apparmor-profiles

This repository is an experimental downstream of apparmor.d project.

Prerequisites

# apt install apparmor-utils

Testing

# mv usr.bin.curl /etc/apparmor.d/
# aa-complain /etc/apparmor.d/usr.bin.curl

Error log is /var/log/syslog by default.

Installation

# aa-enforce /etc/apparmor.d/usr.bin.curl

Profiles

curl

WARNING: custom applications might fail without adjustment!

Dependencies

abstractions/3rd/nameservice-strict

Compatibility

Pi-hole (commented out by default)

Tested on

Debian 10
Armbian Buster
Xubuntu 21.04 (commented out by default)

czkawka

Snap releases are not supported.

Dependencies

abstractions/3rd/file-chooser
abstractions/3rd/nameservice-strict
local/usr.lib.libreoffice.program.soffice.bin
usr.bin.ristretto

Options

write access on home
interactive file-chooser dialog
opening files with xdg-open
various sanitized_helper transitions
disabled dbus-overwrite

Tested on

Xubuntu 21.04
Ubuntu 21.04

ristretto

Options

file deletion by write access
editing with dash transition
disabled interactive file-chooser dialog

Tested on

Debian 10
Xubuntu 21.04-21.10

openvpn

Without NetworkManager. Without interactive credentials supplying, so be sure to provide them in config with auth-user-pass.

Dependencies

abstractions/3rd/nameservice-strict

Tested on

Debian 10-11

yadifad

Without transfers.

Tested on

Debian 10-11

youtube-dl

No auto-update and debug. No access to browser cookies ATM.

Dependencies

abstractions/3rd/nameservice-strict

Options

disabled --exec
disabled .netrc auth

Compatibility

yt-dlp

Tested on

Debian 10
Xubuntu 21.04-21.10
Ubuntu 21.04

youtubedl-gui

Flatpack releases are not supported.

Dependencies

abstractions/3rd/nameservice-strict
usr.local.bin.youtube-dl

Options

disabled interactive file-chooser dialog
disabled dbus-overwrite
disabled qt5-settings-write
disabled network access

Tested on

Debian 10
Xubuntu 21.04-21.10
Ubuntu 21.04

gallery-dl

pip version only.

Tested on

Debian 10
Xubuntu 21.10

systemd-timesyncd

Tested on

Debian 10-11
Xubuntu 21.10

murmurd

No DBus or ICE.

Tested on

Debian 11

Links

F**k AppArmor (crash course)
https://wiki.debian.org/AppArmor
https://wiki.ubuntu.com/AppArmor
https://github.com/qarmin/czkawka/
https://github.com/yadifa/yadifa
https://github.com/JaGoLi/ytdl-gui
https://github.com/roddhjav/apparmor.d (upstream)

Name		Name	Last commit message	Last commit date
Latest commit History 80 Commits
abstractions/3rd		abstractions/3rd
local		local
systemd/system		systemd/system
tunables/3rd		tunables/3rd
LICENSE		LICENSE
README.md		README.md
murmurd		murmurd
usr.bin.curl		usr.bin.curl
usr.bin.ristretto		usr.bin.ristretto
usr.lib.systemd.systemd-timesyncd		usr.lib.systemd.systemd-timesyncd
usr.local.bin.gallery-dl		usr.local.bin.gallery-dl
usr.local.bin.linux_czkawka		usr.local.bin.linux_czkawka
usr.local.bin.youtube-dl		usr.local.bin.youtube-dl
usr.local.bin.youtubedl-gui		usr.local.bin.youtubedl-gui
usr.sbin.openvpn		usr.sbin.openvpn
usr.sbin.yadifad		usr.sbin.yadifad

License

nobody43/apparmor-profiles

Folders and files

Latest commit

History

Repository files navigation

apparmor-profiles

Prerequisites

Testing

Installation

Profiles

Dependencies

Compatibility

Tested on

Dependencies

Options

Tested on

Options

Tested on

Dependencies

Tested on

Tested on

Dependencies

Options

Compatibility

Tested on

Dependencies

Options

Tested on

Tested on

Tested on

Tested on

Links

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks