mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1469 commits 23 branches 109 tags 32 MiB
Commit graph

183 commits

Author SHA1 Message Date
Steve Beattie
bdb6eb82b6 Merge from trunk revision 1615: abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:35:15 -06:00
Steve Beattie
9142fc482a Merge from trunk revision 1614: abstractions/X: allow access to 
/usr/lib32 and /usr/lib64 for dri modules (LP: #658135)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:34:12 -06:00
Steve Beattie
1c55cf035c Merge from trunk revision 1613: add enchant abstraction. Enchant is a 
frontend for spellcheckers and in use by more and more applications,
including empathy and evolution. It is listed on freedesktop.org. See:
http://www.abisource.com/projects/enchant/

This abstraction gives access to enchant itself, files in the user's
home directory for enchant and various dictionaries for:
  - aspell
  - ispell
  - hunspell
  - myspell
  - hspell
  - zemberek
  - voikko

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:31:44 -06:00
Steve Beattie
05dfb21b32 Merge from trunk revision 1612: allow 'rw' to /var/log/samba/cores/ 
(LP: #652562)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:30:18 -06:00
Steve Beattie
4f856a0510 Merge from trunk revision 1611: add preliminary ibus abstraction. Will 
likely need more once more ibus users start to use it. Additionally,
the 'rw' on the @{HOME}/.config/ibus/bus/ probably only needs 'create'
and 'chmod', so that could be tightened up once those are exposed in
the tools. LP: #649497.

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:28:30 -06:00
Steve Beattie
0a14cf2849 Merge from trunk revision 1610: abstractions/user-manpages: require 
owner match for files in @{HOME} and /tmp

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:26:42 -06:00
Steve Beattie
fcd150c239 Merge from trunk revision 1609: abstractions/user-mail: 
- use character globbing
  - require owner match for files in @{HOME}

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:25:16 -06:00
Steve Beattie
b33ff8be7f Merge from trunk revision 1608: abstractions/user-write: 
- require owner match
  - add @{HOME}/Public/

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:23:58 -06:00
Steve Beattie
27257d564b Merge from trunk revision 1607: abstractions/user-download: 
- fix typo for Desktop (should be Desktop/)
  - require owner match
  - allow writes to @{HOME}/[dD]ownload{,s}

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 11:21:38 -06:00
Steve Beattie
5bde5e2fae Merge from trunk revision 1618: add more restrictions to the 
private-files and private-files-strict blacklist abstractions.

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-12 13:06:54 -06:00
Jamie Strandboge
94e2e19f02 abstractions/ubuntu-browsers: adjust sensible browser to use Pixr 2010-10-22 07:51:57 -05:00
Jamie Strandboge
aedac26b32 abstractions/ubuntu-email: adjustment for ever-changing path of thunderbird 
(LP: #648900)
 2010-09-27 08:48:30 -05:00
Jamie Strandboge
24bf1faaac exported smbd files need to have 'k' to work properly with certain applications 2010-09-14 14:17:53 -05:00
Steve Beattie
0c754fe701 Merge from trunk rev 1411: network interface enumeration 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-09-10 13:19:38 -07:00
Steve Beattie
eeb523ab16 Merge from trunk rev 1410: update for font/icon/mime locations in 
current gnome.

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-09-10 13:18:28 -07:00
Steve Beattie
90e414f0ab Merge from trunk rev 1467: Add gdm files to X abstraction. 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-09-10 13:13:56 -07:00
Jamie Strandboge
15f61e5e5b profiles/apparmor.d/abstractions/ubuntu-email: add thunderbird 3 
profiles/apparmor.d/abstractions/ubuntu-media-players: add gmplayer
profiles/apparmor.d/abstractions/ubuntu-*: use PUx instead of Ux
 2010-09-10 10:28:28 -05:00
Jamie Strandboge
e843ad3457 cherrypick r1483 from trunk: 
allow mmap of font cache files in @{HOME}/.fontconfig/ for sun-java6
 2010-09-08 13:58:37 -05:00
Jamie Strandboge
9333e221bc update fonts abstraction to add '/var/lib/ghostscript/** r,' 2010-09-03 08:42:29 -05:00
Jamie Strandboge
523738348c merge from trunk: abstractions/ubuntu-browsers: add '/usr/bin/sensible-browser 
PUxr'
 2010-08-30 11:11:34 -05:00
Steve Beattie
5fe2fc0c3f Merge from trunk r1462: remove kde4-config from the kde abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-11 12:06:38 -07:00
Steve Beattie
25f5cc50b3 Merge from trunk r1466: add ca-certificates to ssl_certs abstraction 
(LP: #605835)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-11 12:02:36 -07:00
Steve Beattie
72141e5a6e Merge r1457 from trunk: 'owner' match in commit 1406 too strict for 
/tmp/ and /var/tmp/ (LP: #615177)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-10 09:12:34 -07:00
Steve Beattie
d323db562a Merge revs 1403, 1417, 1447 from trunk: 
* add dbus-session abstraction (and use Pix rather than Uix)
 * fix gnome abstraction for gdk pixbuf loaders (LP: #611248)

