apparmor.d

mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 18:25:05 +01:00

Author	SHA1	Message	Date
Alexandre Pujol	2c192dfab1	fix(profile): kwin_wayland. See #310	2024-04-04 18:10:43 +01:00
Alexandre Pujol	8348e1dbb5	feat(profile): removed unused profile: spacefm.	2024-04-03 23:20:18 +01:00
Alexandre Pujol	a20360fd7d	fix(profile): snap, cleanup dbus rule.	2024-04-03 22:18:58 +01:00
Alexandre Pujol	4527149c1f	fix: no comments...	2024-04-03 22:01:49 +01:00
Alexandre Pujol	c359c0a2fd	feat(profile): add alsactl.	2024-04-03 21:56:58 +01:00
Alexandre Pujol	50b720a8b9	feat(profile): add gpu-manager.	2024-04-03 21:56:33 +01:00
Alexandre Pujol	6d3aeaa228	fix: aa syntax.	2024-04-03 21:25:10 +01:00
Alexandre Pujol	766b53beb3	feat(profile): improve xsession.	2024-04-03 21:22:26 +01:00
Alexandre Pujol	c623e6921c	feat(profile): add initial xfce group.	2024-04-03 21:18:08 +01:00
Alexandre Pujol	095254864f	feat(profile): general update.	2024-04-03 21:04:18 +01:00
Alexandre Pujol	6dd0c36e9a	feat: prefix variables that refer to a profile	2024-04-02 13:41:08 +01:00
Alexandre Pujol	751bc683d9	fix(profile): ensure mutt pager can read its local storage. Revert some mutt related change from `0619f4dcec` See #309	2024-04-01 21:42:58 +01:00
Alexandre Pujol	d07e63d506	feat(abs): cleanup thumbnails abstractions.	2024-04-01 00:51:57 +01:00
Alexandre Pujol	dab928305f	feat(abs): add igfx_user_feature to the graphics abs.	2024-03-31 12:45:13 +01:00
Alexandre Pujol	534b10b261	feat(profile): rewrite some electron based profiles using the new electron abs.	2024-03-30 14:54:21 +00:00
Alexandre Pujol	89def65a17	feat(profile): add child-open-strict	2024-03-30 14:49:37 +00:00
Alexandre Pujol	f8deb46591	feat(abs): add initiall version of the electron common abstraction.	2024-03-30 14:48:29 +00:00
Alexandre Pujol	87459197d3	feat(profile): add child-modprobe-nvidia	2024-03-30 14:46:47 +00:00
Alexandre Pujol	70131163d3	refractror: remove moved abs.	2024-03-30 14:44:58 +00:00
Alexandre Pujol	0ae7b68dc8	feat(abs): really split audio-server & audio-client.	2024-03-29 19:48:13 +00:00
Alexandre Pujol	0619f4dcec	feat(profile): general update.	2024-03-29 19:45:10 +00:00
Alexandre Pujol	1f8507548f	feat(fsp): update the default profile. Note: it is still not usable.	2024-03-29 19:33:55 +00:00
Alexandre Pujol	3a7b9a2c4e	feat(abs): minor update of some core abs.	2024-03-29 19:32:23 +00:00
Alexandre Pujol	adb936e62f	feat(abs): add new shells abstraction.	2024-03-29 18:31:15 +00:00
Alexandre Pujol	58a4f1601a	fix(profile): ensure interactive shell use @{shells_path} instead of @{sh_path}.	2024-03-29 18:19:35 +00:00
Alexandre Pujol	2fc2394bad	feat(abs): rewrite user-read/user-write. See #307	2024-03-28 16:47:40 +00:00
Alexandre Pujol	b089a4d2c5	feat(profile): add the child-open-browsers profile.	2024-03-28 16:40:16 +00:00
Alexandre Pujol	e77f8db40f	feat(abs): add bash-strict.	2024-03-27 22:07:43 +00:00
Alexandre Pujol	bdb2b396b3	feat(abs): add trash-strict.	2024-03-27 22:06:07 +00:00
Alexandre Pujol	197c1bd78a	feat(profile): general update.	2024-03-27 21:53:11 +00:00
Alexandre Pujol	b9cfd787c8	fix(ci): minor fixes.	2024-03-27 17:17:15 +00:00
Alexandre Pujol	b88b8b8c26	refractor(abs): move common and app abstraction to their own abstractions subfolder. As the number of abstraction is increasing, it is valuable to separate "base" abstractions to programs specific ones.	2024-03-27 15:11:21 +00:00
Alexandre Pujol	92f83d9e8d	feat(abs): update some abstractions.	2024-03-27 14:32:08 +00:00
Alexandre Pujol	d8d15c8a35	feat(profile): add ghc-pkg.	2024-03-24 20:45:15 +00:00
Alexandre Pujol	1a097bed36	doc: add the abstactions page.	2024-03-24 15:21:31 +00:00
Alexandre Pujol	8da2fd621a	feat(abs): remove some unused abstractions.	2024-03-24 14:44:58 +00:00
Alexandre Pujol	863034438d	fix(profile): resolve kdeconnectd path manunally.	2024-03-22 22:20:47 +00:00
Alexandre Pujol	8c516ea788	feat(profile): general update.	2024-03-22 22:13:42 +00:00
Alexandre Pujol	6d84301698	feat(profile): start using the exec directive.	2024-03-22 21:12:38 +00:00
