mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-09 10:51:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
4063 commits 23 branches 109 tags 33 MiB
Commit graph

310 commits

Author SHA1 Message Date
Jamie Strandboge
61b614543c add audacity to the ubuntu-media-players abstraction (LP: #899963) 2012-01-04 11:45:43 -06:00
Jamie Strandboge
30c8dfe12c allow software-center in the ubuntu-integration abstraction for 
apt: URLs (LP: #662906)
 2012-01-04 09:36:21 -06:00
Jamie Strandboge
3d42221ba8 allow fireclam plugin to work in Ubuntu multimedia abstraction 
(LP: #562831)
 2012-01-03 17:50:00 -06:00
Jamie Strandboge
bd56500d03 Author: James Troup 
Description: fix typo when adding multiarch lines for gconv
Bug-Ubuntu: https://launchpad.net/bugs/904548

Acked-by: Jamie Strandboge <jamie@canonical.com>
 2012-01-03 17:27:26 -06:00
Jamie Strandboge
a6d274dcb0 Author: Felix Geyer 
Description: abstractions/fonts should allow access to ~/.fonts.conf.d
Bug-Ubuntu: https://launchpad.net/bugs/870992

Acked-by: Jamie Strandboge <jamie@canonical.com>
 2012-01-03 17:25:10 -06:00
Jamie Strandboge
9d20afa95c Nvidia users need access to /dev/nvidia* files for various plugins 
to work right. Since these are all focused around multimedia, add the
accesses to ubuntu-browsers.d/multimedia
 2012-01-03 17:24:04 -06:00
Jamie Strandboge
32362d2f79 allow access to Thunar as well as thunar in ubuntu-integration abstraction 
(LP: #890894)
 2012-01-03 17:23:23 -06:00
Jamie Strandboge
3a201bf72b allow ixr access to exo-open in Ubuntu integration abstraction 
(LP: #890894)
 2012-01-03 17:22:27 -06:00
Jamie Strandboge
d15fcb69ab update binaries for for transmission in ubuntu-bittorrent-clients 
(LP: #852062)
 2012-01-03 17:21:40 -06:00
Jamie Strandboge
c1850f9855 add kate to Ubuntu text editors browser abstraction 
fix for LP: #884748
 2012-01-03 17:20:54 -06:00
Christian Boltz
ec68828a30 Fix a syntax error in abstractions/python introduced in r1854. 
According to https://launchpad.net/bugs/840734 pyconfig.h should have r 
permissions.

Acked-by: John Johansen <john.johansen@canonical.com>
 2012-01-03 00:51:12 +01:00
Steve Beattie
f0aa65c832 abstractions/python: for some reason, the python runtimes need access 
to pyconfig.h

Bug: https://launchpad.net/bugs/840734
 2011-11-30 08:56:45 -08:00
Christian Boltz
49103b30f2 Make abstractions/winbind work on 64bit systems (valid.dat etc. are in 
/usr/lib64/samba/ in openSUSE 64bit installations)

Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-11-01 18:35:29 +01:00
Christian Boltz
091ec763f9 split off abstractions/ldapclient from abstractions/nameservice 
Original openSUSE changelog entry:

Thu Jan  6 16:23:19 UTC 2011 - rhafer@suse.de

- Splitted ldap related things from nameservice into separate
  profile and added some missing paths (bnc#662761)
 2011-11-01 17:08:37 +01:00
Jamie Strandboge
f28b91b8cf add gwenview to abstractions/ubuntu-browsers.d/multimedia. This is the 
default image viewer in Kubuntu (LP: #840973)
 2011-09-07 15:00:45 -05:00
Jamie Strandboge
6849615de6 adjust ubuntu-email abstraction for thunderbird rapid release process 2011-09-02 13:21:06 -05:00
Christian Boltz
66d51b575d From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-profiles: Add samba config files
References: bnc#679182 bnc#666450

Signed-off-by: Jeff Mahoney <jeffm@suse.com>

- updated to match trunk
- added changed path to nmbd profile (/var/cache/samba has moved to 
  /var/lib/samba on (at least) openSUSE 11.4), bnc#679182#c8
  For backward compability, it also allows /var/spool/samba.
- Note: The smbd profile already contains both locations.
by Christian Boltz <apparmor@cboltz.de>

updated according to the comments from Steve Beattie
by Christian Boltz <apparmor@cboltz.de>

Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-08-27 01:52:27 +02:00
Steve Beattie
92473dfc46 This patch adds multiarch support for the X DRI paths. 
Bug: https://launchpad.net/bugs/826914
 2011-08-16 22:47:34 -07:00
Christian Boltz
7f45708c86 Merge k permission for /var/log/lastlog into abstractions/wutmp 
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-08-16 12:26:44 +02:00
Christian Boltz
b5e525b251 From: Jeff Mahoney <jeffm@suse.com> 
Subject: profiles: Add openssl abstraction
References: bnc#623886

 Profiles that use openssl have been adding the openssl files piecemeal.

 This patch creates a new openssl abstraction that can be inherited by
 all profiles that use it.


Signed-off-by: Jeff Mahoney <jeffm@suse.com>

Patch for 
- profiles/apparmor.d/abstractions/ssl_certs 
- profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork (second chunk)
updated by Christian Boltz <apparmor@cboltz.de>
(didn't apply to trunk)

Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Copyright header in profiles/apparmor.d/abstractions/openssl added by
Christian Boltz <apparmor@cboltz.de>
 2011-08-08 22:22:03 +02:00
Steve Beattie
763855fe9e From: Christian Boltz <apparmor@cboltz.de> 
Based on https://bugzilla.novell.com/show_bug.cgi?id=643387

Update man profile and abstraction.
 2011-08-05 13:12:35 -07:00
Steve Beattie
e6880f9584 Bug: https://bugs.launchpad.net/bugs/794974 
Add openal config support to abstractions/audio.

Bug: https://launchpad.net/bugs/794974
 2011-08-04 16:52:45 -07:00
Jamie Strandboge
5e273b0892 update profiles/apparmor.d/abstractions/audio to fixup shm patch from 
yesterday. Thanks to Christian Boltz.
 2011-07-15 13:53:35 -05:00
Jamie Strandboge
35acee98d5 and last one for /dev/shm to /run/shm 2011-07-14 08:21:01 -05:00
Jamie Strandboge
20f117500f update for /var/run -> /run udev transition. For compatibility, distributions 
(eg Ubuntu) are providing a symlink from /var/run to /run, so our profiles
should handle both situations.
 2011-07-14 07:57:57 -05:00
Jamie Strandboge
7c05b9ed91 profiles/apparmor.d/abstractions/gnome: add read access to 
/usr/share/gnome/applications/mimeinfo.cache, which is now needed by
 Gnome applications.
 2011-07-12 07:38:17 -05:00
Jamie Strandboge
2e73225586 allow owner read access to /var/run/lightdm/authority/[0-9]* in the X 
abstraction
 2011-06-22 22:26:14 -05:00
Jamie Strandboge
65c7473407 profiles/apparmor.d/abstractions/ssl_certs: allow access to 
/usr/local/share/ca-certificates
 2011-06-22 16:42:22 -05:00
Jamie Strandboge
70bb296a70 profiles/apparmor.d/abstractions/dbus-session: Per discussion with John 
Johansen, use 'ix' instead of 'Pix' for dbus-launch since if someone happens to
define a profile for dbus-launch and it is loosely confined, then users of this
abstraction could end up launching a program via dbus-launch in a less confined
manner than intended. This sort of thing should not be possible via an
abstraction (and people are always free to profile using Pix if they prefer).
 2011-05-09 18:09:24 +02:00
Jamie Strandboge
83282f8700 add kwallet to ubuntu-browsers.d/user-files 2011-04-19 06:03:35 -05:00
Jamie Strandboge
8485c8e417 profiles/apparmor.d/abstractions/private-files: 
- add zsh files (LP: #761217)
- add .inputrc (bash)
- add .login and .logout (csh, tcsh, etc)
 2011-04-19 05:55:32 -05:00
Jamie Strandboge
e946b88d82 ubuntu-browsers.d/multimedia: add f-spot, shotwell and digikam to image viewers 
since they are invoked when using sites such as Facebook
 2011-04-18 09:32:14 -05:00
Jamie Strandboge
780ae4663d profiles/apparmor.d/abstractions/private-files: 
- add zsh files (LP: #761217)
- add .inputrc (bash)
- add .login and .logout (csh, tcsh, etc)
 2011-04-18 08:55:50 -05:00
Jamie Strandboge
00f32d555d adjust ubuntu-media-players abstraction to allow (LP: #750381): 
- reading of configs required by gnash
- owner writing of @{HOME}/.gnash
 2011-04-07 09:50:20 -05:00
Steve Beattie
83007d7600 Author: Jamie Strandboge <jamie@canonical.com>, 
Steve Langasek <steve.langasek@linaro.org>,
 Steve Beattie <sbeattie@ubuntu.com>
Description: add multiarch support to abstractions
Bug-Ubuntu: https://bugs.launchpad.net/bugs/736870

