1. 25 Oct, 2019 1 commit
  2. 07 Oct, 2019 1 commit
  3. 05 Oct, 2019 1 commit
    • Vincas Dargis's avatar
      Thunderbird: update for new exo helper version · bf9f6880
      Vincas Dargis authored
      AppArmorp produces denial on XFCE desktop:
      ```
      AVC apparmor="DENIED"
      operation="exec" profile="thunderbird"
      name="/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2" pid=3491
      comm="exo-open" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0
      ```
      
      Update file rule to allow exo-2 and any newer exo version, making
      AppArmor profile more future-proof.
      
      Closes: https://bugs.debian.org/941290
      bf9f6880
  4. 12 Aug, 2019 1 commit
  5. 26 Jul, 2019 2 commits
    • Vincas Dargis's avatar
      Merge branch 'thunderbird-68' into 'master' · ed52e4ab
      Vincas Dargis authored
      Update Thunderbird profile for v68
      
      See merge request !36
      ed52e4ab
    • Vincas Dargis's avatar
      Update Thunderbird profile for v68 · 832cf188
      Vincas Dargis authored
      Latest Thunderbird version is hit with AppArmor deny:
      ```
      type=AVC msg=audit(1563637182.506:272): apparmor="DENIED" operation="mknod" profile="thunderbird" name="/dev/shm/org.mozilla.ipc.2783.0" pid=2783 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=100
      ```
      
      Add file rule to fix access to IPC-related files.
      832cf188
  6. 19 Jul, 2019 2 commits
  7. 17 Jul, 2019 2 commits
  8. 14 Jun, 2019 2 commits
  9. 13 Jun, 2019 1 commit
    • John Johansen's avatar
      Merge branch 'drg-mods-1' into 'master' · adb656c4
      John Johansen authored
      Did some testing with Chromium on Debian stable and unstable; the sandbox needed access to a few more basic libraries. With this change, the profile should be fully usable on Debian.
      
      Also updated to use `@{pid}` and `@{tid}` properly. Sure would be nice if we had something like `@{pci}` to match `/sys/devices/pci*` entries. This profile currently uses
      
      ```
        /sys/devices/pci[0-9]*/
      ```
      
      but the patched Ubuntu profile uses
      
      ```
        /sys/devices/pci[0-9a-f]*/
      ```
      
      which better addresses the fact that the PCI numbers are hex, but feels like a half-solution at best.
      Couple minor updates to the Chromium profile before cutting out lsb_release
      
      PR: !23Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      adb656c4
  10. 22 Apr, 2019 1 commit
  11. 30 Mar, 2019 1 commit
  12. 29 Jan, 2019 1 commit
  13. 28 Jan, 2019 1 commit
  14. 27 Jan, 2019 6 commits
  15. 16 Dec, 2018 1 commit
  16. 16 Nov, 2018 1 commit
  17. 14 Nov, 2018 3 commits
  18. 01 Nov, 2018 2 commits
  19. 31 Oct, 2018 1 commit
  20. 30 Oct, 2018 2 commits
  21. 29 Oct, 2018 1 commit
    • Vincas Dargis's avatar
      Allow Thunderbird to execute gio-launch-desktop helper · 8ea6bca2
      Vincas Dargis authored
      GLib 2.58 stated using gio-launch-desktop helper for opening links, and
      AppArmor denies that for Thunderbird process.
      
      Add ix rule to allow running gio-launch-desktop as intermediary for
      executing browsers. gio-launch-desktop will be able to launch any
      application that Thunderbird is already allowed to via abstractions
      (like ubuntu-browsers) or inline rules.
      8ea6bca2
  22. 27 Oct, 2018 1 commit
  23. 20 Oct, 2018 4 commits
  24. 30 Aug, 2018 1 commit