mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1780 commits 23 branches 109 tags 32 MiB
Commit graph

132 commits

Author SHA1 Message Date
Steve Beattie
e6880f9584 Bug: https://bugs.launchpad.net/bugs/794974 
Add openal config support to abstractions/audio.

Bug: https://launchpad.net/bugs/794974
 2011-08-04 16:52:45 -07:00
Jamie Strandboge
7897ba2293 fix LP: #815883 
- update dnsmasq profile for new libvirt lease file path
 2011-07-25 08:28:04 -05:00
Jamie Strandboge
5e273b0892 update profiles/apparmor.d/abstractions/audio to fixup shm patch from 
yesterday. Thanks to Christian Boltz.
 2011-07-15 13:53:35 -05:00
Jamie Strandboge
35acee98d5 and last one for /dev/shm to /run/shm 2011-07-14 08:21:01 -05:00
Jamie Strandboge
20f117500f update for /var/run -> /run udev transition. For compatibility, distributions 
(eg Ubuntu) are providing a symlink from /var/run to /run, so our profiles
should handle both situations.
 2011-07-14 07:57:57 -05:00
Jamie Strandboge
7c05b9ed91 profiles/apparmor.d/abstractions/gnome: add read access to 
/usr/share/gnome/applications/mimeinfo.cache, which is now needed by
 Gnome applications.
 2011-07-12 07:38:17 -05:00
Jamie Strandboge
2e73225586 allow owner read access to /var/run/lightdm/authority/[0-9]* in the X 
abstraction
 2011-06-22 22:26:14 -05:00
Jamie Strandboge
65c7473407 profiles/apparmor.d/abstractions/ssl_certs: allow access to 
/usr/local/share/ca-certificates
 2011-06-22 16:42:22 -05:00
Jamie Strandboge
70bb296a70 profiles/apparmor.d/abstractions/dbus-session: Per discussion with John 
Johansen, use 'ix' instead of 'Pix' for dbus-launch since if someone happens to
define a profile for dbus-launch and it is loosely confined, then users of this
abstraction could end up launching a program via dbus-launch in a less confined
manner than intended. This sort of thing should not be possible via an
abstraction (and people are always free to profile using Pix if they prefer).
 2011-05-09 18:09:24 +02:00
Jamie Strandboge
83282f8700 add kwallet to ubuntu-browsers.d/user-files 2011-04-19 06:03:35 -05:00
Jamie Strandboge
8485c8e417 profiles/apparmor.d/abstractions/private-files: 
- add zsh files (LP: #761217)
- add .inputrc (bash)
- add .login and .logout (csh, tcsh, etc)
 2011-04-19 05:55:32 -05:00
Jamie Strandboge
e946b88d82 ubuntu-browsers.d/multimedia: add f-spot, shotwell and digikam to image viewers 
since they are invoked when using sites such as Facebook
 2011-04-18 09:32:14 -05:00
Jamie Strandboge
780ae4663d profiles/apparmor.d/abstractions/private-files: 
- add zsh files (LP: #761217)
- add .inputrc (bash)
- add .login and .logout (csh, tcsh, etc)
 2011-04-18 08:55:50 -05:00
Jamie Strandboge
00f32d555d adjust ubuntu-media-players abstraction to allow (LP: #750381): 
- reading of configs required by gnash
- owner writing of @{HOME}/.gnash
 2011-04-07 09:50:20 -05:00
Steve Beattie
4d332ff241 Fix multi-arch comment tyop, thanks to Kees for pointing it out. 2011-03-23 13:44:51 -07:00
Steve Beattie
83007d7600 Author: Jamie Strandboge <jamie@canonical.com>, 
Steve Langasek <steve.langasek@linaro.org>,
 Steve Beattie <sbeattie@ubuntu.com>
Description: add multiarch support to abstractions
Bug-Ubuntu: https://bugs.launchpad.net/bugs/736870

This patch add multiarch support for common shared library locations, as
well as a tunables file and directory to ease adding addiotional
multiarch paths.

Bug: https://launchpad.net/bugs/736870
 2011-03-23 12:24:11 -07:00
Jamie Strandboge
6c7492af89 dd LibreOffice to ubuntu-browsers.d/productivity abstraction 2011-02-15 15:54:48 -06:00
Steve Beattie
5a56604f99 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor: Fix incorrect /proc/*/sys usage in usr.sbin.ntpd
References: bnc#634801

 /proc/sys/kernel exists, but /proc/*/sys/kernel doesn't. This patch
 fixes the profile.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-15 10:54:30 -08:00
Jamie Strandboge
b12d93a739 Attached is an updated dnsmasq profile that fixes the following: 
- allow net_admin capability for DHCP server
- allow net_raw and network inet raw for ICMP pings when used as a DHCP
server
- allow read and write access to libvirt pid files for dnsmasq

See the FAQ in the dnsmasq source for details. This fixes
https://launchpad.net/bugs/697239
 2011-01-12 11:47:04 -06:00
Jamie Strandboge
f7c6a848bb abstractions/private-files: don't allow wl to autostart directories 
abstractions/private-files-strict: don't allow access to:
- chromium
- thunderbird
- evolution
- kmail
- kwallet
 2011-01-07 10:44:47 -06:00
Jamie Strandboge
d03c2e681f abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec
 2010-12-23 18:39:28 -06:00
Jamie Strandboge
73c1283e98 abstractions/X: allow access to /usr/lib32 and /usr/lib64 for dri modules 
(LP: #658135)
 2010-12-23 18:39:02 -06:00
Jamie Strandboge
e356c4b19e add enchant abstraction. Enchant is a frontend for spellcheckers and in 
use by more and more applications, including empathy and evolution. It
is listed on freedesktop.org. See:
http://www.abisource.com/projects/enchant/

