mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d
History
Allen Huang 0c4f70d81b
profiles/iotop-c: remove owner, redundant rules 
- Remove `owner` in /proc/ rules to enable non-root users
- add "include if exists" line to pass the pipeline
- change <abstractions/nameservice> to smaller <abstractions/nameservice-strict>

Signed-off-by: Allen Huang <allen.huang@canonical.com>
2025-02-07 13:40:14 +00:00
..
abi policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
abstractions Allow write access to /run/user/*/dconf/user 2024-12-31 10:23:50 +01:00
apache2.d policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
local Don't create local/* profile sniplets by default 2023-08-20 11:49:10 +02:00
tunables Add include if exists <tunables/$FILE.d> to all tunables 2023-07-30 00:47:34 +02:00
1password profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
balena-etcher profiles: add unconfined balena-etcher profile 2024-05-02 08:56:32 -03:00
bin.ping ping: allow reading /proc/sys/net/ipv6/conf/all/disable_ipv6 2024-09-27 12:05:29 +02:00
brave profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
buildah profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
busybox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
cam profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
ch-checkns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
ch-run profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
chrome profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
chromium profiles: Add userns stub for Chromium and variants 2024-05-24 00:12:05 -04:00
code profiles: update visual studio code so that it can be run from gnome 2024-02-24 20:27:13 -08:00
crun profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
devhelp add more unconfined profiles 2024-02-06 15:10:20 -03:00
Discord profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
element-desktop add element-desktop unconfined profile 2024-02-20 12:38:26 +00:00
epiphany add more unconfined profiles 2024-02-06 15:10:20 -03:00
evolution add more unconfined profiles 2024-02-06 15:10:20 -03:00
firefox profiles: adjust unconfined firefox profile to support mozilla.org download 2024-04-03 15:22:57 -07:00
flatpak profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
foliate profiles: add unconfined foliate profile 2024-04-11 15:43:55 -07:00
geary add unconfined profiles for geary, loupe and firefox dev versions 2024-03-15 17:44:23 -03:00
github-desktop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
goldendict profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
iotop-c profiles/iotop-c: remove owner, redundant rules 2025-02-07 13:40:14 +00:00
ipa_verify profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
kchmviewer profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
keybase add keybase unconfined profile 2024-02-02 16:53:58 -03:00
lc-compliance profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
libcamerify profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
linux-sandbox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
loupe add unconfined profiles for geary, loupe and firefox dev versions 2024-03-15 17:44:23 -03:00
lsb_release policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
lxc-attach profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-create profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-destroy profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-execute profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-stop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-unshare profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-usernsexec profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
mmdebstrap profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
MongoDB_Compass profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
msedge profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
nautilus profiles: add nautilus unconfined profile 2024-02-29 08:21:25 -03:00
notepadqq profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
nvidia_modprobe policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
obsidian profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
opam add more unconfined profiles 2024-02-06 15:10:20 -03:00
opera profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
pageedit profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
php-fpm php-fpm: widen allowed socket paths 2024-11-05 20:03:11 +01:00
plasmashell Add openSUSE path to plasmashell profile 2024-06-04 21:24:53 +02:00
podman profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
polypane profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
privacybrowser profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
qcam profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
qmapshack profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
QtWebEngineProcess profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
qutebrowser profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
rootlesskit profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
rpm profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
rssguard profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
runc profiles: runc: allow /usr/bin/runc as well as /usr/sbin/runc 2024-08-14 18:32:35 +09:00
samba-bgqd Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
samba-dcerpcd samba-dcerpcd: allow to execute rpcd_witness 2024-06-08 22:46:53 +02:00
samba-rpcd samba-dcerpcd: allow to execute rpcd_witness 2024-06-08 22:46:53 +02:00
samba-rpcd-classic profiles: add fixes for samba from issue #386 2024-04-22 23:46:44 +00:00
samba-rpcd-spoolss policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbin.klogd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbin.syslog-ng Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
sbin.syslogd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbuild profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-abort profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-adduser profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-apt profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-checkpackages profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-clean profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-createchroot profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-destroychroot profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-distupgrade profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-hold profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-shell profiles/Makefile: Clean up rules to better support extra profiles 2024-04-16 01:57:16 -04:00
sbuild-unhold profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-update profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-upgrade profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
scide profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
signal-desktop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
slack profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
slirp4netns profiles: slirp4netns: allow pivot_root 2024-08-14 17:29:13 +09:00
steam add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
stress-ng profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
surfshark add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
systemd-coredump add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
tar restrict networking to localhost 2025-02-03 16:33:13 -03:00
thunderbird profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
toybox profiles: attach toybox profile to /usr/bin/toybox 2025-01-21 11:16:24 +01:00
transmission profiles: transmission-gtk needs attach_disconnected 2024-12-17 09:32:18 -03:00
trinity profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tup profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tuxedo-control-center profiles: add unconfined profile for tuxedo-control-center 2024-03-18 09:17:51 -03:00
unix-chkpwd Allow pam_unix to execute unix_chkpwd 2024-03-13 23:13:19 +01:00
unprivileged_userns add special unprivileged_userns profile 2024-02-02 10:52:26 -03:00
userbindmount profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
usr.lib.apache2.mpm-prefork.apache2 policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.lib.dovecot.anvil profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.auth Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.config profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.deliver profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dict Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.director Check if all profiles and abstractions contain abi/4.0 2024-10-06 12:07:58 +02:00
usr.lib.dovecot.doveadm-server Check if all profiles and abstractions contain abi/4.0 2024-10-06 12:07:58 +02:00
usr.lib.dovecot.dovecot-auth profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dovecot-lda profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.imap profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.imap-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.lmtp Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.log profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.managesieve profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.managesieve-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.pop3 profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.pop3-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.replicator Check if all profiles and abstractions contain abi/4.0 2024-10-06 12:07:58 +02:00
usr.lib.dovecot.script-login profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.ssl-params profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.stats profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.sbin.apache2 policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.avahi-daemon policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.dnsmasq policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.dovecot Dovecot profile: Allow reading of /proc/sys/kernel/core_pattern 2024-11-21 16:21:17 +02:00
usr.sbin.identd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.mdnsd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.nmbd profiles: add fixes for samba from issue #386 2024-04-22 23:46:44 +00:00
usr.sbin.nscd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.ntpd Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.sbin.smbd smbd: allow capability chown 2024-12-09 20:45:42 +01:00
usr.sbin.smbldap-useradd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.traceroute policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.winbindd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
uwsgi-core profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vdens profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
virtiofsd profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vivaldi-bin profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vpnns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
wike profiles: fix wike profile location to apparmor.d 2024-05-02 08:56:32 -03:00
wpcom profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
Xorg Xorg: Bump ABI to 4.0, and document access needed on non-KMS systems 2024-05-08 03:48:32 -04:00
zgrep Merge zgrep: deny passwd access 2024-10-29 13:50:06 +00:00