mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
5507 commits 23 branches 109 tags 32 MiB
Commit graph

5 commits

Author SHA1 Message Date
Christian Boltz
f0491d0d64
Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
John Johansen
730db17607 policy: tag policy with the AppArmor 3.0 abi 
Tag profiles and abstractions with abi information.

Tagging abstractions is not strictly necessary but allows the parser
to detect when their is a mismatch and that policy will need an
update for abi.

We do not currently tag the tunables because variable declarations
are not currently affected by abi.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
 2020-05-29 00:23:17 -07:00
Christian Boltz
110d6d214c
switch local includes to "include if exists" 2020-05-03 22:01:13 +02:00
Vincas Dargis
2438179b76 Use @{sys} tunable in profiles and abstractions 
Commit aa06528790 made @{sys} tunable
available by default.

Update profiles and abstractions to actually use @{sys} tunable for
better confinement in the future (when @{sys} becomes kernel var).

Closes LP#1728551
 2018-11-08 20:04:46 +02:00
Vincas Dargis
327420b151 Add nvidia_modprobe named profile 
nvidia-modprobe is setuid executable is used to create various device
files and load the the NVIDIA kernel module
(https://github.com/NVIDIA/nvidia-modprobe).

Add named profile to be used in application profiles for confining
potentially risky setuid application.
 2018-10-02 20:29:10 +03:00