mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-09 02:41:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
4553 commits 23 branches 109 tags 32 MiB
Commit graph

386 commits

Author SHA1 Message Date
John Johansen
533b4ab5b6 Merge branch 'drg-mods-1' into 'master' 
Abstractions need write access to create/update some common config dirs

See merge request apparmor/apparmor!165

Acked-by: John Johansen <john.johansen@canonical.com>
 2018-08-14 23:58:25 +00:00
Vincas Dargis
94014c09f0 Add kde-icon-cache-write abstraction 
KIconLoader uses ~/.cache/icon-cache.kcache, and it is opened in
read-write mode. Because access to it does not seem to be critical, and
read-only mode is not used, rules for accessing this cache is added to
it's own new "write" abstraction, instead of making kde abstraction more
permissive by default.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2018-08-14 16:49:30 -07:00
Vincas Dargis
7345f61e9c Add kde-language-write abstraction 
Currently, kde abstraction only allows reading
~/.config/klanguageoverridesrc file (by design). Some KDE applications
has option to change language for it's interface, and this needs write
access. This is fixed by introducing new abstraction.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2018-08-14 16:49:16 -07:00
Vincas Dargis
fae93f1b6c Add kde-globals-write abstraction 
Currently, kde abstraction only allows reading ~/.config/kdeglobals (by
design), though some applications might need to update it's contents
such as KFileDialog settings. This patch fixes it by introducing new
abstraction.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2018-08-14 16:49:07 -07:00
John Johansen
ec86a15322 Merge branch 'recent-documents-write' into 'master' 
Add recent-documents-write abstraction

See merge request apparmor/apparmor!163

Acked-by: John Johansen <john.johansen@canonical.com>
 2018-08-14 23:26:02 +00:00
Daniel Richard G
7972c038d7 Updated abstractions to allow writing to some common config dirs 2018-08-14 16:38:18 -04:00
Daniel Richard G
094dc741ee Updated abstractions to allow creating some common config dirs 2018-08-14 16:38:18 -04:00
John Johansen
085e2fc1a4 Merge branch 'kde-settings' into 'master' 
Update kde abstraction for common settings

See merge request apparmor/apparmor!162

Acked-by: John Johansen <john.johansen@canonical.com>
 2018-08-08 05:33:00 +00:00
John Johansen
e76181c4d9 Merge branch 'cboltz-ssl-dehydrated' into 'master' 
add dehydrated certificate location to ssl_* abstractions

See merge request apparmor/apparmor!161

Acked-by: John Johansen <john.johansen@canonical.com>
 2018-08-08 05:31:39 +00:00
Vincas Dargis
4fe8ae97c4 Add recent-documents-write abstraction 
Add abstraction for updating recent documents list.
 2018-08-07 23:27:23 +03:00
Vincas Dargis
867442e962 Update kde abstraction for common settings 
Add rules to allow reading common KDE-specific settings, used mostly by
native KDE file dialog.
 2018-08-07 20:20:08 +03:00
John Johansen
4200932d8f Merge branch 'binmerge' into 'master' 
profiles: support distributions which merge sbin into bin

Closes #8

See merge request apparmor/apparmor!149

Acked-by: John Johansen <john.johansen@canonical.com>
 2018-08-07 09:53:17 +00:00
John Johansen
bc4aa43d64 Merge branch 'cboltz-abstractions-opencl-pocl' into 'master' 
Fix typo (double /) in opencl-pocl abstraction

See merge request apparmor/apparmor!158

Acked-by: John Johansen <john.johansen@canonical.com>
 2018-08-07 09:16:56 +00:00
Christian Boltz
2e8b902248
add dehydrated certificate location to ssl_* abstractions 
I don't use dehydrated myself, therefore this is based on the comments
on https://build.opensuse.org/request/show/533380
 2018-08-06 23:15:06 +02:00
Christian Boltz
763a6787d8 Merge branch 'add-path-to-abstractions-python' into 'master' 
Allow /usr/local/lib/python3/dist-packages in abstractions/python