This patch add multiarch support for common shared library locations, as
well as a tunables file and directory to ease adding addiotional
multiarch paths.

Bug: https://launchpad.net/bugs/736870
 2011-03-23 12:24:11 -07:00
Jamie Strandboge
6c7492af89 dd LibreOffice to ubuntu-browsers.d/productivity abstraction 2011-02-15 15:54:48 -06:00
Jamie Strandboge
f7c6a848bb abstractions/private-files: don't allow wl to autostart directories 
abstractions/private-files-strict: don't allow access to:
- chromium
- thunderbird
- evolution
- kmail
- kwallet
 2011-01-07 10:44:47 -06:00
Jamie Strandboge
d03c2e681f abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec
 2010-12-23 18:39:28 -06:00
Jamie Strandboge
73c1283e98 abstractions/X: allow access to /usr/lib32 and /usr/lib64 for dri modules 
(LP: #658135)
 2010-12-23 18:39:02 -06:00
Jamie Strandboge
e356c4b19e add enchant abstraction. Enchant is a frontend for spellcheckers and in 
use by more and more applications, including empathy and evolution. It
is listed on freedesktop.org. See:
http://www.abisource.com/projects/enchant/

This abstraction gives access to enchant itself, files in the user's home
directory for enchant and various dictionaries for:
- aspell
- ispell
- hunspell
- myspell
- hspell
- zemberek
- voikko
 2010-12-22 16:59:44 -06:00
Jamie Strandboge
5c040c6149 allow 'rw' to /var/log/samba/cores/ (LP: #652562) 2010-12-22 16:58:23 -06:00
Jamie Strandboge
d097df8226 add preliminary ibus abstraction. Will likely need more once more ibus users 
start to use it. Additionally, the 'rw' on the @{HOME}/.config/ibus/bus/
probably only needs 'create' and 'chmod', so that could be tightened up once
those are exposed in the tools. LP: #649497.
 2010-12-22 16:57:35 -06:00
Jamie Strandboge
add5d47fc3 abstractions/user-manpages: require owner match for files in @{HOME} and /tmp 2010-12-22 16:55:50 -06:00
Jamie Strandboge
2227de709b abstractions/user-mail: 
- use character globbing
- require owner match for files in @{HOME}
 2010-12-22 16:55:18 -06:00
Jamie Strandboge
84b5f6e441 abstractions/user-write: 
- require owner match
- add @{HOME}/Public/
 2010-12-22 16:54:40 -06:00
Jamie Strandboge
1f2b4a5a19 abstractions/user-download: 
- fix typo for Desktop (should be Desktop/)
- require owner match
- allow writes to @{HOME}/[dD]ownload{,s}
 2010-12-22 16:52:13 -06:00
Jamie Strandboge
046cfe305f update ubuntu abstractions to use '# vim:syntax=apparmor' 2010-12-21 12:53:33 -06:00
Kees Cook
723a20ba7d as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
Kees Cook
46e96476d8 add python2.7 to python abstraction, LP: #644983 
Bug: https://launchpad.net/bugs/644983
 2010-12-20 12:10:52 -08:00
Jamie Strandboge
7f1b117675 abstractions/ubuntu-browsers: adjust sensible browser to use Pixr 2010-10-22 07:43:23 -05:00