apparmor

mir/apparmor

Fork 0

mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-21 17:47:10 +00:00

Commit Graph

Select branches

Hide Pull Requests

160-the-trash-abstraction

250-what-is-the-minimum-kernel-version-required-for-apparmor-3

apparmor-2.1

apparmor-2.10

apparmor-2.11

apparmor-2.12

apparmor-2.13

apparmor-2.3

apparmor-2.5

apparmor-2.6

apparmor-2.7

apparmor-2.8

apparmor-2.9

apparmor-3.0

apparmor-3.1

apparmor-4.0

apparmor-4.1

check-if-systemd-detect-virt-is-present

cherry-pick-d257afd3

cherry-pick-d4296d21

fix-dirtest

fix-priority2

master

git-conversion

v2.10

v2.10-branchpoint

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.95

v2.11-branchpoint

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.11.95

v2.12

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.13

v2.13.1

v2.13.10

v2.13.11

v2.13.2

v2.13.3

v2.13.4

v2.13.5

v2.13.6

v2.13.7

v2.13.8

v2.13.9

v2.5.1

v2.5.2

v2.5.2-rc1

v2.6-branchpoint

v2.6.0

v2.6.0-rc1

v2.6.1

v2.6.1-rc1

v2.7.0

v2.7.0-beta1

v2.7.0-beta2

v2.7.0-rc1

v2.7.0-rc2

v2.7.1

v2.7.99

v2.8-beta2

v2.8-beta3

v2.8-beta4

v2.8-beta5

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.95

v2.8.97

v2.8.98

v2.9-beta2

v2.9-beta3

v2.9-beta4

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v4.0.0

v4.0.0-alpha1

v4.0.0-alpha2

v4.0.0-alpha3

v4.0.0-alpha4

v4.0.0-beta1

v4.0.0-beta2

v4.0.0-beta3

v4.0.0-beta4

v4.0.1

v4.0.2

v4.0.3

v4.1.0

v4.1.0-beta1

v4.1.0-beta2

v4.1.0-beta3

v4.1.0-beta4

v4.1.0-beta5

v4.1.0-cherry-pick-point

v4.1.1

v5.0.0-alpha1

0e755d24bb Merge profiles: add authd socket to unix-chkpwd for authd PAM master John Johansen 2025-08-19 02:26:14 +00:00
db74dda3c6 Merge profiles: add /run/snapd.socket rule for curl John Johansen 2025-08-18 23:54:40 +00:00
6f5a4219d7 profiles: add authd socket to unix-chkpwd for authd PAM Ryan Lee 2025-08-18 16:31:35 -07:00
0e58e3d7fb profiles: add /run/snapd.socket rule for curl Ryan Lee 2025-08-18 12:06:29 -07:00
e7daccedc6 Merge regression: disconnected_mount_complain dangling fds and alloc fail handling John Johansen 2025-08-16 06:46:14 +00:00
468f0096ee Merge aa-notify: Improve support for local profiles Maxime Bélair 2025-08-15 11:52:26 +00:00
d993dfbb02 aa-notify gui: Fix undefined variable when ttkthemes is not installed Maxime Bélair 2025-08-14 09:58:29 +02:00
ba336533ac utils: Add tests for get_local_include Maxime Bélair 2025-08-14 09:57:02 +02:00
0d34f12d7e utils: Move get_local_include to ProfileStorage Maxime Bélair 2025-08-14 09:55:37 +02:00
ebba635fa9 Merge profiles: Allow curl to read tmp, for scripts which might use config/etags/data... John Johansen 2025-08-14 17:24:56 +00:00
e477ccacfa Merge abstractions/gtk: allow writing vulcan cache Christian Boltz 2025-08-14 13:49:33 +00:00
9c5064529a Merge abstractions/libnuma: add rules for active usage Christian Boltz 2025-08-14 13:06:22 +00:00
d9dd03c1ed Merge [4.1] aa-notify: Add --xauthority to set $XAUTHORITY under sudo apparmor-4.1 John Johansen 2025-08-14 12:33:23 +00:00
36546f8c35