See merge request apparmor/apparmor!160

Acked-by: John Johansen <john.johansen@canonical.com>

Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10..master
 2018-08-06 18:11:37 +00:00
segfault
6a10f07650 Allow /usr/local/lib/python3/dist-packages in abstractions/python 2018-08-06 19:53:16 +02:00
Christian Boltz
a054855433
Fix typo (double /) in opencl-pocl abstraction 2018-08-05 17:03:34 +02:00
Daniel Richard G
ac1d0545f4 ldapclient abstraction: allow rw access to the nslcd socket. 
This addresses https://launchpad.net/bugs/1575438 and also the case of
applications accessing the socket directly (due to NSS config).
 2018-07-30 22:49:24 -04:00
intrigeri
34dbe372c5 Rename @{usr_share} → @{system_share_dirs} and @{home_local_share} → @{user_share_dirs}. 
Thanks a lot to Simon McVittie for the much better names suggestion.
 2018-07-27 06:33:42 +00:00
intrigeri
51f2259c08 freedesktop.org abstraction: refactor (factorize) for consistency. 
This change makes the @{home_local_share} rules similar to the
@{usr_share} ones.
 2018-07-27 06:28:22 +00:00
intrigeri
aed447aca2 freedesktop.org abstraction: simplify by not attempting to guess the exhaustive list of files that can exist in {~/.local/share,/usr/share}/applications/. 
As Simon McVittie wrote, "if a specification or library creates extra caches, or
has .desktop files in a subdirectory, or anything like that, then I don't see
why we wouldn't want to allow reading those too".
 2018-07-27 06:26:57 +00:00
intrigeri
9d843b90fe kde abstraction: drop redundant rules for icons access. 
These rules are already in abstractions/freedesktop.org that's included
by the abstractions/kde.
 2018-07-27 06:22:29 +00:00
intrigeri
160f1027e4 freedesktop.org abstraction: DRY by factorizing duplicated path components with variables. 
These alternations will need to grow quite a bit in order to support Flatpak
exports. Let's avoid repeating ourselves too much.
 2018-07-27 06:21:40 +00:00
Cameron Nemo
9ab45d811e profiles: support distributions which merge sbin into bin 
Closes #8
 2018-07-25 14:07:35 -07:00
intrigeri
59865e54c5 mesa abstraction: allow locking .cache/mesa_shader_cache/??/*. 
At least Totem needs it on current Debian sid.
 2018-07-24 07:21:51 +00:00
Christian Boltz
01f41fbff8
adjust abstractions/python for python 3.7 
Python 3.7 was released yesterday - and to make the abstraction
future-proof, also cover 3.8 and 3.9 in advance ;-)
 2018-06-28 13:34:08 +02:00
Vincas Dargis
a0c719df73 Add mesa abstraction 
Add mesa abstraction to allow writing to the Mesa-specific cache
locations and listing devices. Abstraction is needed for applications
utilizing OpenGL API with Mesa implementation available on the system.
 2018-06-23 17:07:05 +03:00
Christian Boltz
1185df3c65
fix path for apache2 stapling-cache 
... to match the default apache settings

See also the discussion on the mailinglist:
https://lists.ubuntu.com/archives/apparmor/2018-June/011688.html
 2018-06-17 16:16:22 +02:00
Jamie Strandboge
0c7c34c6f1 Merge branch 'vulkan' into 'master' 
Add Vulkan abstraction

See merge request apparmor/apparmor!126
 2018-05-22 21:45:31 +00:00
Vincas Dargis
47520931be Add Vulkan abstraction 
Add abstraction for Vulkan API specific file paths.
 2018-05-22 21:48:13 +03:00
Jamie Strandboge
c1431bc2de Merge branch 'nvidia-app-profiles' into 'master' 
Update nvidia for reading application profiles

See merge request apparmor/apparmor!125
 2018-05-22 18:24:19 +00:00
Vincas Dargis
f2e0fdc72b Update nvidia for reading application profiles 
Add file rule to allow reading application profiles for NVIDIA
Linux graphics driver.
 2018-05-22 20:43:56 +03:00
Vincas Dargis
8237d6e776 Add OpenCL abstractions 2018-05-13 20:14:15 +00:00
Jamie Strandboge
7bd3029f25 Merge branch 'update-fonts' into 'master' 
Update fonts for Debian and openSUSE