Alexandre Pujol	a5f71675ea	feat(profile): general update.	2024-03-22 19:45:13 +00:00
Alexandre Pujol	828f282fc3	feat(profile): cleanup unix_chpwd already present in abs.	2024-03-22 13:11:49 +00:00
Alexandre Pujol	8c31008385	refractor: audio2 -> audio-server.	2024-03-22 13:03:52 +00:00
Alexandre Pujol	325068b705	feat(profile): all electron based software need userns.	2024-03-22 11:49:00 +00:00
Alexandre Pujol	87db46113c	feat(profile): cleanup common desktop files.	2024-03-21 23:28:57 +00:00
Alexandre Pujol	5149b55bd0	feat(profile): add only directive.	2024-03-21 23:18:03 +00:00
Alexandre Pujol	6052b95347	feat(profile): update stack directives.	2024-03-21 23:11:07 +00:00
Alexandre Pujol	7bc16fddfd	fix(profile): remove duplicate dbus rule.	2024-03-21 23:10:29 +00:00
Alexandre Pujol	6c38e90b5e	feat(profile): update dbus directive format.	2024-03-21 23:03:08 +00:00
Alexandre Pujol	dbb0d76e52	feat(abs): add the bash-strict.	2024-03-20 16:14:29 +00:00
Alexandre Pujol	5039dae148	feat(profile): improve kde support on debian.	2024-03-20 16:13:20 +00:00
Alexandre Pujol	7b880a5142	feat(profile): general update.	2024-03-20 00:04:39 +00:00
Alexandre Pujol	cbd0b61491	feat(profile): improve sudo abstraction.	2024-03-19 22:00:05 +00:00
Alexandre Pujol	7ae05eb397	feat(abs): add download directory to user-read.	2024-03-19 21:55:32 +00:00
Alexandre Pujol	bf613f59a5	feat(profile): replace @{md5} by @{hex32}.	2024-03-19 21:26:12 +00:00
Alexandre Pujol	ceb78d971e	feat(tunables): improve hex variables.	2024-03-19 21:15:50 +00:00
Alexandre Pujol	9007daf842	feat(tunable): opensuse has a special multiarch.	2024-03-19 14:49:17 +00:00
Alexandre Pujol	928f27dbf5	feat(profile): bwrap always need userns.	2024-03-19 14:48:32 +00:00
Alexandre Pujol	dee02b8698	fix: rule compilation.	2024-03-19 11:33:30 +00:00
Alexandre Pujol	091a93194d	feat(fsp): stack more profile on systemd.	2024-03-19 11:30:45 +00:00
Alexandre Pujol	3787eb1745	feat(profile): enable desktop user variable everywhere. Also restrict access to these files.	2024-03-19 11:26:57 +00:00
Alexandre Pujol	a370281e9b	feat(profile): use desktop user variable in gnome. Also restrict access to these files.	2024-03-18 15:31:55 +00:00
Alexandre Pujol	04b9e60072	feat(profile): replace some path with the new desktop variables.	2024-03-18 14:42:02 +00:00
Alexandre Pujol	77945674a5	feat(profile): general update.	2024-03-18 14:31:01 +00:00
Alexandre Pujol	437bef18ca	feat(abs): redeine the DE users paths.	2024-03-18 01:03:44 +00:00
Alexandre Pujol	25c2dc3399	feat(profile): improve gnome startup process.	2024-03-18 00:50:59 +00:00
Alexandre Pujol	8290c74e66	feat(profile): add some kde related profiles.	2024-03-17 22:49:19 +00:00
Alexandre Pujol	bf22e0770f	feat(profile): improve integration with opensuse.	2024-03-17 22:47:36 +00:00
Alexandre Pujol	eb66feef62	feat(abs): extend the bash abs with some common values.	2024-03-17 22:43:43 +00:00
Alexandre Pujol	233b1f2f0e	feat(profile): improve gnome profiles.	2024-03-17 21:29:49 +00:00
Alexandre Pujol	fb064431be	feat(profile): add gnome-session-migration.	2024-03-16 22:20:12 +00:00
Alexandre Pujol	6a41184a0e	feat(profile): kglobalaccel5 -> kglobalacceld	2024-03-16 21:49:49 +00:00
Alexandre Pujol	14680e736d	feat(profile): mirnor cleanup on the new dbus profiles.	2024-03-16 21:46:02 +00:00
Alexandre Pujol	0c5e71f971	feat(profile): cleanup some rules already included in abs.	2024-03-16 21:40:35 +00:00
Alexandre Pujol	b15aaae553	feat(profile): add support for new dbus-session in systemd-user.	2024-03-16 21:33:36 +00:00
Alexandre Pujol	30d8e16ffc	feat(profile): ensure plasma support new dbus stack.	2024-03-16 21:28:54 +00:00
Alexandre Pujol	9be9b442a9	feat(profile): rewrite the gnome startup process. The changes in the dbus stack required to rewrite how gnome startup is handled by our various profiles.	2024-03-16 20:52:02 +00:00
Alexandre Pujol	af5171e39d	feat(tunable): add variables for some system-users.	2024-03-16 19:43:22 +00:00
