apparmor-profiles:master

Last commit made on 2019-10-07
Get this branch:
git clone -b master https://git.launchpad.net/apparmor-profiles

Branch merges

Branch information

Name:
master
Repository:
lp:apparmor-profiles

Recent commits

a27a1a5... by intrigeri on 2019-10-07

Merge branch 'thunderbird-exo' into 'master'

Thunderbird: update for new exo helper version

See merge request apparmor/apparmor-profiles!39

bf9f688... by Vincas Dargis on 2019-10-05

Thunderbird: update for new exo helper version

AppArmorp produces denial on XFCE desktop:
```
AVC apparmor="DENIED"
operation="exec" profile="thunderbird"
name="/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2" pid=3491
comm="exo-open" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0
```

Update file rule to allow exo-2 and any newer exo version, making
AppArmor profile more future-proof.

Closes: https://bugs.debian.org/941290

df61b9d... by Vincas Dargis on 2019-08-12

Merge branch 'remove-glib-schema-rules-covered-by-gnome-abstraction' into 'master'

Remove duplicate GLib schema access rules from profiles that include abstractions/gnome.

See merge request apparmor/apparmor-profiles!35

ed52e4a... by Vincas Dargis on 2019-07-26

Merge branch 'thunderbird-68' into 'master'

Update Thunderbird profile for v68

See merge request apparmor/apparmor-profiles!36

832cf18... by Vincas Dargis on 2019-07-20

Update Thunderbird profile for v68

Latest Thunderbird version is hit with AppArmor deny:
```
type=AVC msg=audit(1563637182.506:272): apparmor="DENIED" operation="mknod" profile="thunderbird" name="/dev/shm/org.mozilla.ipc.2783.0" pid=2783 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=100
```

Add file rule to fix access to IPC-related files.

27d1859... by intrigeri on 2019-07-19

Forward-port bbdcd47a00fc9f6445021a49373a083719d103bb to 19.10.

bbdcd47... by intrigeri on 2019-07-19

Remove duplicate GLib schema access rules from profiles that include abstractions/gnome.

Since commit 89c00513046f3a8ff7c3dafba8577cff35f298f4 in apparmor.git,
abstractions/gnome gives read access to the GLib schemas. This change was first
released in AppArmor 2.11.95 and first packaged in:

 - Debian: 2.12-1 (Buster)
 - Ubuntu: 2.12-3ubuntu1 (Bionic)

So it now seems safe to assume, at least in the ubuntu/19.04 directory,
that the system's abstractions/gnome is recent enough to have these rules.

81371df... by intrigeri on 2019-07-17

Forward-port !29 to ubuntu/19.{04,10}.

Yet another case when MRs merged after a new Ubuntu cycle opened
did not make it into the new tree.

06faf29... by intrigeri on 2019-07-17

Sync' to ubuntu/19.10 all changes that were merged only into ubuntu/19.04 after 19.10 was open.

Since de14f85b32af4d145ed177acc27c5002cbf316ee, a couple MRs, that predated
19.10, were merged, and thus the fixes are only in the 19.04. directory.
Let's fix that.

c72edb0... by John Johansen <email address hidden> on 2019-06-14

Merge branch 'drg-mods-3' into 'master'

Remove lsb_release sub-profile in favor of new discrete profile

See merge request apparmor/apparmor-profiles!26