Nominated by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-05 10:44:08 -07:00
Steve Beattie
6f7dad8790 Merge: r1389: add 'k' to /var/lib/samba/**.tdb in the samba abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:26:22 -07:00
Steve Beattie
f0d5b09b9f Merge: r1397-r1398: adjust cgi path for php5 abstraction (LP: #538661) 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:24:35 -07:00
Steve Beattie
ab10eafaaf Merge r1406: abstractions/user-tmp: require 'owner' matching 
Nominated-by: Jamie-Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:22:54 -07:00
Steve Beattie
aa106808fd Merge: r1409: statvfs allowed by default 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:21:10 -07:00
Jamie Strandboge
fd3baa930e add ubuntu-bittorrent-clients and ubuntu-media-players abstractions 2010-03-08 13:50:25 -06:00
Jamie Strandboge
df05261cd3 add /etc/sound to audio abstraction 2010-03-08 13:49:37 -06:00
Kees Cook
69ebfc4cda update python shared library paths for "pyshared" 2010-01-29 10:10:31 -08:00
Jamie Strandboge
d98c8ae8b5 add commented, but blank tunables/alias 
profiles/apparmor.d/tunables/global: include tunables/alias
parser/apparmor.d.pod: add alias rules and home.d. clean up
 HOMEDIRS
 2010-01-11 14:19:35 -06:00
Kees Cook
8b54df93dd make note of the trailing slash requirement in the home.d/site.local example 2010-01-05 15:43:32 -08:00
Jamie Strandboge
2d8246668c fix typo in profiles/apparmor.d/tunables/home.d/site.local 2010-01-05 16:16:16 -06:00
Jamie Strandboge
ebedab89e5 add local site configuration for HOMEDIRS tunable 
- add commented profiles/apparmor.d/tunables/home.d/site.local
- profiles/apparmor.d/tunables/home: include tunables/home.d
- profiles/Makefile: adjust for home.d sub-directory and install
  site.local
 2010-01-05 15:58:43 -06:00
Kees Cook
a0e8bf9661 update php5 abstraction, add more details to apache hat documentation, include a common apache2 abstraction for use with hats 2010-01-03 13:16:38 -08:00
Jamie Strandboge
45dc9d4d08 add /opt/google/chrome/google-chrome to ubuntu-browsers (TODO: abstract 
out to third-party-browsers)
 2009-12-04 11:37:10 -06:00
Kees Cook
d6a2f8258f remove profile complain flags -- it is up to a distribution to decide how to use a profile 2009-11-11 11:55:29 -08:00
Kees Cook
92b9063527 update KDE abstraction, from Ubuntu 2009-11-11 11:45:49 -08:00
Kees Cook
40e8c9f6e6 merge profiles from Ubuntu, including change_hat apache2 template 2009-11-11 11:42:30 -08:00
Kees Cook
da6c9246f5 clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
Jamie Strandboge
84565d5407 abstractions/gnome: add /etc/gnome/defaults.list 2009-11-10 14:04:26 -06:00
Jamie Strandboge
6e42e18191 have dnsmasq in enforce mode 2009-11-04 14:30:43 -06:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
John Johansen
07ded00bd3 Update klogd profile with rejects reported in bnc#436849 2008-11-21 11:51:01 +00:00
John Johansen
f1348fb693 Add missing firefox profile from previous commit 2008-11-21 11:26:27 +00:00
John Johansen
f6d502017d Allow introspection in avahi bnc#431222 2008-11-07 05:52:01 +00:00
John Johansen
7d8f597c86 Update firefox profile as base for firefox 3 2008-11-05 16:00:39 +00:00
John Johansen
a77734a600 add reject for Novell bnc#425041 2008-11-05 14:53:00 +00:00
John Johansen
7e49a0004b Update ntpd to contain rejects for bnc#433368 and bnc#402693 2008-11-05 14:23:25 +00:00