Alexandre Pujol	1148b8faad	feat(tunable): improve our variables definition.	2024-03-16 19:42:25 +00:00
Alexandre Pujol	be3d625b7f	feat(profile): general update.	2024-03-16 19:41:27 +00:00
Alexandre Pujol	c9b87efebe	chore: cosmetic.	2024-03-16 19:27:45 +00:00
Alexandre Pujol	c6717d2bab	feat(profile): use new dbus profile in dbus label.	2024-03-16 13:10:25 +00:00
Alexandre Pujol	61e2cb55ac	feat(profile): rewrite the dbus profiles. Replace the old dbus-broker/dbus-daemon profiles stack by a new unified set of profiles that does not depend-on the dbus implementation used. Ensure that a given bus is fully managed by one unified profile: - We need to allow far fewer rules than before (especially by splitting dbus-system and dbus-session). - It has the side effect to fix some long-running issues regarding dbus start (see: #74, #80 & #235) while keeping all dbus server in the same place.	2024-03-16 13:03:32 +00:00
Alexandre Pujol	4819022202	feat(abs): add unix_chkpwd to the authentication abs as upstream.	2024-03-16 12:27:23 +00:00
Alexandre Pujol	e658d1c4d3	feat(profile): restrict access to /var/lib/gdm in gnome-shell.	2024-03-16 00:22:30 +00:00
Alexandre Pujol	66aa230b90	feat(profile): some dbus rule improvment.	2024-03-15 23:56:23 +00:00
Alexandre Pujol	1b8b52962b	feat(fsp): update mounting rules.	2024-03-15 23:45:18 +00:00
Alexandre Pujol	e3f9013c3a	feat(profile): add some new profiles.	2024-03-15 16:21:17 +00:00
Alexandre Pujol	dd1b3b16e2	feat(profile): move gcr tools.	2024-03-15 16:18:44 +00:00
Alexandre Pujol	cf4e47f10f	feat(profile): general update.	2024-03-15 16:07:53 +00:00
Alexandre Pujol	9f3be7a96d	feat(abs): small improvements.	2024-03-15 15:55:46 +00:00
Alexandre Pujol	bdeb62d17d	feat(profile): add some missing dbus own definition.	2024-03-15 15:03:42 +00:00
Alexandre Pujol	30656bdc48	feat(abs): minor improvements over some abstractions.	2024-03-13 16:18:54 +00:00
Alexandre Pujol	c33cd740c9	feat(profile): start using the sudo abstraction.	2024-03-13 16:17:20 +00:00
Alexandre Pujol	7415b85e1c	feat(profile): add some internal kde profile.	2024-03-13 16:10:02 +00:00
Alexandre Pujol	0ecf923fb9	feat(profile): cleanup tool available for pacman hooks.	2024-03-13 16:07:43 +00:00
Alexandre Pujol	09f1babb7c	chore: improve comments on udev data.	2024-03-13 15:58:28 +00:00
Alexandre Pujol	fef6390b9e	feat(profile): merge gdm-session.	2024-03-13 15:52:23 +00:00
Alexandre Pujol	3bb5ea72df	feat(profile): add profile for yacreader.	2024-03-12 16:06:24 +00:00
Alexandre Pujol	467c38724a	feat(profile): clean superfluous openssl abstraction includes apparmor.d equivalent of https://gitlab.com/apparmor/apparmor/-/merge_requests/1179	2024-03-12 16:00:44 +00:00
Alexandre Pujol	d5972cdf1d	feat(abs): add gnutls and openssl config to the crypto abs. Follow (and confirm) recent addition from upstream.	2024-03-12 15:50:28 +00:00
Alexandre Pujol	9c859cec9d	feat(profile): modernize some profiles.	2024-03-12 15:48:43 +00:00
Alexandre Pujol	81b9de3aff	feat(profile): use the new audio-client abs in profiles.	2024-03-12 15:44:40 +00:00
Alexandre Pujol	e4c0f683d2	feat(profile): replace old audio abstraction by the new stack.	2024-03-12 15:39:10 +00:00
Alexandre Pujol	b1235b0c52	feat(abs): rewrite the audio stack.	2024-03-12 15:27:51 +00:00
Alexandre Pujol	394afb1991	feat(abs): add the new sudo abstraction.	2024-03-11 22:48:32 +00:00
Alexandre Pujol	0eeefb5f09	feat(profile): general update.	2024-03-11 22:47:22 +00:00
Alexandre Pujol	0a9021bcf1	feat(profile): finalize the update kde profiles to plasma 6.	2024-03-11 22:43:37 +00:00
Alexandre Pujol	042e9ff543	feat(profile): rewrite the okular profile.	2024-03-11 22:37:59 +00:00
Alexandre Pujol	a3f91f4224	feat(profile): ensure at bus start in the same profile.	2024-03-11 22:36:14 +00:00
Alexandre Pujol	2acd7d8a10	feat(profile): rewrite how gdm starts gnome.	2024-03-11 22:34:35 +00:00
Alexandre Pujol	68fbd81e17	feat(profile): general update.	2024-03-10 21:21:00 +00:00
Alexandre Pujol	ad8e5a9797	feat(fsp): update profile stack.	2024-03-10 21:17:50 +00:00
