mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 18:25:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
2555 commits 6 branches 0 tags 16 MiB
Commit graph

1830 commits

Author SHA1 Message Date
Jeroen Rijken
af4038867a Syntax fixes 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
04cf3d3850 Various fixes 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
c177ca09ed Typo 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
b0655e9993 Fixes and profile updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Jeroen Rijken
b532dd6827 Update various profiles 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-03-02 16:05:34 +00:00
Alexandre Pujol
92a1d9f65f
feat(profile): general update. 2024-03-01 22:35:49 +00:00
Alexandre Pujol
06abeac2ee
feat(profile): general update. 2024-02-29 21:45:42 +00:00
Alexandre Pujol
cd09dc7688
feat(abs): update dbus absractions. 2024-02-29 21:38:49 +00:00
Alexandre Pujol
f76051f114
feat(profile): add some unix rules with local address. 2024-02-29 21:15:59 +00:00
Alexandre Pujol
956c282794
feat(abs): add apps to the launcher-user abs. 2024-02-29 21:06:32 +00:00
Alexandre Pujol
ffb189ef65
feat(profile): general update. 2024-02-29 00:32:40 +00:00
Alexandre Pujol
1f3b812cfb
feat(profile): add the loupe profile. 2024-02-28 23:52:57 +00:00
Alexandre Pujol
cda8f30c29
feat(profile): start using the new bwrap abs. 2024-02-28 23:52:15 +00:00
Alexandre Pujol
cbbb2b4a3e
fix(profile): better libdir for snap based profiles. 2024-02-28 23:47:47 +00:00
Alexandre Pujol
741980f8ab
feat(abs): use @{pci} in pci path. 2024-02-28 23:32:34 +00:00
Alexandre Pujol
431e93c9df
feat(abs): update bwrap minimal requirments. 2024-02-28 17:17:51 +00:00
Alexandre Pujol
555b5e3c3f
feat(profile): general update. 2024-02-28 17:17:20 +00:00
Alexandre Pujol
d187514fd3
feat(profile): add new userns rule. 2024-02-28 15:39:18 +00:00
Alexandre Pujol
175d243c54
refractor: rename element -> element-desktop. 2024-02-28 15:37:52 +00:00
Alexandre Pujol
00051bd2f0
feat(profiles): continue replacing [0-9]* by @{int}. 2024-02-26 21:10:53 +00:00
Alexandre Pujol
99e4c4622d
feat(abs): add initial version of the bwrap abs. 
- To be used by profile that runs bwrap directly.
- Needs more rule when used alongside flatpak
 2024-02-24 18:41:36 +00:00
Alexandre Pujol
7bd500b979
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  Add Profiles for imv and zathura (#291)
 2024-02-23 22:50:34 +00:00
Alexandre Pujol
9bd21e9361
fix(profile): add bluetooth network to dbus-broker. 2024-02-23 22:35:10 +00:00
valoq
df455f93eb
Add Profiles for imv and zathura (#291) 
* add profiles

* fix minor issues

* fix read permissions

* remove leftover line
 2024-02-23 20:48:24 +00:00
Alexandre Pujol
2ea53a9dc3
feat(profile): general update. 2024-02-23 20:21:22 +00:00
Alexandre Pujol
4b23bccb47
fix: ensure fsck.ext4 is has only one profile. 
fsck.ext4 was in the profile attachment for both fsck-ext4 and e2fsck, breaking transition to the profile.

Also reorganise some entrypoint to avoid this kind of confusion.
 2024-02-23 20:12:32 +00:00
Alexandre Pujol
a9e767462d
fix: remove useless rule. 
Rule already present in the base abs.
 2024-02-23 19:54:54 +00:00
Alexandre Pujol
d2ab121d08
feat(profile): stack colord-sane on colord. 
Both profile could be merged to avoid nnp issue.
 2024-02-23 19:53:18 +00:00
doublez13
b2af7a631a whatis: initial profile 
AppArmor profile for whatis
 2024-02-21 14:10:51 +00:00
Jeroen Rijken
434fc6e954 Update after review 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
f60234d74a Restore libexec 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
0fb3706bbd Fixes after review 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
c8856f6383 Fix konsole links 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
640cf9e1d3 Dolphin updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
7fa4113131 Dolphin copy and delete from trash 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
062a766e06 Typo 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
943f52fbc4 Add ptrace to kded5 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
7addadfa7b Add multiarch to lib 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
8a342749ba rename dbus to bus. 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
2b65e58b19 Flatpak dbus addition 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
cd3cf50638 Cannot reproduce 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
7a61919f71 Flatpak dbus and kio 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
4c5a21145a General update 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
Jeroen Rijken
40b171ee94 Replace shells with new sh_path variable 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2024-02-21 13:56:40 +00:00
doublez13
3b1b187d13
Abook: Fix missing directory (#298) 
Allow abook to create ~/.abook
 2024-02-19 12:38:24 +00:00
Alexandre Pujol
14fe43714a
feat(profile): general update. 2024-02-15 00:19:13 +00:00
Alexandre Pujol
a334b461d0
feat(fsp): update systemd related profiles. 2024-02-15 00:16:53 +00:00
Alexandre Pujol
e02bf03cca
feat(tunable): add new system_user variable. 2024-02-14 23:58:18 +00:00
doublez13
ea97ff6a5f
Mutt and Abook profiles (#288) 
There are an innumerable number of mutt configurations. This AA profile is intended to work with a stock mutt config. Any customizations should be placed in local/mutt

This might be a little annoying because by default mutt saves attachments in the directory that it was started from (most likely ~/), and there is no config option that I'm aware of to set a default download location.
 
A user will either need to manually specify a location (like ~/Downloads) when saving, or allow saving to ~/ in the local override.
 2024-02-14 23:03:03 +00:00
Alexandre Pujol
804bde0172
chore: remove unneeded abi definition in abstraction. 2024-02-11 13:34:12 +00:00
Alexandre Pujol
7269ac6ca9
fix: profile compilation. 2024-02-11 12:49:04 +00:00
Alexandre Pujol
9cbeb127a3
feat(profile): minor improvment for kde. 2024-02-11 12:45:35 +00:00
Alexandre Pujol
04683eeccb
feat(profile): general update. 2024-02-11 12:44:40 +00:00
Alexandre Pujol
4619e13f1b
fix: possible hardware blocking issue. 
See #296
 2024-02-11 12:41:37 +00:00
Alexandre Pujol
738f7cc0c2
feat(fsp): add intial mount rules on systemd. 2024-02-10 01:22:50 +00:00
Alexandre Pujol
309ad9e506
feat(fsp): cleanup systemd profile. 2024-02-10 01:09:27 +00:00
monsieuremre
ce85d482e9 Update systemd 2024-02-08 16:04:20 +00:00
Alexandre Pujol
b1d0ebe918
feat(tunable): add the browsers_path variable. 2024-02-07 15:10:54 +00:00
Alexandre Pujol
cdaf72eb3d
feat(profile): general update. 2024-02-07 13:50:40 +00:00
Alexandre Pujol
9b705ab76c
feat(profiles): add plasma_session. 2024-02-07 13:47:28 +00:00
Alexandre Pujol
14a6f3fc5a
fix(profile): sddm issue when starting kde. 2024-02-07 12:32:55 +00:00
Alexandre Pujol
2cd14aa6bb
chore: add missing and update copyright year. 2024-02-07 00:16:21 +01:00
Alexandre Pujol
c006371e5b
feat(fsp): rewrite systemd-user profile. 
Works fine when fsp is not enabled, still has issue in fsp mode.
 2024-02-06 22:41:12 +01:00
Alexandre Pujol
d0a052b7ae
feat(profile): add signal from systemd-user. 2024-02-06 22:37:59 +01:00
monsieuremre
968da5518b
profile name fix (#289) 2024-02-05 17:41:56 +00:00
Alexandre Pujol
1b8f652795
feat(profile): cleanup doublon. 2024-02-01 18:48:51 +00:00
Alexandre Pujol
dbbb2150e2
feat(fsp): reorganise systemd.service. 2024-02-01 18:33:19 +00:00
Alexandre Pujol
0a74d5c6fe
feat(profile): general update. 2024-02-01 13:19:19 +00:00
Alexandre Pujol
46641e6cc6
chore: update links to the documentation website. 2024-01-30 15:45:03 +00:00
Alexandre Pujol
4672694d39
feat(profile): update kde profiles. 2024-01-30 14:59:26 +00:00
Alexandre Pujol
c08f93de50
feat(abs): add kde-strict abstraction 2024-01-30 14:16:18 +00:00
Alexandre Pujol
049e89b379
feat(profile): general update (2). 2024-01-28 22:33:45 +00:00
Alexandre Pujol
9b49999414
feat(dbus): general update. 2024-01-28 22:29:37 +00:00
Alexandre Pujol
a5c5ee70a2
feat(profile): general update. 2024-01-28 21:09:14 +00:00
Alexandre Pujol
4234c54f52
feat(profile): add keyboxd. 2024-01-27 19:43:12 +00:00
Alexandre Pujol
72ade58c98
feat(profile): add dbus-broker. 2024-01-27 19:39:54 +00:00
Alexandre Pujol
78d5ce9ecc
feat(profile): general update. 2024-01-27 19:39:14 +00:00
Alexandre Pujol
c2d88c9bff
fix(profile): ensure firefox can print to pdf. 
fix #283
 2024-01-27 15:00:31 +00:00
Alexandre Pujol
1a1daeae07
feat(profile): general update. 2024-01-25 22:46:22 +00:00
Alexandre Pujol
55ae6d2b75
feat(full): improve fps setup. 2024-01-25 22:42:29 +00:00
Alexandre Pujol
cc98c21cbf
feat(tunable): add the coreutils variable. 2024-01-25 22:40:49 +00:00
Alexandre Pujol
7d3d01ac01
fix(fsp): conflicting x modifiers 2024-01-25 21:18:09 +00:00
Alexandre Pujol
134a487ff3
fix(profile): borg needs console access. 
Fix #280
 2024-01-25 13:22:20 +00:00
Alexandre Pujol
a30c2e5e85
feat: add the new shells variable to ensure support for all interactive shell. 
Fix #269
 2024-01-25 13:16:40 +00:00
nobody43
b376e9fade
Tunables polishing (#281) 
* adjust xorg display number