This abstraction gives access to enchant itself, files in the user's home
directory for enchant and various dictionaries for:
- aspell
- ispell
- hunspell
- myspell
- hspell
- zemberek
- voikko
 2010-12-22 16:59:44 -06:00
Jamie Strandboge
5c040c6149 allow 'rw' to /var/log/samba/cores/ (LP: #652562) 2010-12-22 16:58:23 -06:00
Jamie Strandboge
d097df8226 add preliminary ibus abstraction. Will likely need more once more ibus users 
start to use it. Additionally, the 'rw' on the @{HOME}/.config/ibus/bus/
probably only needs 'create' and 'chmod', so that could be tightened up once
those are exposed in the tools. LP: #649497.
 2010-12-22 16:57:35 -06:00
Jamie Strandboge
add5d47fc3 abstractions/user-manpages: require owner match for files in @{HOME} and /tmp 2010-12-22 16:55:50 -06:00
Jamie Strandboge
2227de709b abstractions/user-mail: 
- use character globbing
- require owner match for files in @{HOME}
 2010-12-22 16:55:18 -06:00
Jamie Strandboge
84b5f6e441 abstractions/user-write: 
- require owner match
- add @{HOME}/Public/
 2010-12-22 16:54:40 -06:00
Jamie Strandboge
1f2b4a5a19 abstractions/user-download: 
- fix typo for Desktop (should be Desktop/)
- require owner match
- allow writes to @{HOME}/[dD]ownload{,s}
 2010-12-22 16:52:13 -06:00
Jamie Strandboge
046cfe305f update ubuntu abstractions to use '# vim:syntax=apparmor' 2010-12-21 12:53:33 -06:00
Kees Cook
723a20ba7d as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
Kees Cook
46e96476d8 add python2.7 to python abstraction, LP: #644983 
Bug: https://launchpad.net/bugs/644983
 2010-12-20 12:10:52 -08:00
Jamie Strandboge
7f1b117675 abstractions/ubuntu-browsers: adjust sensible browser to use Pixr 2010-10-22 07:43:23 -05:00
Jamie Strandboge
fb418015e3 add /usr/bin/emacs-snapshot-gtk PUxr to ubuntu-browsers.d/text-editors 2010-10-21 09:03:09 -05:00
Jamie Strandboge
39902eff28 abstractions/ubuntu-email: adjustment for ever-changing path of thunderbird 
(LP: #648900)
 2010-09-27 08:47:08 -05:00
Jamie Strandboge
2cb3463cc8 add ubuntu-integration-xul for firefox-notify 2010-09-23 08:16:56 -05:00
Jamie Strandboge
6b81b50d36 ubuntu-browsers.d/multimedia: allow lpr and lpstat for printing from flash 
plugin
 2010-09-15 08:20:21 -05:00
Jamie Strandboge
b465b91ec9 exported smbd files need to have 'k' to work properly with certain applications 2010-09-14 14:12:49 -05:00
Jamie Strandboge
7aac7a23a3 profiles/apparmor.d/local/README: use commented text since aa-genprof is pretty 
grumpy without it
 2010-09-10 09:39:29 -05:00
Jamie Strandboge
edb1ae1798 allow mmap of font cache files in @{HOME}/.fontconfig/ for sun-java6 2010-09-08 13:56:19 -05:00
Jamie Strandboge
85c20fb564 update ubuntu-browsers.d/java for latest sun-java6 (LP: #633369) 2010-09-08 12:27:09 -05:00
Jamie Strandboge
834efc7b2c fix LP: #626451 (GoogleTalk in ubuntu-browsers.d/multimedia) 2010-09-08 08:51:06 -05:00
Jamie Strandboge
d2c61794ea update fonts abstraction to add '/var/lib/ghostscript/** r,' 2010-09-03 08:38:14 -05:00
Jamie Strandboge
b56e654f26 abstractions/ubuntu-browsers: add '/usr/bin/sensible-browser PUxr' 2010-08-30 07:52:20 -05:00
Jamie Strandboge
40751c2ed3 abstractions/ubuntu-browsers.d/ubuntu-integration: update for kmozillahelper 
and gnome-appearance-properties (LP: #514356, LP: #573344)
abstractions/ubuntu-browsers.d/user-files: update for /net (LP: #593413)
 2010-08-18 10:06:40 -05:00
Jamie Strandboge
c96c8a391f profiles/apparmor.d/abstractions/ubuntu-browsers.d/java: generalize names 
of child profiles
 2010-08-11 14:10:16 -05:00
Jamie Strandboge
7536899894 create ubuntu-feed-readers abstraction and have ubuntu-browsers.d/multimedia 
use it instead of specifying liferea directly
 2010-08-11 09:58:34 -05:00
Jamie Strandboge
44f2e73d1b update X abstraction for gdm's new placement of XAUTHORITY (LP: #601583) 2010-08-11 09:57:54 -05:00
Jamie Strandboge
9e99dfc8b2 add ca-certificates to ssl_certs abstraction (LP: #605835) 2010-08-11 09:15:56 -05:00
Jamie Strandboge
42cd946ff2 update ubuntu-browsers.d/kde to use PUx for kde4-config 2010-08-10 17:57:42 -05:00