Alexandre Pujol	10ce0ba4a1	feat(profile): merge colord-sane into colord. Required due to nnp flag enabled on colord-sane. As the profiles are similar it is easier to merge them.	2024-03-10 20:27:05 +00:00
Alexandre Pujol	7882ae2153	feat(profile): remove rule moved to the base abstraction.	2024-03-10 20:01:58 +00:00
Alexandre Pujol	beaf1bad16	feat(profile): general update.	2024-03-10 19:35:04 +00:00
Alexandre Pujol	df21886965	fix(fsp): fix conflicting x modifiers in abstractions	2024-03-10 18:57:05 +00:00
Alexandre Pujol	8f1fff89ab	feat(abs): minor improvments.	2024-03-10 14:56:18 +00:00
Alexandre Pujol	a8b8bf52f8	feat(fsp): stack audio profiles using the new stack directive.	2024-03-10 14:51:22 +00:00
Alexandre Pujol	16d0af1c5e	feat(fsp): improve systemd profile.	2024-03-10 14:49:31 +00:00
Alexandre Pujol	166e786166	feat(abs): allow everyone to receive signal from systemd/systemd-user.	2024-03-10 13:51:02 +00:00
Alexandre Pujol	4ab5e99a6f	feat(profile): add support for plasma 6.	2024-03-08 15:22:15 +00:00
Alexandre Pujol	3d425c7fdd	feat(profile): add support for qt6.	2024-03-08 15:15:58 +00:00
Alexandre Pujol	256980d761	feat(abs): remove deprecated kde4 abstraction.	2024-03-05 18:48:59 +00:00
Alexandre Pujol	1df176cf7b	feat: small update and minor fixes.	2024-03-05 18:29:44 +00:00
Alexandre Pujol	ff849b9f09	feat(profile): general update.	2024-03-05 18:00:36 +00:00
Alexandre Pujol	70963a50b6	feat(profile): start implementing systemctl subprofile instead of using child-systemctl.	2024-03-05 17:45:02 +00:00
Alexandre Pujol	a7e37528d5	feat(profile): update some browser based profiles.	2024-03-05 17:39:36 +00:00
Alexandre Pujol	bc69b193ea	feat(abs): minor update to abs definitions.	2024-03-05 17:37:38 +00:00
Alexandre Pujol	c66d3bf9f4	feat(profile): general update.	2024-03-05 16:58:16 +00:00
Alexandre Pujol	faa40c8cde	feat(fsp): cleanup main systemd profiles.	2024-03-05 16:53:34 +00:00
Alexandre Pujol	62f1f7df6e	feat(fsp): allow signal from system-user for some user app.	2024-03-05 00:25:39 +00:00
Alexandre Pujol	3c77da8f7d	feat(fsp): improve the systemd profiles.	2024-03-05 00:20:05 +00:00
Alexandre Pujol	c80449719e	feat(fsp): rewrite mount rules for systemd.	2024-03-05 00:18:40 +00:00
Alexandre Pujol	1699260a87	fear(fsp): expand systemd-service for more services.	2024-03-05 00:16:24 +00:00
Alexandre Pujol	89cd3d023b	fix: entrypoint for systemd-cryptsetup.	2024-03-04 23:27:21 +00:00
Alexandre Pujol	8ea0964724	feat(fsp): restrict @{run} for systemd.	2024-03-04 22:02:43 +00:00
Alexandre Pujol	532162f302	feat(abs): improve mount rule for bwrap.	2024-03-04 12:55:32 +00:00
Alexandre Pujol	f1b01d03cd	feat(profile): add gnome-desktop-thumbnailers.	2024-03-04 12:54:39 +00:00
Alexandre Pujol	0533e03756	feat(abs): add some dbus access to bwrap-app. See #302	2024-03-03 23:15:19 +00:00
Alexandre Pujol	b91cf4da41	feat(abs): cleanup bwrap mount rule as it is not maintainable to restrict more.	2024-03-03 23:11:27 +00:00
Alexandre Pujol	0ffa51aca4	feat(abs): rewrite bwrap mount rules.	2024-03-03 12:08:30 +00:00
Alexandre Pujol	af0c87f712	feat(abs): add the initial version of the systemctl abstraction.	2024-03-03 12:03:16 +00:00
Alexandre Pujol	7e8f854b16	feat(abs): deny apparmor/.null in the base abstraction.	2024-03-03 11:51:39 +00:00
Jeroen Rijken	ba6172bb8c	Review points Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	346285720d	Small updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	0332c9cb1b	Git SSH agent Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	a2a149e0b7	New abstraction uim Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	f807d5a190	Deduplicate and revert Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	13079bbd7e	name to label Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	23fa2b36ab	Remove curly brackets Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	af4038867a	Syntax fixes Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	04cf3d3850	Various fixes Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	c177ca09ed	Typo Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	b0655e9993	Fixes and profile updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Jeroen Rijken	b532dd6827	Update various profiles Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-03-02 16:05:34 +00:00
