mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1503 commits 23 branches 109 tags 32 MiB
Commit graph

53 commits

Author SHA1 Message Date
Steve Beattie
bdb6eb82b6 Merge from trunk revision 1615: abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:35:15 -06:00
Steve Beattie
9142fc482a Merge from trunk revision 1614: abstractions/X: allow access to 
/usr/lib32 and /usr/lib64 for dri modules (LP: #658135)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:34:12 -06:00
Steve Beattie
1c55cf035c Merge from trunk revision 1613: add enchant abstraction. Enchant is a 
frontend for spellcheckers and in use by more and more applications,
including empathy and evolution. It is listed on freedesktop.org. See:
http://www.abisource.com/projects/enchant/

This abstraction gives access to enchant itself, files in the user's
home directory for enchant and various dictionaries for:
  - aspell
  - ispell
  - hunspell
  - myspell
  - hspell
  - zemberek
  - voikko

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:31:44 -06:00
Steve Beattie
05dfb21b32 Merge from trunk revision 1612: allow 'rw' to /var/log/samba/cores/ 
(LP: #652562)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:30:18 -06:00
Steve Beattie
4f856a0510 Merge from trunk revision 1611: add preliminary ibus abstraction. Will 
likely need more once more ibus users start to use it. Additionally,
the 'rw' on the @{HOME}/.config/ibus/bus/ probably only needs 'create'
and 'chmod', so that could be tightened up once those are exposed in
the tools. LP: #649497.

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:28:30 -06:00
Steve Beattie
0a14cf2849 Merge from trunk revision 1610: abstractions/user-manpages: require 
owner match for files in @{HOME} and /tmp

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:26:42 -06:00
Steve Beattie
fcd150c239 Merge from trunk revision 1609: abstractions/user-mail: 
- use character globbing
  - require owner match for files in @{HOME}

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:25:16 -06:00
Steve Beattie
b33ff8be7f Merge from trunk revision 1608: abstractions/user-write: 
- require owner match
  - add @{HOME}/Public/

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:23:58 -06:00
Steve Beattie
27257d564b Merge from trunk revision 1607: abstractions/user-download: 
- fix typo for Desktop (should be Desktop/)
  - require owner match
  - allow writes to @{HOME}/[dD]ownload{,s}

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:21:38 -06:00
Steve Beattie
5bde5e2fae Merge from trunk revision 1618: add more restrictions to the 
private-files and private-files-strict blacklist abstractions.

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-12 13:06:54 -06:00
Jamie Strandboge
94e2e19f02 abstractions/ubuntu-browsers: adjust sensible browser to use Pixr 2010-10-22 07:51:57 -05:00
Jamie Strandboge
aedac26b32 abstractions/ubuntu-email: adjustment for ever-changing path of thunderbird 
(LP: #648900)
 2010-09-27 08:48:30 -05:00
Steve Beattie
0c754fe701 Merge from trunk rev 1411: network interface enumeration 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-09-10 13:19:38 -07:00
Steve Beattie
eeb523ab16 Merge from trunk rev 1410: update for font/icon/mime locations in 
current gnome.

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-09-10 13:18:28 -07:00
Steve Beattie
90e414f0ab Merge from trunk rev 1467: Add gdm files to X abstraction. 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-09-10 13:13:56 -07:00
Jamie Strandboge
15f61e5e5b profiles/apparmor.d/abstractions/ubuntu-email: add thunderbird 3 
profiles/apparmor.d/abstractions/ubuntu-media-players: add gmplayer
profiles/apparmor.d/abstractions/ubuntu-*: use PUx instead of Ux
 2010-09-10 10:28:28 -05:00
Jamie Strandboge
e843ad3457 cherrypick r1483 from trunk: 
allow mmap of font cache files in @{HOME}/.fontconfig/ for sun-java6
 2010-09-08 13:58:37 -05:00
Jamie Strandboge
9333e221bc update fonts abstraction to add '/var/lib/ghostscript/** r,' 2010-09-03 08:42:29 -05:00
Jamie Strandboge
523738348c merge from trunk: abstractions/ubuntu-browsers: add '/usr/bin/sensible-browser 
PUxr'
 2010-08-30 11:11:34 -05:00
Steve Beattie
5fe2fc0c3f Merge from trunk r1462: remove kde4-config from the kde abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-11 12:06:38 -07:00
Steve Beattie
25f5cc50b3 Merge from trunk r1466: add ca-certificates to ssl_certs abstraction 
(LP: #605835)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-11 12:02:36 -07:00
Steve Beattie
72141e5a6e Merge r1457 from trunk: 'owner' match in commit 1406 too strict for 
/tmp/ and /var/tmp/ (LP: #615177)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-10 09:12:34 -07:00
Steve Beattie
d323db562a Merge revs 1403, 1417, 1447 from trunk: 
* add dbus-session abstraction (and use Pix rather than Uix)
 * fix gnome abstraction for gdk pixbuf loaders (LP: #611248)