* remove wildcard from python version

* python wildcard #2

* unconventional tails

* Delete apparmor.d/groups/apps/android-studio

---------

Co-authored-by: nobody43 <nobody43@users.noreply.github.com>
 2024-01-25 12:44:47 +00:00
Alexandre Pujol
293f651a4f
Merge branch 'Updating-polkit,-sddm,-unix-chkpwd,btrfs' of https://github.com/curiosityseeker/apparmor.d into curiosityseeker-Updating-polkit,-sddm,-unix-chkpwd,btrfs 
* 'Updating-polkit,-sddm,-unix-chkpwd,btrfs' of https://github.com/curiosityseeker/apparmor.d:
  Update login
  Update btrfs
  Update polkitd: @{PROC}/@{pid}/fdinfo/@{int}
  Update unix-chkpwd
  Update needrestart: adding unix_chkpwd
  Update sddm: adding unix_chkpwd
 2024-01-25 12:07:36 +00:00
Alexandre Pujol
9a65da3605
feat(profile): apply profile guideline on secure-time-sync. 2024-01-24 21:03:49 +00:00
npwc
c3e92b3408
Create profile for secure-time-sync (#274) 
* Create profile for secure-time-sync

Related to https://gitlab.com/madaidan/secure-time-sync

* Update secure-time-sync

* Update secure-time-sync

* Update secure-time-sync
 2024-01-24 21:00:08 +00:00
Alexandre Pujol
8f825473c6
feat(profile): apply profile guideline on sing-box. 2024-01-24 20:58:23 +00:00
npwc
e7dc2fbf06
Create profile for sing-box (#273) 
* Create profile for sing-box

* Update sing-box
 2024-01-24 20:53:14 +00:00
Alexandre Pujol
46cb726834
feat(profile): add dbus-broker-launch. 2024-01-21 13:27:19 +00:00
Alexandre Pujol
42fc4622ed
feat(profile): general update. 2024-01-21 11:56:02 +00:00
Alexandre Pujol
05b47adb13
feat(profile): remove some unused profiles. 2024-01-21 11:51:00 +00:00
Alexandre Pujol
b4a8733f39
feat(profile): improve chromium based profiles. 2024-01-21 11:50:28 +00:00
Alexandre Pujol
81e98bf71d
feat(profile): update some dbus rules. 2024-01-21 11:49:25 +00:00
curiosityseeker
2e396c11f9
Update login 2024-01-19 18:14:23 +01:00
curiosityseeker
d44d2491b9
Update btrfs 2024-01-19 16:44:21 +01:00
nobody43
6556856fed
Tighten firefox (#275) 
* Update firefox

* Remove `sys_ptrace` line
 2024-01-19 15:42:13 +00:00
curiosityseeker
a5db3d02d7
Update polkitd: @{PROC}/@{pid}/fdinfo/@{int} 2024-01-19 16:39:24 +01:00
curiosityseeker
056384ba90
Update unix-chkpwd 2024-01-19 16:37:28 +01:00
curiosityseeker
4bad072ddd
Update needrestart: adding unix_chkpwd 2024-01-19 16:36:18 +01:00
curiosityseeker
d0eb140d5c
Update sddm: adding unix_chkpwd 2024-01-19 16:35:06 +01:00
Alexandre Pujol
7581eacdc6
fix(profile): mariadb install on debian. 
fix #272
 2024-01-14 11:52:52 +00:00
curiosityseeker
a16cbede0b
Various updates (#271) 
* Update kwin_wayland

* Update plasmashell

* Update pacman-hook-fontconfig

* Update ksplashqml

`/usr/share/qt/translations/*.qm r,` is also in the qt5 abstraction. However, it seems that all other rules therein are not needed so I didn't use that abstraction.