Alexandre Pujol	92a1d9f65f	feat(profile): general update.	2024-03-01 22:35:49 +00:00
Alexandre Pujol	06abeac2ee	feat(profile): general update.	2024-02-29 21:45:42 +00:00
Alexandre Pujol	cd09dc7688	feat(abs): update dbus absractions.	2024-02-29 21:38:49 +00:00
Alexandre Pujol	f76051f114	feat(profile): add some unix rules with local address.	2024-02-29 21:15:59 +00:00
Alexandre Pujol	956c282794	feat(abs): add apps to the launcher-user abs.	2024-02-29 21:06:32 +00:00
Alexandre Pujol	ffb189ef65	feat(profile): general update.	2024-02-29 00:32:40 +00:00
Alexandre Pujol	1f3b812cfb	feat(profile): add the loupe profile.	2024-02-28 23:52:57 +00:00
Alexandre Pujol	cda8f30c29	feat(profile): start using the new bwrap abs.	2024-02-28 23:52:15 +00:00
Alexandre Pujol	cbbb2b4a3e	fix(profile): better libdir for snap based profiles.	2024-02-28 23:47:47 +00:00
Alexandre Pujol	741980f8ab	feat(abs): use @{pci} in pci path.	2024-02-28 23:32:34 +00:00
Alexandre Pujol	431e93c9df	feat(abs): update bwrap minimal requirments.	2024-02-28 17:17:51 +00:00
Alexandre Pujol	555b5e3c3f	feat(profile): general update.	2024-02-28 17:17:20 +00:00
Alexandre Pujol	d187514fd3	feat(profile): add new userns rule.	2024-02-28 15:39:18 +00:00
Alexandre Pujol	175d243c54	refractor: rename element -> element-desktop.	2024-02-28 15:37:52 +00:00
Alexandre Pujol	00051bd2f0	feat(profiles): continue replacing [0-9]* by @{int}.	2024-02-26 21:10:53 +00:00
Alexandre Pujol	99e4c4622d	feat(abs): add initial version of the bwrap abs. - To be used by profile that runs bwrap directly. - Needs more rule when used alongside flatpak	2024-02-24 18:41:36 +00:00
Alexandre Pujol	7bd500b979	Merge branch 'main' of github.com:roddhjav/apparmor.d * 'main' of github.com:roddhjav/apparmor.d: Add Profiles for imv and zathura (#291)	2024-02-23 22:50:34 +00:00
Alexandre Pujol	9bd21e9361	fix(profile): add bluetooth network to dbus-broker.	2024-02-23 22:35:10 +00:00
valoq	df455f93eb	Add Profiles for imv and zathura (#291 ) * add profiles * fix minor issues * fix read permissions * remove leftover line	2024-02-23 20:48:24 +00:00
Alexandre Pujol	2ea53a9dc3	feat(profile): general update.	2024-02-23 20:21:22 +00:00
Alexandre Pujol	4b23bccb47	fix: ensure fsck.ext4 is has only one profile. fsck.ext4 was in the profile attachment for both fsck-ext4 and e2fsck, breaking transition to the profile. Also reorganise some entrypoint to avoid this kind of confusion.	2024-02-23 20:12:32 +00:00
Alexandre Pujol	a9e767462d	fix: remove useless rule. Rule already present in the base abs.	2024-02-23 19:54:54 +00:00
Alexandre Pujol	d2ab121d08	feat(profile): stack colord-sane on colord. Both profile could be merged to avoid nnp issue.	2024-02-23 19:53:18 +00:00
doublez13	b2af7a631a	whatis: initial profile AppArmor profile for whatis	2024-02-21 14:10:51 +00:00
Jeroen Rijken	434fc6e954	Update after review Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	f60234d74a	Restore libexec Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	0fb3706bbd	Fixes after review Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	c8856f6383	Fix konsole links Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	640cf9e1d3	Dolphin updates Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	7fa4113131	Dolphin copy and delete from trash Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	062a766e06	Typo Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	943f52fbc4	Add ptrace to kded5 Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	7addadfa7b	Add multiarch to lib Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	8a342749ba	rename dbus to bus. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	2b65e58b19	Flatpak dbus addition Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	cd3cf50638	Cannot reproduce Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	7a61919f71	Flatpak dbus and kio Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	4c5a21145a	General update Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