aa-notify: Add --xauthority to set $XAUTHORITY under sudo Maxime Bélair 2025-08-14 10:44:16 +02:00
862d8ec9fc Merge aa-notify: Add --xauthority to set $XAUTHORITY under sudo Christian Boltz 2025-08-14 11:36:15 +00:00
fbd266c63f aa-notify: Add --xauthority to set $XAUTHORITY under sudo Maxime Bélair 2025-08-14 10:44:16 +02:00
fcbf8e34ec aa-notify: Make --local commandline option override use_local_profiles Maxime Bélair 2025-08-14 09:51:45 +02:00
01ab33202a profiles: Allow curl to read tmp, for scripts which might use config/etags/data... Simon Poirier 2025-08-13 21:36:50 -04:00
24216d79e9

abstractions/libnuma: add rules for active usage Christian Ehrhardt 2025-08-13 10:39:49 +02:00
bef673f3c6 regression: disconnected_mount_complain dangling fds and alloc fail handling Ryan Lee 2025-08-12 15:00:20 -07:00
8210308508

abstractions/gtk: allow writing vulcan cache Christian Boltz 2025-08-12 22:08:16 +02:00
a8875460ed Merge utils: Allow writing to profile includes John Johansen 2025-08-12 08:36:56 +00:00
eae49bf8de test-aa-notify: Update help test Maxime Bélair 2025-08-08 15:56:09 +02:00
144d782ae8 aa-notify: Update config with use_local_profiles Maxime Bélair 2025-08-08 15:55:32 +02:00
df1a4c8782 aa-notify: Allow writing to local profiles Maxime Bélair 2025-08-08 15:47:19 +02:00
4c30a0ac65 utils: Allow writing to profile includes Maxime Bélair 2025-08-08 15:42:23 +02:00
60ca491f21 Merge fix more parser leaks Steve Beattie 2025-08-06 19:12:04 -07:00
43fa5f88a7 parser: fix cases leaks when new state creation fails Georgia Garcia 2025-08-06 18:34:46 -03:00
bb03d9ee08 parser: fix leak on conflicting x modifiers Georgia Garcia 2025-08-06 18:28:35 -03:00
d9866f0a24 parser: fix leaking disconnected paths when merging Georgia Garcia 2025-08-05 15:48:28 -03:00
8307ad8493 Merge nss-systemd: Grant access to the GDM user database apparmor-4.0 Christian Boltz 2025-08-06 19:07:27 +00:00
2a274ff616 Merge nss-systemd: Grant access to the GDM user database Christian Boltz 2025-08-06 19:07:13 +00:00
fedcab2ad0 Merge nss-systemd: Grant access to the GDM user database John Johansen 2025-08-06 06:02:14 +00:00
b6caed3b57 nss-systemd: Grant access to the GDM user database Alessandro Astone 2025-08-05 15:31:56 +02:00
ae70dc38f8 Merge parser: drop dead code in mount.cc John Johansen 2025-08-05 08:31:10 +00:00
51bdbec119 Merge parser misc fixes (memory leaks, restoring ostream format) Steve Beattie 2025-08-04 22:34:01 -07:00
b8dee97ed3 parser: fix leaking name in variable expansion Georgia Garcia 2025-08-04 18:54:36 -03:00
8b2e2c3358 parser: free leaking cod_entry in case of failure in do_alias Georgia Garcia 2025-08-04 18:50:54 -03:00
3faddfcf46 parser: fix coverity's "not restoring ostream format" Georgia Garcia 2025-08-04 18:49:24 -03:00
05458768cf parser: constify and pass by reference unchanged value Georgia Garcia 2025-08-04 17:43:51 -03:00
cb0d66d55a parser: fix leaks in deleted variables Georgia Garcia 2025-08-04 17:28:14 -03:00
0de9678d4f