* Update startplasma
 2024-01-10 20:03:11 +00:00
Alexandre Pujol
e8651dc367
fix(profile): ensure pacman keyring update works. 2024-01-10 15:41:18 +00:00
Alexandre Pujol
62d548890d
fix: xorg on nvidia gpu. 2023-12-20 10:52:45 +00:00
Alexandre Pujol
6a81d335f8
feat(profile): general update. 2023-12-19 23:52:43 +00:00
Alexandre Pujol
ef1776b8d5
feat(profile): start using new abstractions (3) 2023-12-19 23:49:30 +00:00
Alexandre Pujol
a79a3f3311
feat(profile): start using new abstractions (2) 2023-12-19 23:42:30 +00:00
Alexandre Pujol
b7140c9b2b
feat(profile): start using new abstraction. 2023-12-19 23:29:15 +00:00
Alexandre Pujol
9f49052529
feat(profile): add some dbus rules. 2023-12-19 23:24:44 +00:00
Alexandre Pujol
53f3a27e16
feat(abs): add a new set of graphics absractions. 2023-12-19 18:36:58 +00:00
Alexandre Pujol
df20d29832
feat(abs): cleanup X-strict. 2023-12-18 19:24:25 +00:00
Alexandre Pujol
0c2b8f612b
feat(abs): add a new (generic) desktop abstraction. 2023-12-18 19:23:07 +00:00
Alexandre Pujol
c3d9c9ea48
feat(abs): add a new dri abstaction. 2023-12-18 19:22:27 +00:00
Alexandre Pujol
4032ead9b4
feat(profile): general update. 2023-12-17 23:47:16 +00:00
Alexandre Pujol
f362975ce7
feat(profile): add the open_path variable. 2023-12-17 23:43:14 +00:00
Alexandre Pujol
a46dfaad61
feat(profile): general update. 2023-12-17 17:39:56 +00:00
Alexandre Pujol
ee328f727b
fix(gpg): due to how apt keyring is managed, the generic gpg needs apt keyring access. 
fix #265
 2023-12-17 17:33:42 +00:00
Alexandre Pujol
ca85373e3a
feat(dbus): start using the new dbus directive. 2023-12-17 14:14:42 +00:00
Alexandre Pujol
e2682b3072
fix(profile): userns not resolved. 2023-12-17 13:52:06 +00:00
Alexandre Pujol
1934a32004
fix(profile): missing label in update-manager 2023-12-17 13:08:33 +00:00
Alexandre Pujol
e1a30cbf7d
feat(profile): unify udev char dynamic assignment ranges. 2023-12-17 12:46:27 +00:00
Alexandre Pujol
ceb4c582e1
feat(dbus): update dbus rules. 2023-12-16 21:30:47 +00:00
Alexandre Pujol
dc3f292d45
feat(dbus): add/update dbus abstraction. 2023-12-16 21:26:10 +00:00
Alexandre Pujol
79ad345034
fix: mqueue rules. 2023-12-15 23:21:28 +00:00
Alexandre Pujol
b1212c6e62
feat(dbus): replace some rule by the new directives. 2023-12-15 22:26:35 +00:00
Alexandre Pujol
d2fc3c3325
fix(profile): merge flatpak-bwrap & flatpak-app. 
See #264
 2023-12-15 18:07:18 +00:00
Alexandre Pujol
a1b86b56d2
feat(profile): general update. 2023-12-13 20:09:52 +00:00
Alexandre Pujol
ecb7f2e79f
feat(profiles): remove some old and unused profiles/abs. 2023-12-13 17:40:22 +00:00
Alexandre Pujol
23be6d904e
fix(profile): ensure xinit does not block unsupported programs. 
See #263
 2023-12-13 17:38:26 +00:00
Alexandre Pujol
da8480b427
feat: remove some unused profiles & abs. 2023-12-12 18:29:44 +00:00
Alexandre Pujol
ab9e1932da
feat(profiles): general update. 2023-12-12 18:29:08 +00:00
Alexandre Pujol
42ea537687
fix(profile): ensure gio can launch its lib. 2023-12-11 20:49:48 +00:00
Alexandre Pujol
d2078fcb3a
feat(profile): general update. 2023-12-10 15:27:44 +00:00
Alexandre Pujol
4b973554db
feat(dbus): add more bus abstraction. 2023-12-10 14:47:24 +00:00
Alexandre Pujol
032d805666
feat(profile): general update. 2023-12-10 14:34:38 +00:00
Alexandre Pujol
c84af9e698
feat(profiles): add torbrowser profiles. 2023-12-09 16:21:06 +00:00
Alexandre Pujol
ccf4b4df06
feat(profiles): add some whonix specific profiles. 
Dev only, they may be moved into whonix repo later.
 2023-12-09 16:19:42 +00:00
Alexandre Pujol
29b0e3e2e3
feat(profile): general update. 2023-12-09 16:14:22 +00:00
Alexandre Pujol
386402ed70
feat(profile): add some new profiles. 2023-12-09 11:39:10 +00:00
Alexandre Pujol
ed1ea18a9e
feat(profile): general update. 2023-12-09 11:28:23 +00:00
Alexandre Pujol
a9c864fe60
feat(profile): initial support for whonix. 2023-12-09 11:25:38 +00:00
Alexandre Pujol
f4505dd97d
feat(dbus): add new dbus abstraction. 2023-12-08 18:07:07 +00:00
Alexandre Pujol
c54d72543e
feat(profile): update flatpak. 2023-12-08 18:03:47 +00:00
Alexandre Pujol
d81bce5559
feat(profile): general update. 2023-12-08 18:01:39 +00:00
Alexandre Pujol
52e52f06db
feat(abs): unify app launcher abstraction. 2023-12-08 17:53:51 +00:00
Alexandre Pujol
9e402987c6
feat(tunables): add paths tunable 
To track common path of some major software.
 2023-12-08 17:51:08 +00:00
Alexandre Pujol
bb947318a5
feat(profile): use the @{pci} varibale when possible. 2023-12-08 17:46:05 +00:00
Alexandre Pujol
013f1c5a83
feat(dbus): improve gnome-shell dbus rules. 2023-12-08 17:39:36 +00:00
Alexandre Pujol
853668e492
feat(dbus): improve dbus integration. 2023-12-08 17:38:21 +00:00
Alexandre Pujol
55a1fb6f9c
refractor(dbus): remove old dbus additions. 2023-12-06 22:03:54 +00:00
Alexandre Pujol
1cf268b770
refractor(dbus): use the new bus-{systemd,session} abstractions. 2023-12-06 21:56:59 +00:00
Alexandre Pujol
9861f005d4
feat(dbus): rewrite dbus rule for gnome-shell. 2023-12-06 20:23:15 +00:00
Alexandre Pujol
17c3faf09d
fix: issue in dbus rule. 2023-12-06 20:16:55 +00:00
Alexandre Pujol
4bddfd8690
refractor(dbus): bus/x -> bus-x. 2023-12-06 20:14:53 +00:00
Alexandre Pujol
0568ef0d45
feat(profile): add structure for some cups profile. 
They are empty, and forced into complain mode.
 2023-12-06 20:06:49 +00:00
Alexandre Pujol
c0bab81e45
feat(profile): add some network deps profile. 2023-12-06 20:03:28 +00:00
Alexandre Pujol
a777161846
feat(profile): add initial structure some snap tools. 2023-12-06 20:02:15 +00:00
Alexandre Pujol
cc133e5f57
feat(profile): general update. 2023-12-06 20:00:40 +00:00
Alexandre Pujol
1307250250
feat(dbus): rewrite some dbus rules (9). 2023-12-06 19:55:48 +00:00
Alexandre Pujol
3425419f0e
feat(dbus): rename dbus abstractions. 2023-12-06 19:38:47 +00:00
Alexandre Pujol
401606b1aa
feat(dbus): add more dbus abstraction. 2023-12-06 19:21:06 +00:00
Alexandre Pujol
799b778480
feat(dbus): rename all new dbus abstractions. 
Use the dbus name as abstraction name.
 2023-12-06 19:19:55 +00:00
Alexandre Pujol
aa1491a3c0
feat(dbus): add new unified main dbus abstraction. 
specify the aa profile in the peer label.
 2023-12-06 19:10:23 +00:00
Alexandre Pujol
6a3cc952e1
feat(dbus): rewrite some dbus rules (8). 2023-12-05 21:27:03 +00:00
Alexandre Pujol
c4b48b06e2
feat(dbus): add login-session dbus abstraction. 2023-12-05 21:04:50 +00:00
Alexandre Pujol
538ec25001
feat(dbus): rewrite some dbus rules (7). 2023-12-05 21:01:26 +00:00
Alexandre Pujol
081c8a4fa1
feat(abs): add gnome-strict abstraction. 2023-12-05 20:50:22 +00:00
Alexandre Pujol
319b976beb
feat(profile): general update. 2023-12-05 20:45:13 +00:00
Alexandre Pujol
bf973760fd
feat(dbus): update some abs (2) 2023-12-05 20:37:31 +00:00
Alexandre Pujol
5d6c5e7baa
feat(dbus): update some abs. 2023-12-05 20:32:02 +00:00
Alexandre Pujol
95b62568b1
feat(dbus): add new dbus abstraction 2023-12-05 20:30:34 +00:00
Alexandre Pujol
94ff73c51b
fix: ensure all ibus deamon can run. 
Fix #260
 2023-12-05 13:07:59 +00:00
Alexandre Pujol
c066ef0036
feat(dbus): rewrite some dbus rules (6). 2023-12-05 00:19:43 +00:00
Alexandre Pujol
da3b5103e4
feat(dbus): rewrite some dbus rules (5). 2023-12-04 21:54:45 +00:00
Alexandre Pujol
f5862c9862
feat(dbus): update common dbus abs. 2023-12-04 21:28:10 +00:00
Alexandre Pujol
8162c0aa2a
feat(dbus): add more dbus abstraction (2) 2023-12-04 21:27:18 +00:00
Alexandre Pujol
7f81da3a71
feat(profile): allow custom GUI launcher to start in xinit. 
See #259
 2023-12-04 20:22:34 +00:00
Alexandre Pujol
16c2bf5662
feat(dbus): add more dbus abstraction. 2023-12-04 18:58:03 +00:00
Alexandre Pujol
2432414ae2
feat(dbus): rewrite some dbus rules (4). 2023-12-04 18:52:10 +00:00
Alexandre Pujol
dd1d9107e8
feat(profile): general update. 2023-12-03 16:57:50 +00:00
Alexandre Pujol
1edf507abf
feat(dbus): rewrite some dbus rules (4). 2023-12-03 16:53:25 +00:00
Alexandre Pujol
2af165403a
feat(dbus): rewrite some dbus rules (3). 2023-12-02 16:05:40 +00:00
Alexandre Pujol
92ebab604a
feat(dbus): add more dbus abstractions. 2023-12-02 15:52:00 +00:00
Alexandre Pujol
6810f4b050
fix(profile): add config dir on yt-dlp 
fix #258
 2023-12-01 21:57:01 +00:00
Alexandre Pujol
3fc787e073
fix(profile): add cache dir for MPV. 
See #257
 2023-12-01 21:53:59 +00:00
Alexandre Pujol
505770cd5a
feat(dbus): rewrite some dbus rules (2). 2023-12-01 21:53:09 +00:00
Alexandre Pujol
6d1ff256af
feat(dbus): rewrite some dbus rules (1). 2023-12-01 20:58:21 +00:00
Alexandre Pujol
d6888a65c4
feat(dbus): add initial polkit abstraction. 2023-12-01 20:42:41 +00:00
Alexandre Pujol
7f38dd255e
feat(profile): general update. 2023-12-01 13:22:45 +00:00
Alexandre Pujol
952ef478c0
fix(profile): brave-sandbox lib_dirs path. 
See: #255
 2023-12-01 11:13:34 +00:00
Alexandre Pujol
4382a34b9e
feat(profile): add rfkill on networkd. 
See #256
 2023-12-01 11:09:46 +00:00
Alexandre Pujol
8e45076077
feat(abs): add initial version of dbus abs. 2023-11-30 23:35:54 +00:00
Alexandre Pujol
d75fa9bbd5
feat(dbus): dbus rules cleanup (3) 2023-11-30 23:20:29 +00:00
Alexandre Pujol
cd391bae01
feat(dbus): dbus rules cleanup (2) 2023-11-30 22:42:49 +00:00
Alexandre Pujol
8a49f2ebe1
feat(dbus): dbus rules cleanup (1) 
- move common rule to abs
- ensure peer name or label are always present
- try to make rule more standard/easier to read
 2023-11-30 22:39:44 +00:00
Alexandre Pujol
9517800a9d
feat(dbus): simple dbus rules cleaning. 2023-11-30 21:32:50 +00:00
Alexandre Pujol
dd06e3da65
feat(profile): modernise the calibre profile. 2023-11-30 21:25:41 +00:00
Alexandre Pujol
796cf32076
feat(profile): better kde integration. 
See #237
 2023-11-30 19:04:59 +00:00
Alexandre Pujol
c27ec457d0
feat(profile): cleanup some dbus path/interfaces 2023-11-30 00:29:37 +00:00
Alexandre Pujol
459fe7c905
feat(profile): use the new bus/atspi abstraction in the profiles. 2023-11-30 00:22:34 +00:00
Alexandre Pujol
fe0cb4b48d
feat(profile): some cleanup in thunderbird. 2023-11-29 22:58:35 +00:00
Alexandre Pujol
5af4d3c921
fix(profiles): modernise plank & kstart 
- Still wip profile
- Should enable additional DE to boot
 2023-11-29 22:29:41 +00:00
Alexandre Pujol
f06f01a36a
Merge branch 'feat/update' of https://github.com/Jeroen0494/apparmor.d into Jeroen0494-feat/update 
* 'feat/update' of https://github.com/Jeroen0494/apparmor.d:
  signal to socket
  Add kstart, XDG KDE updates
  Plank profile
  containerd and KDE updates
 2023-11-29 22:20:29 +00:00
Alexandre Pujol
f5e7cd7d0c
feat(abs): add some common dbus rules. 2023-11-29 22:10:23 +00:00
Alexandre Pujol
94f18ed6c1
feat(abs): add new atspi dbus abstraction. 2023-11-29 22:09:05 +00:00
Alexandre Pujol
60e4a01a76
feat(abs): add some files into the base abstaction. 2023-11-29 17:50:26 +00:00
Alexandre Pujol
34630b2adf
fix(profile): private-files abs already included in private-files-strict. 
See c8fd896
 2023-11-28 11:04:26 +00:00
Alexandre Pujol
a48daa9c9e
fix(profile): reduce the number of profile transition. 
See: 209688f
 2023-11-28 10:57:48 +00:00
Alexandre Pujol
209688fe86
feat(profile): general update. 2023-11-27 19:35:42 +00:00
Alexandre Pujol
fade97486d
feat(profile): add udev child & low-memory profiles. 2023-11-27 19:32:50 +00:00
Alexandre Pujol
cdfa76924b
feat(profile): add dleyna profiles. 2023-11-27 19:27:44 +00:00
Alexandre Pujol
c8fd896a0b
feat(profile): add nautilus previewer. 2023-11-27 19:26:13 +00:00
Alexandre Pujol
4c689dbad9
feat(profile): add gdm init profiles. 2023-11-27 19:25:34 +00:00
Alexandre Pujol
b8c2380da4
feat(profile): add epiphany providers. 2023-11-27 19:23:35 +00:00
Alexandre Pujol
52278490ab
feat(profile): general update. 2023-11-27 19:00:18 +00:00
Alexandre Pujol
319bea17c3
fix(full): fix pivot_root rule. 2023-11-27 18:56:39 +00:00
Alexandre Pujol
aa1553388b
feat(flatpak): add flatpak integration. 
- Add flatpak profile
- Add flatpak-bwrap subprofile: it manage the sandbox creation & has some larger access.
- Add flatpak-app, default profile for sandboxed app.