Jeroen Rijken	40b171ee94	Replace shells with new sh_path variable Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>	2024-02-21 13:56:40 +00:00
doublez13	3b1b187d13	Abook: Fix missing directory (#298 ) Allow abook to create ~/.abook	2024-02-19 12:38:24 +00:00
Alexandre Pujol	14fe43714a	feat(profile): general update.	2024-02-15 00:19:13 +00:00
Alexandre Pujol	a334b461d0	feat(fsp): update systemd related profiles.	2024-02-15 00:16:53 +00:00
Alexandre Pujol	e02bf03cca	feat(tunable): add new system_user variable.	2024-02-14 23:58:18 +00:00
doublez13	ea97ff6a5f	Mutt and Abook profiles (#288 ) There are an innumerable number of mutt configurations. This AA profile is intended to work with a stock mutt config. Any customizations should be placed in local/mutt This might be a little annoying because by default mutt saves attachments in the directory that it was started from (most likely ~/), and there is no config option that I'm aware of to set a default download location. A user will either need to manually specify a location (like ~/Downloads) when saving, or allow saving to ~/ in the local override.	2024-02-14 23:03:03 +00:00
Alexandre Pujol	804bde0172	chore: remove unneeded abi definition in abstraction.	2024-02-11 13:34:12 +00:00
Alexandre Pujol	7269ac6ca9	fix: profile compilation.	2024-02-11 12:49:04 +00:00
Alexandre Pujol	9cbeb127a3	feat(profile): minor improvment for kde.	2024-02-11 12:45:35 +00:00
Alexandre Pujol	04683eeccb	feat(profile): general update.	2024-02-11 12:44:40 +00:00
Alexandre Pujol	4619e13f1b	fix: possible hardware blocking issue. See #296	2024-02-11 12:41:37 +00:00
Alexandre Pujol	738f7cc0c2	feat(fsp): add intial mount rules on systemd.	2024-02-10 01:22:50 +00:00
Alexandre Pujol	309ad9e506	feat(fsp): cleanup systemd profile.	2024-02-10 01:09:27 +00:00
monsieuremre	ce85d482e9	Update systemd	2024-02-08 16:04:20 +00:00
Alexandre Pujol	b1d0ebe918	feat(tunable): add the browsers_path variable.	2024-02-07 15:10:54 +00:00
Alexandre Pujol	cdaf72eb3d	feat(profile): general update.	2024-02-07 13:50:40 +00:00
Alexandre Pujol	9b705ab76c	feat(profiles): add plasma_session.	2024-02-07 13:47:28 +00:00
Alexandre Pujol	14a6f3fc5a	fix(profile): sddm issue when starting kde.	2024-02-07 12:32:55 +00:00
Alexandre Pujol	2cd14aa6bb	chore: add missing and update copyright year.	2024-02-07 00:16:21 +01:00
Alexandre Pujol	c006371e5b	feat(fsp): rewrite systemd-user profile. Works fine when fsp is not enabled, still has issue in fsp mode.	2024-02-06 22:41:12 +01:00
Alexandre Pujol	d0a052b7ae	feat(profile): add signal from systemd-user.	2024-02-06 22:37:59 +01:00
monsieuremre	968da5518b	profile name fix (#289 )	2024-02-05 17:41:56 +00:00
Alexandre Pujol	1b8f652795	feat(profile): cleanup doublon.	2024-02-01 18:48:51 +00:00
Alexandre Pujol	dbbb2150e2	feat(fsp): reorganise systemd.service.	2024-02-01 18:33:19 +00:00
Alexandre Pujol	0a74d5c6fe	feat(profile): general update.	2024-02-01 13:19:19 +00:00
Alexandre Pujol	46641e6cc6	chore: update links to the documentation website.	2024-01-30 15:45:03 +00:00
Alexandre Pujol	4672694d39	feat(profile): update kde profiles.	2024-01-30 14:59:26 +00:00
Alexandre Pujol	c08f93de50	feat(abs): add kde-strict abstraction	2024-01-30 14:16:18 +00:00
Alexandre Pujol	049e89b379	feat(profile): general update (2).	2024-01-28 22:33:45 +00:00
Alexandre Pujol	9b49999414	feat(dbus): general update.	2024-01-28 22:29:37 +00:00
Alexandre Pujol	a5c5ee70a2	feat(profile): general update.	2024-01-28 21:09:14 +00:00
Alexandre Pujol	4234c54f52	feat(profile): add keyboxd.	2024-01-27 19:43:12 +00:00
Alexandre Pujol	72ade58c98	feat(profile): add dbus-broker.	2024-01-27 19:39:54 +00:00
Alexandre Pujol	78d5ce9ecc	feat(profile): general update.	2024-01-27 19:39:14 +00:00
Alexandre Pujol	c2d88c9bff	fix(profile): ensure firefox can print to pdf. fix #283	2024-01-27 15:00:31 +00:00