mount.cc: remove nop code from mnt_rule::post_parse_profile(Profile &prof) Christian Boltz 2025-08-04 19:35:26 +02:00
8474a5c0bd Merge [4.1] utils: Fix priority checking for is_covered Christian Boltz 2025-08-04 12:25:41 +00:00
617d3021e8

parser: drop dead code in mount.cc Christian Boltz 2025-08-04 00:08:26 +02:00
63b46dd3d7 Merge utils: fix typo in aa-show-usage man page Christian Boltz 2025-08-01 19:56:38 +00:00
67382dcf15 utils: fix typo in aa-show-usage man page Ryan Lee 2025-08-01 12:20:18 -07:00
d61295a249 Merge parser: fix variable expansion Steve Beattie 2025-07-31 22:55:32 -07:00
a2f2ca6119 parser: fix variable expansion Georgia Garcia 2025-07-31 18:04:16 -03:00
61e09c6ffa Merge Fix whitespace in hfa.h John Johansen 2025-07-31 19:48:00 +00:00
45a7cc1ed0

Fix whitespace in hfa.h Christian Boltz 2025-07-31 21:28:03 +02:00
dc78be4db6 Prepare for 5.0.0~alpha1 release - bump version v5.0.0-alpha1 John Johansen 2025-07-31 11:41:53 -07:00
ea97cbedef Merge fix xtable generation and drop unusd perm32 v1 support John Johansen 2025-07-31 18:08:06 +00:00
514bf114b2 parser: drop unused map_xbits() John Johansen 2025-07-30 17:05:56 -07:00
0430080a16 parser: drop unused create_welded_dfablob and related code John Johansen 2025-07-30 16:46:02 -07:00
0f36070a54 parser: drop support for prompt_compat_permsv1, and prompt_compat_dev John Johansen 2025-07-30 14:50:45 -07:00
392849e518 parser: fix xtable generation John Johansen 2025-07-30 13:27:35 -07:00
e8cd6e704a Merge coverity: remove log retrieving step temporarily John Johansen 2025-07-31 17:21:02 +00:00
95d7f37520 coverity: remove log retrieving step temporarily Georgia Garcia 2025-07-31 13:02:07 -03:00
c54c4a7e01 Merge coverity: fix deprecated uses of --no-command and --fs-capture-search John Johansen 2025-07-31 02:05:06 +00:00
375470144f Merge regression: fix usage statement for linkat_tmpfile John Johansen 2025-07-31 01:17:17 +00:00
73bcf488b2 regression: fix usage statement for linkat_tmpfile Ryan Lee 2025-07-30 16:35:01 -07:00
117df51e4a coverity: fix deprecated uses of --no-command and --fs-capture-search Georgia Garcia 2025-07-30 19:32:58 -03:00
37185f50a4 Merge regression: add test for making O_TMPFILE followed by linkat John Johansen 2025-07-30 11:09:11 +00:00
b40ac50f49 Merge profiles: add QtWebEngineProcess path used by Arch Linux and other distros John Johansen 2025-07-30 08:37:10 +00:00
87e0151c7c Merge added systemd-creds to list of wg-quick binaries John Johansen 2025-07-30 08:34:49 +00:00
b9ed931c90 added systemd-creds to list of wg-quick binaries Robert Stiller 2025-07-30 08:34:49 +00:00
63ce02c01d Merge logparser: add support for change_onexec logs Maxime Bélair 2025-07-30 08:27:43 +00:00
e82ee9f4f4 Merge aa-notify: reduce the likelihood of misuses Maxime Bélair 2025-07-30 08:26:50 +00:00
4e8781c2a9 Merge abstractions/mesa, chromium_browser, firefox: Updates John Johansen 2025-07-29 20:39:24 +00:00
9ac6047f6c aa-notify: Explicitly import tkinter.font Maxime Bélair 2025-07-21 15:36:19 +02:00
73f4f650e7 aa-notify: Reduce profiles updates to reduce overhead. Maxime Bélair 2025-07-17 17:23:47 +02:00
12e3557896 aa-notify: Support regexes in userns_special_profiles Maxime Bélair 2025-07-10 16:46:40 +02:00
d8c57da6ba Allow aa-notify to use the priority mechanism Maxime Bélair 2025-07-10 15:39:03 +02:00
4de3b64e52 Add tests for get_event_type Maxime Bélair 2025-07-09 16:25:55 +02:00
71a71e0fa7 Create get_event_type instead of customized_message['userns']['cond'] Maxime Bélair 2025-07-09 11:02:29 +02:00
36d32a81a2 abstractions/mesa, chromium_browser, firefox: Updates Daniel Richard G. 2025-07-29 15:22:37 -04:00
84fbd87334 Merge profiles: fusermount3 profile fixes for libfuse 3.17 John Johansen 2025-07-29 09:08:31 +00:00
c04560223a Merge abstractions/X: allow reading /usr/share/xkeyboard-config-*/ Christian Boltz 2025-07-27 19:51:16 +00:00
8332367a0a Merge abstractions/X: allow reading /usr/share/xkeyboard-config-*/ Christian Boltz 2025-07-27 19:50:57 +00:00
eb13ae77dc