See Full system policy #252
 2023-11-26 23:19:09 +00:00
Alexandre Pujol
e41779f576
feat(full): add default bwrap profiles. 
On  full system policy, use the new bwrap profile (and bwrap-app) to confine sandboxed application.
It is not enabled by default as the sandbox profile is quite large.

Also integrate with the gnome app that use bwrap as sandbox manager.

Update other related profiles

See Full system policy #252
 2023-11-26 23:12:35 +00:00
Alexandre Pujol
3da0ad2572
feat(full): add bwrap-app abstraction. 2023-11-26 23:08:02 +00:00
Alexandre Pujol
d8ff8c8cd6
feat(kde): add some kde profiles. 2023-11-26 23:07:02 +00:00
Alexandre Pujol
c2bc6f26ae
feat(profile): update kde profiles. 2023-11-26 23:05:01 +00:00
Alexandre Pujol
8250e202a0
feat(profile): general update. 2023-11-26 21:24:40 +00:00
Alexandre Pujol
cd1de59aad
feat(abs): improve audio abstraction. 2023-11-24 18:17:26 +00:00
Alexandre Pujol
ef1023156e
feat(profile): minor kde improvment on opensuse. 
see #208
 2023-11-23 11:19:38 +00:00
Alexandre Pujol
31bc5a6053
feat(profiles): general update. 2023-11-22 21:37:09 +00:00
Alexandre Pujol
a49d83993a
feat(profile): add snapd-apparmor 2023-11-22 20:58:05 +00:00
Alexandre Pujol
c62b45964d
feat(profile): add e2scrub_all. 2023-11-22 20:56:42 +00:00
Alexandre Pujol
17d187e93b
feat(profiles): ensure apparmor_parser works with snap. 2023-11-22 20:55:47 +00:00
Alexandre Pujol
e247a3949e
feat(systemd): add initial version of all missing generator. 2023-11-22 20:55:01 +00:00
Alexandre Pujol
07acb8043b
feat(profiles): rename all systemd generator. 2023-11-22 20:51:10 +00:00
Alexandre Pujol
ba1cad7f73
feat(profile): improve child-open. 2023-11-22 20:12:59 +00:00
Alexandre Pujol
9ab0745e2d
feat(full): add default fallback profile. 
See #252
 2023-11-22 20:12:20 +00:00
Alexandre Pujol
da51cdba64
feat(profiles): improve freedesktop profiles. 2023-11-22 20:07:31 +00:00
Alexandre Pujol
6c6646e1f6
feat(profiles): minor kde additions. 2023-11-22 20:06:39 +00:00
Alexandre Pujol
ae99433595
feat(full): simplify the service profiles. 2023-11-22 20:04:17 +00:00
Alexandre Pujol
04513af863
feat: cleanup child-systemctl 2023-11-22 18:43:43 +00:00
Alexandre Pujol
23be43ebd0
feat(full): improve how systemd handle services 2023-11-22 18:42:23 +00:00
Alexandre Pujol
908aba0385
feat(profiles): add some ubuntu specific profiles. 2023-11-19 21:42:31 +00:00
Alexandre Pujol
e29e839c62
feat(profiles): update apt related profiles. 2023-11-19 21:40:12 +00:00
Alexandre Pujol
07e7810d15
feat(full): add some services profile. 2023-11-19 21:39:36 +00:00
Alexandre Pujol
f43f950c90
feat(full): improve systemd-user profile. 2023-11-19 21:35:53 +00:00
Alexandre Pujol
59140f5411
feat(full): improve systemd profile. 
See https://apparmor.pujol.io/development/structure/#full-system-policy
 2023-11-19 21:31:57 +00:00
monsieuremre
83a2a1cbf9
Full-Policy integration for Whonix/Kicksecure - And also everyone else (#249) 
* full-policy