Alexandre Pujol	1a1daeae07	feat(profile): general update.	2024-01-25 22:46:22 +00:00
Alexandre Pujol	55ae6d2b75	feat(full): improve fps setup.	2024-01-25 22:42:29 +00:00
Alexandre Pujol	cc98c21cbf	feat(tunable): add the coreutils variable.	2024-01-25 22:40:49 +00:00
Alexandre Pujol	7d3d01ac01	fix(fsp): conflicting x modifiers	2024-01-25 21:18:09 +00:00
Alexandre Pujol	134a487ff3	fix(profile): borg needs console access. Fix #280	2024-01-25 13:22:20 +00:00
Alexandre Pujol	a30c2e5e85	feat: add the new shells variable to ensure support for all interactive shell. Fix #269	2024-01-25 13:16:40 +00:00
nobody43	b376e9fade	Tunables polishing (#281 ) * adjust xorg display number * remove wildcard from python version * python wildcard #2 * unconventional tails * Delete apparmor.d/groups/apps/android-studio --------- Co-authored-by: nobody43 <nobody43@users.noreply.github.com>	2024-01-25 12:44:47 +00:00
Alexandre Pujol	293f651a4f	Merge branch 'Updating-polkit,-sddm,-unix-chkpwd,btrfs' of https://github.com/curiosityseeker/apparmor.d into curiosityseeker-Updating-polkit,-sddm,-unix-chkpwd,btrfs * 'Updating-polkit,-sddm,-unix-chkpwd,btrfs' of https://github.com/curiosityseeker/apparmor.d: Update login Update btrfs Update polkitd: @{PROC}/@{pid}/fdinfo/@{int} Update unix-chkpwd Update needrestart: adding unix_chkpwd Update sddm: adding unix_chkpwd	2024-01-25 12:07:36 +00:00
Alexandre Pujol	9a65da3605	feat(profile): apply profile guideline on secure-time-sync.	2024-01-24 21:03:49 +00:00
npwc	c3e92b3408	Create profile for secure-time-sync (#274 ) * Create profile for secure-time-sync Related to https://gitlab.com/madaidan/secure-time-sync * Update secure-time-sync * Update secure-time-sync * Update secure-time-sync	2024-01-24 21:00:08 +00:00
Alexandre Pujol	8f825473c6	feat(profile): apply profile guideline on sing-box.	2024-01-24 20:58:23 +00:00
npwc	e7dc2fbf06	Create profile for sing-box (#273 ) * Create profile for sing-box * Update sing-box	2024-01-24 20:53:14 +00:00
Alexandre Pujol	46cb726834	feat(profile): add dbus-broker-launch.	2024-01-21 13:27:19 +00:00
Alexandre Pujol	42fc4622ed	feat(profile): general update.	2024-01-21 11:56:02 +00:00
Alexandre Pujol	05b47adb13	feat(profile): remove some unused profiles.	2024-01-21 11:51:00 +00:00
Alexandre Pujol	b4a8733f39	feat(profile): improve chromium based profiles.	2024-01-21 11:50:28 +00:00
Alexandre Pujol	81e98bf71d	feat(profile): update some dbus rules.	2024-01-21 11:49:25 +00:00
curiosityseeker	2e396c11f9	Update login	2024-01-19 18:14:23 +01:00
curiosityseeker	d44d2491b9	Update btrfs	2024-01-19 16:44:21 +01:00
nobody43	6556856fed	Tighten `firefox` (#275 ) * Update firefox * Remove `sys_ptrace` line	2024-01-19 15:42:13 +00:00
curiosityseeker	a5db3d02d7	Update polkitd: @{PROC}/@{pid}/fdinfo/@{int}	2024-01-19 16:39:24 +01:00
curiosityseeker	056384ba90	Update unix-chkpwd	2024-01-19 16:37:28 +01:00
curiosityseeker	4bad072ddd	Update needrestart: adding unix_chkpwd	2024-01-19 16:36:18 +01:00
curiosityseeker	d0eb140d5c	Update sddm: adding unix_chkpwd	2024-01-19 16:35:06 +01:00
Alexandre Pujol	7581eacdc6	fix(profile): mariadb install on debian. fix #272	2024-01-14 11:52:52 +00:00
curiosityseeker	a16cbede0b	Various updates (#271 ) * Update kwin_wayland * Update plasmashell * Update pacman-hook-fontconfig * Update ksplashqml `/usr/share/qt/translations/.qm r,` is also in the qt5 abstraction. However, it seems that all other rules therein are not needed so I didn't use that abstraction. Update startplasma	2024-01-10 20:03:11 +00:00
Alexandre Pujol	e8651dc367	fix(profile): ensure pacman keyring update works.	2024-01-10 15:41:18 +00:00
Alexandre Pujol	62d548890d	fix: xorg on nvidia gpu.	2023-12-20 10:52:45 +00:00
Alexandre Pujol	6a81d335f8	feat(profile): general update.	2023-12-19 23:52:43 +00:00
Alexandre Pujol	ef1776b8d5	feat(profile): start using new abstractions (3)	2023-12-19 23:49:30 +00:00
Alexandre Pujol	a79a3f3311	feat(profile): start using new abstractions (2)	2023-12-19 23:42:30 +00:00
