mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles
History
Georgia Garcia bb53886211 profiles: add nautilus unconfined profile 
Nautilus uses user namespaces to load thumbnails, hence it needs an
unconfined profile when user namespaces are restricted from unconfined
like other applications in MR #1123

Although nautilus has extensions that would allow opening a terminal
from the nautilus interface, they do not inherit nautilus' AppArmor
label, therefore the use of unconfined does not allow arbitrary use of
unprivileged user namespaces using the nautilus label.

https://gitlab.com/apparmor/apparmor/-/merge_requests/1123

In addition this serves as a handle to uniquely identify them instead
of unconfined to peers in policy.

Note that unconfined mode should be changed for default_allow when
https://gitlab.com/apparmor/apparmor/-/merge_requests/1109 is merged.

Fixes: https://bugs.launchpad.net/bugs/2047256
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-29 08:21:25 -03:00
..
apparmor/profiles/extras firefox: remove owner restrictions for /proc/$pid/net/* 2023-12-24 17:19:10 +01:00
apparmor.d profiles: add nautilus unconfined profile 2024-02-29 08:21:25 -03:00
Makefile Don't create local/* profile sniplets by default 2023-08-20 11:49:10 +02:00