See merge request apparmor/apparmor!96
 2018-04-30 10:03:22 +00:00
Christian Boltz
3009b22aec Merge branch 'qt5' into 'master' 
Add qt5 abstraction

See merge request apparmor/apparmor!99

Acked-by: Christian Boltz <apparmor@cboltz.de>
 2018-04-18 22:18:30 +00:00
Vincas Dargis
b902d2505d Update fonts for Debian and openSUSE 
* Allow to read conf-avail dir itself.
* Add various openSUSE-specific font config directories.
 2018-04-18 19:16:29 +03:00
Vincas Dargis
6a85ffe00e Add qt5 abstraction 
Create abtractions/qt5 with common rules needed for Qt5-based
applications.
 2018-04-18 19:12:28 +03:00
Vincas Dargis
0d0a196077 Allow nvidia abstraction to read memory block size 
Fix DENIED message detected with NVIDIA 390.48 drivers.
 2018-04-12 20:36:56 +03:00
Vincas Dargis
0c2690d819 Fix ubuntu-browsers for 64bit openSUSE 
On 64 bit openSUSE system, Chromium and Firefox browsers are installed in
/usr/lib64/ directory.
 2018-04-01 16:48:13 +03:00
Vincas Dargis
11e7dab95e Allow to create .nv directory 
Update nvidia abstraction to allow creating NVIDIA-specific user directories in
case it is missing (due to fresh $HOME or if manually removed for any reason).
 2018-02-16 16:54:32 +02:00
Christian Boltz
e88af93322 Merge branch 'update-base-abstraction' into 'master' 
Update base abstraction for ld.so.conf and friends.

See merge request apparmor/apparmor!62

Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.9..master
 2018-02-15 20:14:38 +00:00
Vincas Dargis
b0456adbd8 Add dri-enumerate abstraction 
Create new dri-enumerate abstraction with rules needed for some GUI applications
allowing to get GPU device information.
 2018-02-04 16:01:27 +02:00
Vincas Dargis
8dd517f6dd Move DRI-specific rules into it's own abstraction 
Add new dri-common abstraction to contain basic DRI-specific rules.

This refactoring is based on a decision to have set of dri-* abstractions for
fine grained control on case-by-case basis. While dri-common is included in X
abstraction by default, additional DRI-related abstractions can be introduced
(such as for enumerating graphics devices) while keeping them logically together
with same dri- prefix.
 2018-02-04 14:21:16 +02:00
Vincas Dargis
6d22c871bf Update base abstraction for ld.so.conf and friends. 
Fix denies for latest Thunderbird and Firefox on Debian Sid due to
missing access to /etc/ld.so.conf and /etc/ld.so.conf.d/*.
 2018-01-26 19:55:31 +02:00
Rene Engelhard
8fc3dcb312 abstractions/gnupg: allow pubring.kbx 2018-01-20 23:54:08 +01:00
John Johansen
bcfb735b9a Merge branch 'cboltz-xauth' into 'master' 
abstractions/X: add another location for .Xauthority

See merge request apparmor/apparmor!39

Acked-by: John Johansen <john.johansen@canonical.com>
 2017-12-22 19:00:36 +00:00
Christian Boltz
bb96e38a90
abstractions/X: add another location for .Xauthority 
With the latest sddm, .Xauthority is now located at
  @{HOME}/.local/share/sddm/.Xauthority
 2017-12-17 15:38:26 +01:00
Vincas Dargis
f73627cbb5 Fix local pulseaudio config file access 
Add rules to allow reading .conf files from $HOME/.config/pulse
and $HOME/.config/pulse/client.conf.d directories.
 2017-12-17 15:56:21 +02:00
Vincas Dargis
7546413b43 Update abstraction for new Thunderbird executable path 
* Add -bin suffix to reach new Thunderbird executable.
 2017-12-07 16:41:10 +00:00
Jamie Strandboge
c4a5e1d554 abstractions/fonts: also allow owner read on ~/.local/share/fonts 
The fonts abstraction had owner rules for ~/.fonts, but the current
standard location[1][2] in XDG_DATA_HOME was missing.

[1]https://cgit.freedesktop.org/fontconfig/commit/?id=8c255fb1
[2]https://lists.freedesktop.org/archives/fontconfig/2014-July/005270.html
 2017-12-05 15:49:55 -06:00