Last commit made on 2017-10-25
Get this branch:
git clone -b master https://git.launchpad.net/~talkless/apparmor-profiles
Only Vincas Dargis can upload to this branch. If you are Vincas Dargis please log in for upload directions.

Branch merges

Branch information


Recent commits

cfc56cc... by Vincas Dargis

Fix Thunderbird attachements and security

* Add rules to fix opening of attachements.
* Remove redunant mmap rules (copy-paste from Firfox profile) for
potentioly dangerous paths.

d149373... by Steve Beattie

Thunderbird profile: sync with Debian Stretch.

Merged from Simon Déziel <email address hidden>

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874100

[Fixed up conflict/superceded commit re Xubuntu openers from Ulrike
 in the merger --sbeattie]

cfecf1d... by Steve Beattie

thunderbird: add xfce link tools

Merge from Ulrike Uhlig based on original work by Douglas Bagnall
<email address hidden>.

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853929

bfc0bff... by Steve Beattie

Merge stricter totem and totem rules fixes branch from intrigeri

8bce824... by Steve Beattie

Merge dropping of obsolete /dev/.udev evolution rule from intrigeri

4ebcf9e... by Simon Déziel

Restore "Make more policy compatible with merged-/usr." that is missing from Debian's profile

Also apply it to the new subprofile for lsb_release.

4b3c321... by Simon Déziel

usr.bin.thunderbird: refresh profile from Debian Stretch

* Add Xubuntu helpers to launch the browser
* Grant access to commonly used locations (for attachments)
* Add new proc/sys files required for newer version of Thunderbird
* Support accessing icedove directories for smoth transition
* Unify gpg2 and gpg subprofiles
* Add lsb_release subprofile

55c33e6... by intrigeri

Totem: grant access to ~/.cache/mesa/**.

According to https://bugs.debian.org/867692, that's now needed on some systems
once the changes brought by this branch are applied.

6829f95... by intrigeri

Evolution: drop support for obsolete /dev/.udev/ directory.

Michael Biebl, one on the systemd/udev maintainers in Debian, wrote
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846966#50: "This directory
has long been deprecated and is not in use anymore since at least jessie, might
even be wheezy".

bfe8182... by intrigeri

Totem: quiet logs by explicitly denying writing to root-owned directory.