utils: Fix priority checking for is_covered Maxime Bélair 2025-07-17 10:39:59 +02:00
e757ca8e14 Merge parser/variables: fix read-after-free in error case Georgia Garcia 2025-07-25 09:42:38 -03:00
6673be07aa

parser/variables: fix read-after-free in error case Steve Beattie 2025-07-24 23:01:33 -07:00
d3a49ff566 regression: add linkat_tmpfile test to task.yaml Ryan Lee 2025-07-24 08:44:54 -07:00
3e7ddc1ce5 regression: add test for making O_TMPFILE followed by linkat Ryan Lee 2025-07-23 12:36:55 -07:00
2448655188 logparser: add support for change_onexec logs Maxime Bélair 2025-07-24 13:28:40 +02:00
49cb0fe248 Merge profiles: fix regex for hex PCI BDFs John Johansen 2025-07-24 10:46:00 +00:00
ab46c224cb Merge Move annoying "skipping disabled profile" log to debug. John Johansen 2025-07-24 10:44:49 +00:00
b6ad58bbbe profiles: make /sys/devices PCI paths hex-aware Keifer Snedeker 2025-07-21 13:36:42 -04:00
520db7a16c Merge abstractions/X: allow reading /usr/share/xkeyboard-config-*/ John Johansen 2025-07-23 11:13:06 +00:00
a966eac143 Merge lsblk: allow access to PCI buses with hex chars John Johansen 2025-07-23 11:12:10 +00:00
6841df4fe3 Merge utils: Fix priority checking for is_covered John Johansen 2025-07-23 09:48:35 +00:00
7fbbf791d3 Merge parser: fix coverity issues John Johansen 2025-07-23 09:45:12 +00:00
f1773f4083

profiles: add QtWebEngineProcess path used by Arch Linux and other distros nl6720 2025-06-24 11:11:52 +03:00
238221f379

abstractions/X: allow reading /usr/share/xkeyboard-config-*/ Christian Boltz 2025-07-18 23:00:42 +02:00
efb13aac0a parser: fix leaks from variable refactoring Georgia Garcia 2025-07-18 14:26:35 -03:00
e4f3ef72ab parser: use const auto & to avoid copy Georgia Garcia 2025-07-18 14:23:49 -03:00
69c248a431 parser: initialize non-static variable Georgia Garcia 2025-07-18 14:15:38 -03:00
ad16a5c5c0 Merge parser: refactor variables and symbols table into their own class John Johansen 2025-07-17 23:08:39 +00:00
380dbb84b8 utils: Fix priority checking for is_covered Maxime Bélair 2025-07-17 10:39:59 +02:00
000b56a323

Move annoying "skipping disabled profile" log to debug. Jérôme Poulin 2025-07-16 16:33:08 -04:00