1. 22 Apr, 2021 1 commit
  2. 21 Apr, 2021 1 commit
  3. 14 Apr, 2021 1 commit
  4. 05 Apr, 2021 1 commit
  5. 02 Apr, 2021 2 commits
  6. 07 Mar, 2021 1 commit
  7. 18 Feb, 2021 1 commit
    • intrigeri's avatar
      apt-cacher-ng: allow read access to /proc/sys/kernel/random/uuid · 467a0c44
      intrigeri authored
      As reported by Paul Wise <pabs@debian.org>, apt-cacher-ng 3.6
      started using the asynchronous libevent DNS resolver,
      which implies reading /proc/sys/kernel/random/uuid.
      
      apt-cacher-ng starts anyway without this permission, but I'm wary of the
      consequences of not being able to read that random UUID: since this
      is network-related, it could for example imply using more predictable
      identifiers in generated packets, which could be a security problem.
      
      Bug-Debian: https://bugs.debian.org/983006
      467a0c44
  8. 03 Jan, 2021 1 commit
  9. 27 Dec, 2020 1 commit
  10. 19 Dec, 2020 1 commit
  11. 19 Sep, 2020 1 commit
  12. 27 May, 2020 1 commit
  13. 25 May, 2020 2 commits
  14. 24 May, 2020 6 commits
  15. 17 May, 2020 2 commits
    • Vincas Dargis's avatar
      Thunderbird: fix launching preferred browser on XFCE · be546800
      Vincas Dargis authored
      In Debian 10 with XFCE desktop this denial is produced [0]:
      
      ```
      May 12 17:43:07 tbirdtest audit[2307]: AVC apparmor="DENIED"
      operation="open" profile="thunderbird"
      name="/home/gnoutchd/.config/xfce4/helpers.rc" pid=2307
      comm="exo-helper-1" requested_mask="r" denied_mask="r" fsuid=1000
      ouid=1000
      ```
      
      In the result, Thunderbird launches only "sensible-browser", not the one
      user has chosen as preferred one.
      
      Add file rule to fix launch of preferred browser.
      
      Closes Debian 960465.
      
      [0] https://bugs.debian.org/960465
      be546800
    • Vincas Dargis's avatar
      Merge branch 'glib-2.64' into 'master' · e02cedbf
      Vincas Dargis authored
      Thunderbird, Totem: support GLib 2.64.x's external app launch mechanism
      
      See merge request !42
      e02cedbf
  16. 31 Mar, 2020 2 commits
  17. 25 Mar, 2020 1 commit
  18. 25 Oct, 2019 1 commit
  19. 07 Oct, 2019 1 commit
  20. 05 Oct, 2019 1 commit
    • Vincas Dargis's avatar
      Thunderbird: update for new exo helper version · bf9f6880
      Vincas Dargis authored
      AppArmorp produces denial on XFCE desktop:
      ```
      AVC apparmor="DENIED"
      operation="exec" profile="thunderbird"
      name="/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2" pid=3491
      comm="exo-open" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0
      ```
      
      Update file rule to allow exo-2 and any newer exo version, making
      AppArmor profile more future-proof.
      
      Closes: https://bugs.debian.org/941290
      bf9f6880
  21. 12 Aug, 2019 1 commit
  22. 26 Jul, 2019 2 commits
    • Vincas Dargis's avatar
      Merge branch 'thunderbird-68' into 'master' · ed52e4ab
      Vincas Dargis authored
      Update Thunderbird profile for v68
      
      See merge request !36
      ed52e4ab
    • Vincas Dargis's avatar
      Update Thunderbird profile for v68 · 832cf188
      Vincas Dargis authored
      Latest Thunderbird version is hit with AppArmor deny:
      ```
      type=AVC msg=audit(1563637182.506:272): apparmor="DENIED" operation="mknod" profile="thunderbird" name="/dev/shm/org.mozilla.ipc.2783.0" pid=2783 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=100
      ```
      
      Add file rule to fix access to IPC-related files.
      832cf188
  23. 19 Jul, 2019 2 commits
  24. 17 Jul, 2019 2 commits
  25. 14 Jun, 2019 2 commits
  26. 13 Jun, 2019 1 commit
    • John Johansen's avatar
      Merge branch 'drg-mods-1' into 'master' · adb656c4
      John Johansen authored
      Did some testing with Chromium on Debian stable and unstable; the sandbox needed access to a few more basic libraries. With this change, the profile should be fully usable on Debian.
      
      Also updated to use `@{pid}` and `@{tid}` properly. Sure would be nice if we had something like `@{pci}` to match `/sys/devices/pci*` entries. This profile currently uses
      
      ```
        /sys/devices/pci[0-9]*/
      ```
      
      but the patched Ubuntu profile uses
      
      ```
        /sys/devices/pci[0-9a-f]*/
      ```
      
      which better addresses the fact that the PCI numbers are hex, but feels like a half-solution at best.
      Couple minor updates to the Chromium profile before cutting out lsb_release
      
      PR: !23
      
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      adb656c4
  27. 22 Apr, 2019 1 commit