* change path

* change

* big fix

* Delete apparmor.d/groups/_full/systemd

* Update and rename full-policy to systemd
 2023-11-19 20:54:09 +00:00
Alexandre Pujol
f0cdadbdaf
feat(abs): improve mesa abstraction. 2023-11-19 15:39:02 +00:00
Alexandre Pujol
d1c8471b1d
fix: rule compilation. 2023-11-19 11:39:24 +00:00
Alexandre Pujol
88555a12d0
feat(profiles): add initial userns rule. 
Require apparmor 4 to be enabled.
 2023-11-19 11:19:24 +00:00
Alexandre Pujol
2143fb03af
feat(full): add new systemd variable. 2023-11-19 11:13:40 +00:00
Alexandre Pujol
b79a1fcd31
feat(profile): general update. 
Also include some preparation for the systemd profile.
 2023-11-19 11:08:35 +00:00
Alexandre Pujol
e8fcc12c98
feat(profiles): cleanup dbus daemon related profile. 2023-11-13 23:10:00 +00:00
Alexandre Pujol
e99f7de703
fix(profiles): fix slow startup of gnome 
at-spi-bus-launcher  starts the accessibility bus.
We need to ensure all buses are initally started by the same profile,
otherwise  the accessibility fail to start.

See #74, #80 & #235
 2023-11-13 22:59:10 +00:00
Alexandre Pujol
d3084839d1
feat(profiles): improve support for debian over gnome. 2023-11-13 22:14:54 +00:00
Alexandre Pujol
31edd15e8a
feat(profiles): improve kde integration. 2023-11-13 22:11:12 +00:00
Alexandre Pujol
6f98bb9bfb
feat(abs): add more possible resolv.conf path in nameservice. 
Used a lot by debian.
 2023-11-13 19:32:04 +00:00
Alexandre Pujol
f0a2cb3897
feat(profiles): general update. 2023-11-11 22:02:47 +00:00
Alexandre Pujol
02115a194b
chore: cleanup abstraction' headers. 2023-11-11 20:25:55 +00:00
Alexandre Pujol
758991f67b
feat(profiles): general update. 2023-11-09 17:31:45 +00:00
Alexandre Pujol
ee658c41a6
refractor(profiles): improve child profile structure. 2023-11-09 17:29:34 +00:00
Alexandre Pujol
499b9e785d
feat(full): update full system structure. 
- Aims to be compatible with full-policy profile
- Required by systemd
 2023-11-09 17:27:19 +00:00
Jeroen Rijken
d042526ca4 signal to socket 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:32:07 +01:00
Jeroen Rijken
c5998d37a2 Add kstart, XDG KDE updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:32:07 +01:00
Jeroen Rijken
eaf9bdb32b Plank profile 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:31:32 +01:00
Jeroen Rijken
90e98b6b56 containerd and KDE updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-10-31 16:31:32 +01:00
Alexandre Pujol
84ecf85c0b
feat(profiles): add dell cctk. 2023-10-26 22:40:21 +01:00
Alexandre Pujol
471b544d99
feat(profiles): better integration with not existing profile. 2023-10-26 22:38:39 +01:00
Alexandre Pujol
0031c9e86f
feat(profiles): minor dbus improvment. 2023-10-26 22:37:56 +01:00
Alexandre Pujol
aa7fe16a20
feat(profile): improve opensuse integration. 
See #208
 2023-10-20 23:50:26 +01:00
Alexandre Pujol
4276ede03c
feat(profile): rewrite update-ca-certificates. 2023-10-20 23:43:36 +01:00
Alexandre Pujol
ed7585c3d0
refractor(profile): clean some dbus rules. 2023-10-20 23:15:39 +01:00
Alexandre Pujol
e26302b155
feat(profile): general update. 2023-10-20 23:13:11 +01:00
curiosityseeker
04cae35e6e
Update pacman-key (#230) 2023-10-20 21:50:56 +00:00
curiosityseeker
38648bcba1
Update pipewire (#231) 
Necessary after the recent pipewire update, otherwise audio devices are no longer available.
 2023-10-20 11:36:09 +00:00
Alexandre Pujol
ec5311413a
fix(tunables): better mountdirs. 2023-10-16 22:48:36 +01:00
Alexandre Pujol
e43ce58de1
feat(profiles): improve kde integration. 
See #208
 2023-10-16 22:48:13 +01:00
Alexandre Pujol
5f47df0b79
feat(profiles): general update. 2023-10-13 00:05:53 +01:00
Alexandre Pujol
387f2f91fc
fix(profiles): fix brave entry point. 2023-10-13 00:03:29 +01:00
Alexandre Pujol
f5e3c86c6c
feat(profile): improve kde integration 
See #208
 2023-10-09 21:13:40 +01:00
Alexandre Pujol
1cfe802172
feat(profile): support open suse path for git. 
See #208
 2023-10-09 21:01:49 +01:00
Alexandre Pujol
b5fbef8eef
feat(profiles): general update. 2023-10-08 14:00:21 +01:00
Alexandre Pujol
352c444ae6
feat(profiles): general update. 2023-10-01 16:06:28 +01:00
Alexandre Pujol
ab0ee1a317
feat(profiles): add initial version of passim passimd. 2023-10-01 13:10:17 +01:00
Alexandre Pujol
70dc9b7844
feat(profile): remove the atom profile. 2023-09-29 19:47:08 +01:00
Alexandre Pujol
2aace6bccb
feat(profile): improve kde integration. 2023-09-29 19:33:09 +01:00
curiosityseeker
047c819e8c Update fontconfig-cache-write 2023-09-29 19:28:51 +01:00
curiosityseeker
3d1c8e8b22 Update kwin_wayland 2023-09-29 19:28:51 +01:00
curiosityseeker
901cd72199 Update kwin_wayland 2023-09-29 19:28:51 +01:00
curiosityseeker
4eaa560dd2 Update systemd-logind 2023-09-29 19:28:51 +01:00
curiosityseeker
45cfd7a145 Update kwin_wayland 2023-09-29 19:28:51 +01:00
curiosityseeker
4a62b3c46b Update systemd-logind 2023-09-29 19:28:51 +01:00
curiosityseeker
65d0513ebb Update kde-powerdevil 2023-09-29 19:28:51 +01:00
curiosityseeker
db71240aca Update xkbcomp 2023-09-29 19:28:51 +01:00
curiosityseeker
a0e8801f7c Update uname 2023-09-29 19:28:51 +01:00
curiosityseeker
2438497385 Update which 2023-09-29 19:28:51 +01:00
curiosityseeker
2ec1f7daa1 Update kwin_wayland 2023-09-29 19:28:51 +01:00
Alexandre Pujol
c8ee832c11
feat(profile): general update 2023-09-29 19:25:30 +01:00
Alexandre Pujol
24affe46f2
fix(abs): SSD Nvme devices pci path. 2023-09-18 19:08:07 +01:00
Alexandre Pujol
c12f089af3
fix(tunables): ensure pci devices are correctly catched. 
It is less restrictive, but is is guaranted to work.
 2023-09-17 21:58:30 +01:00
Alexandre Pujol
d3f05fb334
chore: cosmetic 2023-09-17 21:55:11 +01:00
Alexandre Pujol
2d76c6fc31
refractor(profiles): change variable stryle in thunderbird. 2023-09-15 22:03:51 +01:00
Alexandre Pujol
0713599eb4
feat(profiles): update vlc profile. 2023-09-15 22:02:45 +01:00
Alexandre Pujol
6a78b17d23
feat(profiles): general update. 2023-09-15 22:01:08 +01:00
Alexandre Pujol
f7d1931bdf
feat(dbus): improve dbus introspectable rules. 2023-09-15 18:14:39 +01:00
Alexandre Pujol
2d2693bd99
refractor(profiles): unify the name of the local variables. 2023-09-13 20:55:20 +01:00
Alexandre Pujol
57f914d7fd
feat(profiles): ensure some major program can launch from dbus-daemon-launch-helper 
See: #216
 2023-09-12 23:15:57 +01:00
Alexandre Pujol
6f8ad7ab81
fix: profile compilation. 2023-09-12 23:00:40 +01:00
Alexandre Pujol
6db83003c7
feat(profiles): general update. 2023-09-12 22:59:07 +01:00
Alexandre Pujol
6c397882ad
feat(dbus): update dbus rules. 2023-09-12 22:55:24 +01:00
Alexandre Pujol
600a71a6b1
refractor: move vlc profile. 2023-09-12 22:49:20 +01:00
Alexandre Pujol
9a8a919b6c
feat(kde): add baloorunner. 2023-09-11 21:33:19 +01:00
Jose Maldonado
9fec58db35
Fix access to /tmp folders for Firefox ESR in Debian (#215) 
Firefox ESR in Debian Stable require access to additional folders in
/tmp when use a configuration with multiple profiles.
 2023-09-11 16:51:01 +00:00
Jose Maldonado aka Yukiteru
4aaa9379a1 Update ignore and better defaults for mpv 
Add access to GPU ids (amdgpu) for hwaccel in mpv, and
better defaults for user_config.