Nominated by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-05 10:44:08 -07:00
Steve Beattie
6f7dad8790 Merge: r1389: add 'k' to /var/lib/samba/**.tdb in the samba abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:26:22 -07:00
Steve Beattie
f0d5b09b9f Merge: r1397-r1398: adjust cgi path for php5 abstraction (LP: #538661) 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:24:35 -07:00
Steve Beattie
ab10eafaaf Merge r1406: abstractions/user-tmp: require 'owner' matching 
Nominated-by: Jamie-Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:22:54 -07:00
Steve Beattie
aa106808fd Merge: r1409: statvfs allowed by default 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:21:10 -07:00
Jamie Strandboge
fd3baa930e add ubuntu-bittorrent-clients and ubuntu-media-players abstractions 2010-03-08 13:50:25 -06:00
Jamie Strandboge
df05261cd3 add /etc/sound to audio abstraction 2010-03-08 13:49:37 -06:00
Kees Cook
69ebfc4cda update python shared library paths for "pyshared" 2010-01-29 10:10:31 -08:00
Kees Cook
a0e8bf9661 update php5 abstraction, add more details to apache hat documentation, include a common apache2 abstraction for use with hats 2010-01-03 13:16:38 -08:00
Jamie Strandboge
45dc9d4d08 add /opt/google/chrome/google-chrome to ubuntu-browsers (TODO: abstract 
out to third-party-browsers)
 2009-12-04 11:37:10 -06:00
Kees Cook
92b9063527 update KDE abstraction, from Ubuntu 2009-11-11 11:45:49 -08:00
Kees Cook
40e8c9f6e6 merge profiles from Ubuntu, including change_hat apache2 template 2009-11-11 11:42:30 -08:00
Jamie Strandboge
84565d5407 abstractions/gnome: add /etc/gnome/defaults.list 2009-11-10 14:04:26 -06:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
John Johansen
7e49a0004b Update ntpd to contain rejects for bnc#433368 and bnc#402693 2008-11-05 14:23:25 +00:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
John Johansen
777ff460f8 update profiles for bugs that have been reported by various users 2008-02-19 10:35:19 +00:00
Seth Arnold
d66a9b2886 fixes for abstractions from Mathias Gug 2007-08-28 23:05:56 +00:00
Seth Arnold
c2f555ba0f abstractions fixes from Mathias Gug (Ubuntu) 2007-08-28 22:39:52 +00:00
Seth Arnold
8621cb193a some new abstractions from Mathias Gug 2007-08-27 23:49:51 +00:00
Seth Arnold
cbf2d633b2 Bug 295086 - abstractions/X lists /usr/X11R6 2007-08-23 23:26:49 +00:00
Seth Arnold
7486b2bbb0 Bug 288960 - nscd with nss_ldap and sasl/gss bind to ldap server failed 2007-08-23 23:22:06 +00:00
Seth Arnold
448fc73350 Bug 287579 - <abstractions/X> doesn't allow access to /usr/share/X11 and other xorg directories 2007-08-23 23:12:53 +00:00
Seth Arnold
1b92358fe1 Bug 241479 - Fix for usr.sbin.nscd profile 2007-08-23 22:49:11 +00:00
Steve Beattie
4cc2f981a3 [https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/132468] 
Dur, I put the wrong entry for resolvconf in the nameservice
abstraction, fixing.
 2007-08-21 21:53:27 +00:00
Dominic Reynolds
cd007f1162 Updates for cups, add inet|inet6 dgram|stream to nameservice abstraction 2007-08-17 21:46:56 +00:00
Steve Beattie
1f0169a5f9 Launchpad bug #132468: Nameservice abstraction should also include 
/var/run/resolvconf/resolv.conf:

  The Nameservice abstraction configuration file
  (/etc/apparmor.d/abstractions/nameservice) permits reads access to
  (amongst other paths) /etc/resolv.conf.

  However, on systems using resolvconf, this is a symbolic link to
  /etc/resolvconf/run/resolv.conf -- where /etc/resolvconf/run itself
  is a symlink to /var/run/resolvconf.
 2007-08-14 14:50:09 +00:00
Seth Arnold
0b888a5203 removing /opt/gnome, /opt/OpenOffice.org, /usr/X11R6/, /opt/mozilla 2007-06-11 04:09:23 +00:00