51:02 +01:00
curiosityseeker	1b255188db	Update kaccess	2023-04-04 13:51:02 +01:00
curiosityseeker	c05f15b15f	Update xauth	2023-04-04 13:51:02 +01:00
curiosityseeker	88efd62344	Update xdg-desktop-portal-kde	2023-04-04 13:51:02 +01:00
curiosityseeker	f9d4a07009	Update pacman	2023-04-04 13:51:02 +01:00
curiosityseeker	d963acfe15	Update dhcpcd	2023-04-04 13:51:02 +01:00
curiosityseeker	de54984592	Update grub-probe	2023-04-04 13:51:02 +01:00
curiosityseeker	62b0a850ed	Update grub-mkrelpath	2023-04-04 13:51:02 +01:00
Alexandre Pujol	1f7b192680	feat(gnome): improve first boot compatibility.	2023-04-03 18:26:42 +01:00
nobody43	dbbe1d8c69	polishing	2023-04-03 18:20:15 +01:00
nobody43	fb92aa5716	fixes	2023-04-03 18:20:15 +01:00
nobody43	2a20b69c65	readers	2023-04-03 18:20:15 +01:00
curiosityseeker	9b51f26500	Update xorg	2023-04-03 18:10:21 +01:00
curiosityseeker	3db3a4e4f1	Update kaccess	2023-04-03 18:10:21 +01:00
curiosityseeker	a42ca870a6	Update ksmserver	2023-04-03 18:10:21 +01:00
curiosityseeker	d7e63c19d6	Update kwalletd5	2023-04-03 18:10:21 +01:00
curiosityseeker	1efbcf1ffa	Update polkit-kde-authentication-agent	2023-04-03 18:10:21 +01:00
curiosityseeker	e633d9a3fc	Update xdg-desktop-portal-kde	2023-04-03 18:10:21 +01:00
Alexandre Pujol	d192faf94a	fix(kde): minor profile fixes. See #134	2023-04-02 12:07:20 +01:00
Alexandre Pujol	fa4d065f52	feat(profile): minor profile update. See: #137	2023-03-31 18:47:32 +01:00
Alexandre Pujol	ac75f2ee5c	feat(kde): add xdg-desktop-portal-kde	2023-03-31 17:06:03 +01:00
Alexandre Pujol	0efc3e0703	feat(kde): rewrite polkit-kde-authentication-agent.	2023-03-31 17:03:47 +01:00
Alexandre Pujol	19d1a59bd3	feat(kde): add new kde profiles.	2023-03-31 17:02:49 +01:00
Alexandre Pujol	5cc4279e36	feat(kde): update existting kde profiles.	2023-03-31 16:59:26 +01:00
Alexandre Pujol	e927145edb	feat(profiles): general update.	2023-03-31 16:52:35 +01:00

... 8 9 10 11 12 ...

1830 commits