Update gitnore and debian/control
 2023-09-11 10:03:51 +01:00
Alexandre Pujol
b9fb4b72d2
fix: minor profiles fixes. 2023-09-10 12:41:47 +01:00
Alexandre Pujol
e381aace56
feat(profiles): ensure child-open is available. 2023-09-10 12:10:14 +01:00
Alexandre Pujol
3147f7d59a
feat(snap): do not confine snap. 
Curently ignored because of some incompatibilities with snap-confine.

snap-confine is more important to confine than snap itself.
 2023-09-10 12:07:35 +01:00
curiosityseeker
aaed7a25da
Various updates (#209) 2023-09-10 10:59:26 +00:00
nobody43
5d7ce06a62 scratch that 2023-09-10 11:58:13 +01:00
nobody43
d414083113 Debian 12 Gnome DE 2023-09-10 11:58:13 +01:00
Jose Maldonado aka Yukiteru
0687c32df2 Add a Music Player Daemon profile 
This is a simple Music Player Daemon (mpd) profile. Tested in my
workstation (actually this is my setup for music) using Debian Stable.
 2023-09-10 11:00:27 +01:00
Jose Maldonado aka Yukiteru
43ade39bbd Fix access to /tmp/user/@{uid} in Debian Stable 
Firefox require access to /tmp/user/@{uid}/ for downloads in Firefox ESR
for actual Debian Stable (FirefoxESR-102.15.0esr-1-deb12u1)
 2023-09-10 11:00:27 +01:00
Alexandre Pujol
f008e9c6cf
feat: remove some useless or deprecated profiles 2023-09-07 17:59:29 +01:00
Alexandre Pujol
6b159fe918
feat: cleanup ignored profile list. 2023-09-07 17:58:47 +01:00
Alexandre Pujol
1fb2de0acd
feat(profiles): general update. 2023-09-05 23:36:46 +01:00
Alexandre Pujol
7b4979cc63
feat(profiles): update snap profiles. 2023-09-05 23:33:58 +01:00
Alexandre Pujol
245db40b2d
fix(abs): update pci path for disk acess. 2023-09-05 23:32:11 +01:00
Alexandre Pujol
19c1bcc2c7
fix(tunable): pci id are hex. 2023-09-05 23:23:06 +01:00
Alexandre Pujol
7c24dde028
feat(profile): rewrite profile for vscode (wip). 2023-09-05 19:15:01 +01:00
Alexandre Pujol
73ff7efe60
refractor(profile): merge swapon & swapoff 2023-09-05 19:09:11 +01:00
Alexandre Pujol
9a614a3502
feat(profiles): improve opensuse integration. 
See:  #208
 2023-09-05 16:53:50 +01:00
Alexandre Pujol
155ef6bef1
feat(profiles): general update. 2023-09-05 16:42:06 +01:00
Alexandre Pujol
1fb5475ad1
fix(profiles): compatibilty with some dist. 
See #191
 2023-09-05 16:36:20 +01:00
Alexandre Pujol
a3cacccd90
fix(profiles): ensure some profile do not break when sandboxed. 
See #191
 2023-09-05 16:34:22 +01:00
Alexandre Pujol
e169ea5ccf
fix(profiles): ensure entry points for snap work. 2023-09-05 13:59:37 +01:00
curiosityseeker
41525621aa
Various updates (#204) 2023-09-04 13:58:07 +00:00
glitsj16
090349bed2
xdg-user-dirs.d/apparmor.d: ftx typo (#207) 2023-09-04 08:58:29 +00:00
Alexandre Pujol
ad13a1a0c3
feat(profiles): remove profile for wget. 2023-09-03 20:28:31 +01:00
Alexandre Pujol
ca2469c470
feat(profiles): add aa-teardown 2023-09-03 20:27:32 +01:00
Alexandre Pujol
b2fa7bacb8
feat(profiles): general update. 2023-09-01 22:50:43 +01:00
Alexandre Pujol
0c151259d2
feat(profiles): update kde group. 2023-09-01 22:47:37 +01:00
Alexandre Pujol
aea0034fcc
chore: various cosmetic changes. 2023-09-01 19:26:52 +01:00
curiosityseeker
c2bb733624
Various updates (#201) 2023-09-01 18:09:45 +00:00
curiosityseeker
86b1ee4df2
Updating sddm, plasmashell, kwin_wayland, startplasma, kscreenlocker-greet and mesa and wayland abstractions (#200) 
* Update sddm

* Update plasmashell

* Update kwin_wayland

* Update kscreenlocker-greet

* Update startplasma

* Update complete

Needed by various applications, e.g. kwin_wayland.

* Mesa rules for sddm
 2023-08-30 18:48:25 +00:00
Alexandre Pujol
266db5d030
chore: cosmetic. 2023-08-27 15:50:51 +01:00
Alexandre Pujol
993d490a62
feat(profiles): add aa-complain. 2023-08-27 15:47:49 +01:00
Alexandre Pujol
a30d3dd415
feat(profiles): add element-desktop. 2023-08-27 15:42:30 +01:00
Alexandre Pujol
22e57b3620
feat(profiles): apply guideline on some profile. Update flags list. 2023-08-27 15:30:18 +01:00
Alexandre Pujol
7a5096e7d8
feat(profiles): add inital version of dolphin. 2023-08-27 15:24:54 +01:00
Alexandre Pujol
ad3e5a5dcf
feat(profiles): add protonmail-bridge. 2023-08-27 15:17:36 +01:00
Alexandre Pujol
8cfe2780d4
feat(profiles): rewrite the spotify profile. 2023-08-27 15:00:02 +01:00
Alexandre Pujol
b0eed1ae39
feat(profiles): add transmission-gtk 2023-08-27 14:59:02 +01:00
Alexandre Pujol
4d79af2203
feat(profiles): add gnome-extension-gsconnect 2023-08-27 14:57:50 +01:00
Alexandre Pujol
75ef5ef6ad
feat(profiles): general update. 2023-08-27 14:54:04 +01:00
Alexandre Pujol
19331acaa9
feat(profiles): improve dbus related rules. 2023-08-27 14:46:49 +01:00
Alexandre Pujol
2db6b12a9b
chore: cosmetic on snap profiles. 2023-08-27 14:42:13 +01:00
Alexandre Pujol
eb1c03949f
feat(abs): improve some abstraction. 2023-08-27 14:40:56 +01:00
Alexandre Pujol
ec3c5cd62e
feat(profiles): improve kde integration. 2023-08-27 14:32:08 +01:00
Alexandre Pujol
41e0ac6ba8
feat(profiles): rewrite dpkg profile. 2023-08-27 13:30:01 +01:00
curiosityseeker
7f4cef2fff
Kwin wayland, kwin wayland wrapper and sddm (#198) 
* Update kwin_wayland

Please check the udev rules and change them if needed - I'm not familiar with them.

