mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d
History
John Johansen b378da1f9c Merge Add an Alsamixer profile 
This profile deliberately does not use `abstractions/audio`, instead listing only the subset of the interfaces required to enumerate audio devices and control their volume, without the parts needed to actually send or receive audio from them. This could also be a useful basis for splitting `abstractions/audio` into finer-grained subcomponents.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1517
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
2025-02-06 20:26:59 +00:00
..
abi policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
abstractions Allow write access to /run/user/*/dconf/user 2024-12-31 10:23:50 +01:00
apache2.d policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
local Don't create local/* profile sniplets by default 2023-08-20 11:49:10 +02:00
tunables Add include if exists <tunables/$FILE.d> to all tunables 2023-07-30 00:47:34 +02:00
1password profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
alsamixer Add an Alsamixer profile 2025-02-06 11:08:46 -08:00
balena-etcher profiles: add unconfined balena-etcher profile 2024-05-02 08:56:32 -03:00
bin.ping ping: allow reading /proc/sys/net/ipv6/conf/all/disable_ipv6 2024-09-27 12:05:29 +02:00
brave profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
buildah profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
busybox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
cam profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
ch-checkns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
ch-run profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
chrome profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
chromium profiles: Add userns stub for Chromium and variants 2024-05-24 00:12:05 -04:00
code profiles: update visual studio code so that it can be run from gnome 2024-02-24 20:27:13 -08:00
crun profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
devhelp add more unconfined profiles 2024-02-06 15:10:20 -03:00
Discord profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
element-desktop add element-desktop unconfined profile 2024-02-20 12:38:26 +00:00
epiphany add more unconfined profiles 2024-02-06 15:10:20 -03:00
evolution add more unconfined profiles 2024-02-06 15:10:20 -03:00
firefox profiles: adjust unconfined firefox profile to support mozilla.org download 2024-04-03 15:22:57 -07:00
flatpak profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
foliate profiles: add unconfined foliate profile 2024-04-11 15:43:55 -07:00
geary add unconfined profiles for geary, loupe and firefox dev versions 2024-03-15 17:44:23 -03:00
github-desktop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
goldendict profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
ipa_verify profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
kchmviewer profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
keybase add keybase unconfined profile 2024-02-02 16:53:58 -03:00
lc-compliance profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
libcamerify profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
linux-sandbox profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
loupe add unconfined profiles for geary, loupe and firefox dev versions 2024-03-15 17:44:23 -03:00
lsb_release policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
lsblk Remove read_search capability 2024-12-03 16:13:33 -03:30
lxc-attach profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-create profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-destroy profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-execute profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-stop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-unshare profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
lxc-usernsexec profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
mmdebstrap profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
MongoDB_Compass profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
msedge profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
nautilus profiles: add nautilus unconfined profile 2024-02-29 08:21:25 -03:00
notepadqq profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
nvidia_modprobe policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
obsidian profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
opam add more unconfined profiles 2024-02-06 15:10:20 -03:00
opera profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
pageedit profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
php-fpm php-fpm: widen allowed socket paths 2024-11-05 20:03:11 +01:00
plasmashell Add openSUSE path to plasmashell profile 2024-06-04 21:24:53 +02:00
podman profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
polypane profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
privacybrowser profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
qcam profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
qmapshack profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
QtWebEngineProcess profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
qutebrowser profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
rootlesskit profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
rpm profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
rssguard profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
runc profiles: runc: allow /usr/bin/runc as well as /usr/sbin/runc 2024-08-14 18:32:35 +09:00
samba-bgqd Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
samba-dcerpcd samba-dcerpcd: allow to execute rpcd_witness 2024-06-08 22:46:53 +02:00
samba-rpcd samba-dcerpcd: allow to execute rpcd_witness 2024-06-08 22:46:53 +02:00
samba-rpcd-classic profiles: add fixes for samba from issue #386 2024-04-22 23:46:44 +00:00
samba-rpcd-spoolss policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbin.klogd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbin.syslog-ng Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
sbin.syslogd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
sbuild profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-abort profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-adduser profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-apt profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-checkpackages profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-clean profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-createchroot profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-destroychroot profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-distupgrade profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-hold profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-shell profiles/Makefile: Clean up rules to better support extra profiles 2024-04-16 01:57:16 -04:00
sbuild-unhold profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-update profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
sbuild-upgrade profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
scide profiles: Add more unconfined profiles 2024-03-17 00:16:37 -07:00
signal-desktop profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
slack profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
slirp4netns profiles: slirp4netns: allow pivot_root 2024-08-14 17:29:13 +09:00
steam add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
stress-ng profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
surfshark add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
systemd-coredump add profiles for applications that create user namespaces 2024-02-02 10:51:06 -03:00
tar restrict networking to localhost 2025-02-03 16:33:13 -03:00
thunderbird profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tinyproxy profiles/apparmor.d/tinyproxy: allow capability set[ug]id 2025-02-06 18:52:32 +10:30
toybox profiles: attach toybox profile to /usr/bin/toybox 2025-01-21 11:16:24 +01:00
transmission profiles: transmission-gtk needs attach_disconnected 2024-12-17 09:32:18 -03:00
trinity profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tup profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
tuxedo-control-center profiles: add unconfined profile for tuxedo-control-center 2024-03-18 09:17:51 -03:00
unix-chkpwd Allow pam_unix to execute unix_chkpwd 2024-03-13 23:13:19 +01:00
unprivileged_userns add special unprivileged_userns profile 2024-02-02 10:52:26 -03:00
userbindmount profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
usr.lib.apache2.mpm-prefork.apache2 policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.lib.dovecot.anvil profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.auth Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.config profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.deliver profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dict Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.director Check if all profiles and abstractions contain abi/4.0 2024-10-06 12:07:58 +02:00
usr.lib.dovecot.doveadm-server Check if all profiles and abstractions contain abi/4.0 2024-10-06 12:07:58 +02:00
usr.lib.dovecot.dovecot-auth profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.dovecot-lda profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.imap profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.imap-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.lmtp Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.log profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.managesieve profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.managesieve-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.pop3 profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.pop3-login Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.lib.dovecot.replicator Check if all profiles and abstractions contain abi/4.0 2024-10-06 12:07:58 +02:00
usr.lib.dovecot.script-login profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.ssl-params profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.lib.dovecot.stats profiles: allow for the default dovecot libexecdir 2023-08-03 01:30:42 -04:00
usr.sbin.apache2 policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.avahi-daemon policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.dnsmasq policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.dovecot Dovecot profile: Allow reading of /proc/sys/kernel/core_pattern 2024-11-21 16:21:17 +02:00
usr.sbin.identd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.mdnsd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.nmbd profiles: add fixes for samba from issue #386 2024-04-22 23:46:44 +00:00
usr.sbin.nscd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.ntpd Clean superfluous openssl abstraction includes 2024-03-12 14:54:01 +01:00
usr.sbin.smbd smbd: allow capability chown 2024-12-09 20:45:42 +01:00
usr.sbin.smbldap-useradd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.traceroute policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
usr.sbin.winbindd policy: update to use 4.0 abi 2023-06-30 23:36:12 -07:00
uwsgi-core profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vdens profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
virtiofsd profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vivaldi-bin profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
vpnns profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
wike profiles: fix wike profile location to apparmor.d 2024-05-02 08:56:32 -03:00
wpcom profiles: convert local include to match profile name 2023-11-24 18:53:51 -08:00
Xorg Xorg: Bump ABI to 4.0, and document access needed on non-KMS systems 2024-05-08 03:48:32 -04:00
zgrep Merge zgrep: deny passwd access 2024-10-29 13:50:06 +00:00