1. 30 Jul, 2021 1 commit
  2. 24 Jul, 2021 3 commits
  3. 17 Jul, 2021 6 commits
    • Christian Boltz's avatar
      Add abi rules to AppArmor profiles · 78ccf477
      Christian Boltz authored
      This means that all AppArmor features / rule types will be enabled and
      enforced. Without an abi rule, some newer rule types (network, dbus
      etc.) won't be enforced and all access of this type will be
      allowed.
      
      Note that enforcing network, dbus etc. rules also requires at least
      AppArmor 3.0 userspace.
      
      The updated profiles will still work with older AppArmor userspace
      (which will ignore the abi rule).
      
      Tested on openSUSE Tumbleweed.
      78ccf477
    • Christian Boltz's avatar
      61880f76
    • Christian Boltz's avatar
      Add openSUSE paths in Akonadi AppArmor profile · 6619ea3e
      Christian Boltz authored
      Testing on openSUSE Tumbleweed showed that some paths are different, and
      a few additional permissions are needed.
      6619ea3e
    • Christian Boltz's avatar
      Add attach_disconnected flag to postgresql profile · afbec87e
      Christian Boltz authored
      Testing on openSUSE Tumbleweed resulted in the following denial:
      
      apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="postgresql_akonadi" name="" pid=15531 comm="postgres" requested_mask="wr" denied_mask="wr"
      
      Add the attach_disconnected flag to convert this to a denial we can
      handle:
      
      apparmor="DENIED" operation="file_mmap" profile="postgresql_akonadi" name="/" pid=11096 comm="postgres" requested_mask="wr" denied_mask="wr"
      
      ... and finally  deny / rw,  because allowing it would be insane and
      everything works with the deny rule added.
      afbec87e
    • Christian Boltz's avatar
      629a9f9e
    • Christian Boltz's avatar
      Move postgresql paths to @{postgresqlpath} variable · b6739037
      Christian Boltz authored
      This makes the profile more readable and makes adding more paths easier.
      
      With the exception of a rule for pg_upgrade (which missed /opt/pgsql*/),
      this commit doesn't change or add permissions.
      b6739037
  4. 15 Jul, 2021 1 commit
  5. 14 Jul, 2021 1 commit
  6. 12 Jul, 2021 2 commits
  7. 11 Jul, 2021 1 commit
  8. 10 Jul, 2021 1 commit
  9. 08 Jul, 2021 1 commit
  10. 07 Jul, 2021 1 commit
  11. 05 Jul, 2021 1 commit
  12. 24 Jun, 2021 1 commit
  13. 23 Jun, 2021 2 commits
  14. 22 Jun, 2021 1 commit
  15. 13 Jun, 2021 2 commits
  16. 10 Jun, 2021 1 commit
  17. 06 Jun, 2021 2 commits
  18. 04 Jun, 2021 1 commit
  19. 27 May, 2021 1 commit
  20. 18 May, 2021 1 commit
  21. 17 May, 2021 1 commit
  22. 12 May, 2021 1 commit
  23. 10 May, 2021 1 commit
  24. 09 May, 2021 1 commit
  25. 08 May, 2021 1 commit
  26. 07 May, 2021 1 commit
  27. 06 May, 2021 1 commit
  28. 05 May, 2021 1 commit
  29. 04 May, 2021 1 commit