* Update kwin_wayland_wrapper

* Update sddm

* Update kwin_wayland_wrapper

Reverting change for @{run}/user/@{uid}

* Update kwin_wayland: Correct udev rule

* Update kwin_wayland: adding the wayland abs

* Update sddm: reverting owner /tmo rules

* Update sddm: reverting /usr/share/X11/xkb rule

* Update sddm: adding the mesa abs

* Update kwin_wayland: order udev rules
 2023-08-27 11:19:13 +00:00
Alexandre Pujol
393f7001dc
fix(aa-log): profile template. 
See #182
 2023-08-26 11:32:56 +01:00
Alexandre Pujol
d80b758968
feat(abs): modernize disk-read/write abs. 2023-08-24 19:34:21 +01:00
Alexandre Pujol
25782cb925
feat(abs): devices-usb - remove unneeded udev rule. 2023-08-24 19:32:45 +01:00
Alexandre Pujol
07cfbcd952
feat(profiles): modernize udev access. 2023-08-24 19:31:54 +01:00
Alexandre Pujol
73cb5a4545
feat(profiles): add kwin_wayland. 2023-08-23 18:14:22 +01:00
curiosityseeker
80b2124807
kded5, plasmashell, startplasma and sddm updates (#197) 
* Update kded5

* Update startplasma

* Update plasmashell

* Update sddm
 2023-08-23 12:54:28 +00:00
Alexandre Pujol
96b8f96137
feat(profiles): general update. 2023-08-22 23:23:47 +01:00
Alexandre Pujol
261778dbb3
revertL dbus session unix address. 2023-08-22 18:54:39 +01:00
Alexandre Pujol
360230b2a5
feat(profiles): general update. 2023-08-21 23:32:10 +01:00
Alexandre Pujol
6756ca8138
fix(abs): gstreamer cache structure. 2023-08-21 23:27:35 +01:00
Alexandre Pujol
3c6898db5a
fix(tunables): pci devices path. 2023-08-21 23:27:00 +01:00
Alexandre Pujol
0ed036efd5
feat(firefox): minor firefox update. 2023-08-21 23:23:08 +01:00
Alexandre Pujol
5dbc42aaab
feat(abs): update some abstractions. 2023-08-21 23:21:14 +01:00
Alexandre Pujol
310f36f433
feat(tunables): some variables tweak definition. 2023-08-21 23:10:31 +01:00
Alexandre Pujol
5badb6f32c
feat(tunables): add a new @{rand10} variable. 2023-08-19 14:33:07 +01:00
Alexandre Pujol
5704d1ba20
feat(profiles): various profile fixes. 2023-08-19 14:01:50 +01:00
Alexandre Pujol
1dbced42ed
feat(tunables): add a new @{pci} variable. 2023-08-18 22:35:32 +01:00
Alexandre Pujol
275d6b6e62
feat(profiles): replace old [0-9]* glob by @{int} 
Beware some [0-9]* glob are actually not proper @{int}.
 2023-08-18 17:09:53 +01:00
Alexandre Pujol
8ea4491a56
fix(abs): some block device use more than int as identifier. 2023-08-18 15:24:22 +01:00
Alexandre Pujol
b2d093e125
feat(abs): restric abstraction by using new @{int} and @{rand} variables. 2023-08-17 21:24:02 +01:00
Alexandre Pujol
557d905543
Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables 
* 'tunables' of https://github.com/nobody43/apparmor.d:
  dbus temp tails
  Update apparmor.d
  Update gdm-runtime-config
  more unrelated changes
  adjust date-time
  random tails
  rename to int, convert more profiles
  fixes
  tunables
 2023-08-17 20:01:53 +01:00
curiosityseeker
7b018a60bd
Update pacman (#193) 
* Update pacman

`@{exec_path} mr,` is causing the following errors:

```
ALLOWED pacman exec owner /usr/bin/pacman -> pacman//null-/usr/bin/pacman comm=bash requested_mask=x denied_mask=x
ALLOWED pacman//null-/usr/bin/pacman file_inherit owner /dev/pts/4 comm=pacman requested_mask=wr denied_mask=wr
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/bin/pacman comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman file_mmap owner /usr/lib/ld-linux-x86-64.so.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.preload comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /etc/ld.so.cache comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman open owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r
ALLOWED pacman//null-/usr/bin/pacman getattr owner /usr/lib/libalpm.so.13.0.2 comm=pacman requested_mask=r denied_mask=r

etc.
```
`@{exec_path} mrix,`  fixes it. 

Commits for new profiles for `checkrebuild` and `pkgfile`  will follow.

* Fix pacman update

* Update apparmor.d/groups/pacman/pacman

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2023-08-17 18:49:56 +00:00
curiosityseeker
c2c745888c Update complete 
Move entries from child-open to this abstraction.
 2023-08-17 19:43:29 +01:00
curiosityseeker
2299eb00f6 Partially revert change in child-open 2023-08-17 19:43:29 +01:00
curiosityseeker
f2511210af Update complete 
Adding `kde-open`
 2023-08-17 19:43:29 +01:00
curiosityseeker
c409fe84d2 Create complete 
`child-open` includes the `xdg-open` abstraction which in turn includes the `kde-open5` abstraction which contains `/usr/bin/kde-open5 rix,` but NOT `/usr/bin/kde-open rix,`causing an error.
 2023-08-17 19:43:29 +01:00
curiosityseeker
9da2809695 Update child-open 
Adding gwenview and libreoffice
 2023-08-17 19:43:29 +01:00
curiosityseeker
6fc8cd3e60
Brave: adjust @{exec_path} (#161) 
The path in Ubuntu is:
/opt/brave.com/brave/brave

The path in Arch is:
/opt/brave-bin/brave

That's why Brave was not confined on Arch.
 2023-08-17 18:41:13 +00:00
ShellCode
cc8210a1bd
Fix xdg user dirs (#186) 
* Rename XDG_*_HOME to XDG_*_DIR for consistent naming

* tunables/xdg-user-dirs.d/apparmor.d now includes 'apparmor.d.d' subfolder to permit user override
 2023-08-17 18:28:10 +00:00
Alexandre Pujol
5ee31716ae
feat(profile): split evince profiles in multiple files. 2023-08-17 18:47:53 +01:00
Alexandre Pujol
f3ab8d2c71
refractor: rename some vscode related profile 2023-08-17 18:47:01 +01:00
Alexandre Pujol
3f8d559dcc
feat(profiles): add some thunderbird related profiles. 2023-08-17 18:45:10 +01:00
Alexandre Pujol
5d47dfba95
feat(profiles): general update. 2023-08-17 18:43:56 +01:00
Alexandre Pujol
f7b9ff959a
feat(profiles): rewrite the signal-desktop profile. 2023-08-17 18:37:36 +01:00
Alexandre Pujol
5911c43930
Merge branch 'main' of github.com:roddhjav/apparmor.d 
* 'main' of github.com:roddhjav/apparmor.d:
  fix: signal-desktop (#195)
 2023-08-17 18:35:50 +01:00
Cyril Levis
b49bd32564
fix: signal-desktop (#195) 
issue: https://github.com/roddhjav/apparmor.d/issues/194
 2023-08-14 15:55:02 +00:00
Alexandre Pujol
1db6f5f67c
feat(profiles): improve ibus entry point. 2023-08-13 21:19:16 +01:00
Alexandre Pujol
09943156bc
feat(profiles): add multipath profiles 
See #134

Signed-off-by: @cboltz
 2023-08-13 20:06:08 +01:00
Alexandre Pujol
a2c35b07a5
fix: libvirtd profile. 2023-08-06 16:45:39 +02:00
Alexandre Pujol
03cf850666
feat(profile): support for diverse wayland compositors. 
See #165
 2023-08-06 16:31:49 +02:00
Alexandre Pujol
1cac6715db
feat(profiles): general update. 2023-08-06 16:30:38 +02:00
Alexandre Pujol
cdc10fdb31
feat(profiles): general update. 
See #134
 2023-08-06 16:06:17 +02:00
Alexandre Pujol
5938079dfd
fix: missing "startplasma-wayland" profile, but "sddm" tries to transition to it. 
#188
 2023-08-06 10:22:05 +02:00
curiosityseeker
4894d6a3c4
Adding /dev/tty[0-9]* and /dev/pts/[0-9]* to various profiles; update kded5 and reflector (#183) 
* Update update-mime-database