Alexandre Pujol	b7140c9b2b	feat(profile): start using new abstraction.	2023-12-19 23:29:15 +00:00
Alexandre Pujol	9f49052529	feat(profile): add some dbus rules.	2023-12-19 23:24:44 +00:00
Alexandre Pujol	53f3a27e16	feat(abs): add a new set of graphics absractions.	2023-12-19 18:36:58 +00:00
Alexandre Pujol	df20d29832	feat(abs): cleanup X-strict.	2023-12-18 19:24:25 +00:00
Alexandre Pujol	0c2b8f612b	feat(abs): add a new (generic) desktop abstraction.	2023-12-18 19:23:07 +00:00
Alexandre Pujol	c3d9c9ea48	feat(abs): add a new dri abstaction.	2023-12-18 19:22:27 +00:00
Alexandre Pujol	4032ead9b4	feat(profile): general update.	2023-12-17 23:47:16 +00:00
Alexandre Pujol	f362975ce7	feat(profile): add the open_path variable.	2023-12-17 23:43:14 +00:00
Alexandre Pujol	a46dfaad61	feat(profile): general update.	2023-12-17 17:39:56 +00:00
Alexandre Pujol	ee328f727b	fix(gpg): due to how apt keyring is managed, the generic gpg needs apt keyring access. fix #265	2023-12-17 17:33:42 +00:00
Alexandre Pujol	ca85373e3a	feat(dbus): start using the new dbus directive.	2023-12-17 14:14:42 +00:00
Alexandre Pujol	e2682b3072	fix(profile): userns not resolved.	2023-12-17 13:52:06 +00:00
Alexandre Pujol	1934a32004	fix(profile): missing label in update-manager	2023-12-17 13:08:33 +00:00
Alexandre Pujol	e1a30cbf7d	feat(profile): unify udev char dynamic assignment ranges.	2023-12-17 12:46:27 +00:00
Alexandre Pujol	ceb4c582e1	feat(dbus): update dbus rules.	2023-12-16 21:30:47 +00:00
Alexandre Pujol	dc3f292d45	feat(dbus): add/update dbus abstraction.	2023-12-16 21:26:10 +00:00
Alexandre Pujol	79ad345034	fix: mqueue rules.	2023-12-15 23:21:28 +00:00
Alexandre Pujol	b1212c6e62	feat(dbus): replace some rule by the new directives.	2023-12-15 22:26:35 +00:00
Alexandre Pujol	d2fc3c3325	fix(profile): merge flatpak-bwrap & flatpak-app. See #264	2023-12-15 18:07:18 +00:00
Alexandre Pujol	a1b86b56d2	feat(profile): general update.	2023-12-13 20:09:52 +00:00
Alexandre Pujol	ecb7f2e79f	feat(profiles): remove some old and unused profiles/abs.	2023-12-13 17:40:22 +00:00
Alexandre Pujol	23be6d904e	fix(profile): ensure xinit does not block unsupported programs. See #263	2023-12-13 17:38:26 +00:00
Alexandre Pujol	da8480b427	feat: remove some unused profiles & abs.	2023-12-12 18:29:44 +00:00
Alexandre Pujol	ab9e1932da	feat(profiles): general update.	2023-12-12 18:29:08 +00:00
Alexandre Pujol	42ea537687	fix(profile): ensure gio can launch its lib.	2023-12-11 20:49:48 +00:00
Alexandre Pujol	d2078fcb3a	feat(profile): general update.	2023-12-10 15:27:44 +00:00
Alexandre Pujol	4b973554db	feat(dbus): add more bus abstraction.	2023-12-10 14:47:24 +00:00
Alexandre Pujol	032d805666	feat(profile): general update.	2023-12-10 14:34:38 +00:00
Alexandre Pujol	c84af9e698	feat(profiles): add torbrowser profiles.	2023-12-09 16:21:06 +00:00
Alexandre Pujol	ccf4b4df06	feat(profiles): add some whonix specific profiles. Dev only, they may be moved into whonix repo later.	2023-12-09 16:19:42 +00:00
Alexandre Pujol	29b0e3e2e3	feat(profile): general update.	2023-12-09 16:14:22 +00:00
Alexandre Pujol	386402ed70	feat(profile): add some new profiles.	2023-12-09 11:39:10 +00:00
Alexandre Pujol	ed1ea18a9e	feat(profile): general update.	2023-12-09 11:28:23 +00:00
Alexandre Pujol	a9c864fe60	feat(profile): initial support for whonix.	2023-12-09 11:25:38 +00:00
Alexandre Pujol	f4505dd97d	feat(dbus): add new dbus abstraction.	2023-12-08 18:07:07 +00:00
Alexandre Pujol	c54d72543e	feat(profile): update flatpak.	2023-12-08 18:03:47 +00:00
Alexandre Pujol	d81bce5559	feat(profile): general update.	2023-12-08 18:01:39 +00:00
Alexandre Pujol	52e52f06db	feat(abs): unify app launcher abstraction.	2023-12-08 17:53:51 +00:00
Alexandre Pujol	9e402987c6	feat(tunables): add paths tunable To track common path of some major software.	2023-12-08 17:51:08 +00:00
Alexandre Pujol	bb947318a5	feat(profile): use the @{pci} varibale when possible.	2023-12-08 17:46:05 +00:00
Alexandre Pujol	013f1c5a83	feat(dbus): improve gnome-shell dbus rules.	2023-12-08 17:39:36 +00:00

... 4 5 6 7 8 ...

1830 commits