* Update btrfs

* Update update-grub

* Update pacman-hook-depmod

* Update pacman

* Update systemd-sysusers

* Update lscpu

* Update pacman-hook-systemd

* Update pacman-hook-perl

* Update pacman-hook-gtk

* Update needrestart-iucode-scan-versions

* Update reflector

* Update kded5
 2023-07-27 11:23:04 +00:00
ShellCode
0f9b7cb474
Fix #184 (#185) 
* Replace @{HOME}/.config with @{user_config_dirs}

* Replace @{HOME}/.cache with @{user_cache_dirs}

* Replace @{HOME}/.local/state with @{user_state_dirs}

* Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d

* Update docs/variables.md

* Replace @{HOME}/.local/share with @{user_share_dirs}

* Replace @{HOME}/.local/lib with @{user_lib_dirs}

* Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d"

This reverts commit 9525003098.
 2023-07-27 11:20:19 +00:00
curiosityseeker
714971911a
Update needrestart (#181) 2023-07-24 10:31:03 +00:00
Alexandre Pujol
2307c536b3
feat: add XDG_MAIL_DIR variable 2023-07-20 21:19:23 +01:00
Alexandre Pujol
9b4be2d2c4
feat(profiles): rewrite the thunderbird profile. 
Only thunderbird version 115+ is supported.
 2023-07-20 21:12:37 +01:00
Alexandre Pujol
a79f03f038
feat(kde): improve support for kde. 2023-07-20 21:10:19 +01:00
Alexandre Pujol
1424fb5493
feat(profiles): add iio-sensor-proxy 2023-07-20 21:09:18 +01:00
Alexandre Pujol
af1eda51bd
feat(profiles): general update. 2023-07-20 21:07:27 +01:00
Alexandre Pujol
a3d121fe23
feat(kde): improve support for support. 2023-07-20 21:04:22 +01:00
Alexandre Pujol
d2a650f6c6
feat(profiles): improve dbus integration. 2023-07-20 21:00:41 +01:00
Alexandre Pujol
2a4fa1e6de
refactor(profiles): move thunderbird and code profiles. 2023-07-20 20:54:36 +01:00
Alexandre Pujol
ce7209f2a1
feat(kde): improve kde integration (wip). 2023-07-18 22:30:01 +01:00
Alexandre Pujol
9c08b36182
feat(profiles): general update. 2023-07-18 22:28:30 +01:00
Alexandre Pujol
b4311dac65
fix(profiles): add missing firefox_config_dirs. 2023-07-12 22:01:28 +01:00
Alexandre Pujol
db35aa9249
feat(profiles): add firefox glxtest & vaapitest profiles. 2023-07-12 21:59:13 +01:00
Alexandre Pujol
0bf068d3f2
fix: add missing lib vars. 2023-07-09 15:15:20 +01:00
Alexandre Pujol
dab27a492d
feat(profiles): update dhcpcd. 2023-07-09 15:13:59 +01:00
Alexandre Pujol
1f75dc9956
build: update build for new bin & lib variables 2023-07-09 15:09:32 +01:00
Alexandre Pujol
2b2c42d23c
refactor(profiles): use @{bin} and @{lib} in profiles (7) 2023-07-09 14:59:53 +01:00
Alexandre Pujol
7c2c806ffa
refactor(profiles): use @{bin} and @{lib} in profiles (6) 2023-07-09 14:46:56 +01:00
Alexandre Pujol
fcedbbfd95
refactor(profiles): use @{bin} and @{lib} in profiles (5) 2023-07-09 14:34:42 +01:00
Alexandre Pujol
43b0f09b65
refactor(profiles): use @{bin} and @{lib} in profiles (4) 2023-07-09 14:23:22 +01:00
Alexandre Pujol
27daa7c9bb
refactor(profiles): use @{bin} and @{lib} in profiles (3) 2023-07-09 14:09:55 +01:00
Alexandre Pujol
2eed3b725f
refactor(profiles): use @{bin} and @{lib} in profiles (2) 2023-07-09 13:30:27 +01:00
Alexandre Pujol
bb71f49598
refactor(profiles): use @{bin} and @{lib} in profiles (1) 2023-07-09 13:20:25 +01:00
Alexandre Pujol
59469b57b4
feat(profiles): general update. 2023-07-09 12:30:09 +01:00
Alexandre Pujol
1a82f00d2f
feat(profiles): rewrite vscode profile. 2023-07-09 12:26:38 +01:00
Alexandre Pujol
6d7996a2fd
fix: allow thunderbird to be started by gnome. 
fix #175
 2023-07-08 12:58:58 +01:00
Alexandre Pujol
501d0afa35
feat(profiles): akonadi update. 2023-07-08 12:44:05 +01:00
Alexandre Pujol
7deac2c904
feat(profiles): add mutter-x11-frames. 2023-07-08 12:39:24 +01:00
Alexandre Pujol
6715564053
feat(profiles): general update. 2023-07-08 12:37:40 +01:00
Alexandre Pujol
62cb1d9b96
feat: improve firefox profile 
- New subprofile
- Restric udev/data
 2023-07-08 12:30:01 +01:00
Alexandre Pujol
2e69fa0a01
feat: remove unsuported profiles. 2023-07-08 12:28:47 +01:00
Alexandre Pujol
03753373a9
fix: discord entrypoint. 
fix  #174
 2023-07-08 12:28:07 +01:00
curiosityseeker
10bd4973c5
General update (#172) 
* Update akonadi_mailfilter_agent

* Update plasmashell

https://github.com/roddhjav/apparmor.d/discussions/168

Adding k, to the "targets" suggested by audit.log

* Update pacman
 2023-07-04 09:55:51 +00:00
Alexandre Pujol
69490ed262
feat: add @{lib} and @{bin} variable def. 2023-07-03 14:11:07 +01:00
Alexandre Pujol
11617131ce
feat(profiles): general update. 2023-07-03 14:09:25 +01:00
curiosityseeker
98e59e9336
Akonadi and plasmashell updates (#163) 
* Update plasmashell

* Update akonadi_akonotes_resource

* Update akonadi_archivemail_agent

* Update akonadi_birthdays_resource

* Update akonadi_contacts_resource

* Update akonadi_control

* Update akonadi_followupreminder_agent

* Update akonadi_ical_resource

* Update akonadi_indexing_agent

* Update akonadi_maildir_resource

* Update akonadi_maildispatcher_agent

* Update akonadi_mailfilter_agent

* Update akonadi_mailmerge_agent

* Update akonadi_migration_agent

* Update akonadi_newmailnotifier_agent

* Update akonadi_sendlater_agent

* Update akonadi_unifiedmailbox_agent

* Revert change

* Revert change

* Revert change

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change

* Revert change

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change

* Revert change

* Revert change

* Removing /usr/share/icons/{,**} again

* Adding the audio abstraction

* Adding the consoles abstraction

* plasmashell: adding back /dev/shm/ r, and /dev/ptmx rw,

* akonadi_mailfilter_agent: removing the user-tmp abstraction

I haven't been able to observe new related requests.

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
 2023-06-14 21:46:34 +00:00
Jeroen Rijken
96c79417cc Add vscodium & thunderbird 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
d0553ff4f7 Add apt-overlay 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
83bff808dc dpkg updates 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
a84f0b540c Add unix domain socket 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
Jeroen Rijken
5ccd92e12f General update 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
 2023-06-13 17:58:22 +01:00
curiosityseeker
0a468caff2 Revert adding the user-tmp abstraction 2023-06-13 17:53:14 +01:00
curiosityseeker
a93c80fac0 Fix kde-powerdevil 
copy and paste error
 2023-06-13 17:53:14 +01:00
curiosityseeker
0bb8937cc2 Update mullvad-daemon 2023-06-13 17:53:14 +01:00
curiosityseeker
6227a51d86 Update kde-powerdevil 2023-06-13 17:53:14 +01:00
curiosityseeker
4deb8f135a Update mount 2023-06-13 17:53:14 +01:00
Alexandre Pujol
a98a86600a
feat(profiles): general update. 2023-06-13 17:15:37 +01:00