Skip to content

[pull] main from roddhjav:main #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 800 commits into
base: main
Choose a base branch
from
+18,999 −7,593
Open

[pull] main from roddhjav:main #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
800 commits
Select commit Hold shift + click to select a range
c7177ee
doc: update documentation.
roddhjav Sep 6, 2025
470025c
build(debian): update list of profile to hide.
roddhjav Sep 6, 2025
2aead7e
build(arch): initial pkbuild for splited packages.
roddhjav Sep 6, 2025
ab7cba2
build: add early support for server version of the package.
roddhjav Sep 6, 2025
ec88fcb
feat(abs): add the camera abstraction
roddhjav Sep 6, 2025
c2ecc75
feat(abs): add the media-control abstraction
roddhjav Sep 6, 2025
5484f84
tests(build): add tests for the stacked-dbus build task.
roddhjav Sep 6, 2025
64d71ff
build: attach: ensure we don't recursivelly call ourself.
roddhjav Sep 6, 2025
8c33125
build: add missing server build task.
roddhjav Sep 6, 2025
e2f11d4
tests(check): make the script configurable.
roddhjav Sep 6, 2025
618b111
tests(check): add support for global exclusion.
roddhjav Sep 6, 2025
c239203
feat(abs): add the tpm abstraction.
roddhjav Sep 6, 2025
2efdd6f
feat(profile): improve ufw-init
roddhjav Sep 7, 2025
1defbbc
fix(abs): tmp path for wine tmp data.
roddhjav Sep 7, 2025
06d476c
fix(profile): att on logind
roddhjav Sep 7, 2025
4771e56
feat(profile): git: allow transition to github cli.
roddhjav Sep 7, 2025
5fe9e0e
feat(profile): support for Tumbleweed gs path.
roddhjav Sep 7, 2025
a874492
feat(profile): various improvement for Tumbleweed
roddhjav Sep 7, 2025
e370a66
fix(profile): issues with stacking
roddhjav Sep 7, 2025
fda63da
Add xfce-clipman
sbrantler Sep 3, 2025
0f0082f
Add profile for kinit
doublez13 Aug 11, 2025
4f4f5c4
Add profile for kdestroy
doublez13 Aug 11, 2025
a4798a2
Add profile for klist
doublez13 Aug 11, 2025
7a610bb
Formatting Fix
doublez13 Sep 4, 2025
00f63f7
Formatting Fix
doublez13 Sep 4, 2025
c51f189
Use abstractions where possible
doublez13 Sep 4, 2025
415bd4a
Use abstractions where possible
doublez13 Sep 4, 2025
e86f77f
Use abstractions where possible
doublez13 Sep 4, 2025
cbc4f19
Be more specific on client keytab path
doublez13 Sep 4, 2025
9cac4ee
Be more specific on client keytab path
doublez13 Sep 4, 2025
b1c0cfd
Use abstractions where possible
doublez13 Sep 4, 2025
5c3c152
Run kerberos utils in complain mode
doublez13 Sep 4, 2025
0ffc8f9
fix: self raised linter issue.
roddhjav Sep 7, 2025
6400bc7
tests: update some unit tests to the last changes.
roddhjav Sep 7, 2025
c4ebf89
tests(builder): cleanup build settings between tests.
roddhjav Sep 7, 2025
237daec
tests: remove prebuild main test.
roddhjav Sep 7, 2025
627700a
build: set config for ubuntu 25.10
roddhjav Sep 7, 2025
b45e1f3
build: add support for downstream project in some prepare tasks.
roddhjav Sep 7, 2025
f61f200
build: ignore more abstraction for the server edition.
roddhjav Sep 7, 2025
ca1827e
fix: missing attach_disconnected in parrent profile while subprofile …
roddhjav Sep 7, 2025
aec8e41
fix slurp
Stoppedpuma Sep 4, 2025
d9ecbdb
slurp review fixes
Stoppedpuma Sep 8, 2025
b569d44
feat(profile): update apt profiles.
roddhjav Sep 11, 2025
394dc54
feat(profile): update snap profiles.
roddhjav Sep 11, 2025
f69a7e7
feat(profile): update gnome profiles.
roddhjav Sep 11, 2025
009fb92
feat(profile): update gvfsd profiles.
roddhjav Sep 11, 2025
fecb4db
feat(profile): update flatpak profiles.
roddhjav Sep 11, 2025
d0657d2
feat(profile): update network profiles.
roddhjav Sep 11, 2025
ff8efae
feat(profile): update arch profiles.
roddhjav Sep 11, 2025
98063fa
feat(profile): rewrite the pacman profile.
roddhjav Sep 11, 2025
e549863
feat(profile): update systemd profiles.
roddhjav Sep 11, 2025
4317538
feat(profile): update ubuntu profiles.
roddhjav Sep 11, 2025
c7b99bb
feat(profile): update some core profiles.
roddhjav Sep 11, 2025
1b97efa
feat(abs): add org.gtk.Menus.
roddhjav Sep 11, 2025
17eac0b
feat(abs): add missing dbus rule on org.freedesktop.DBus
roddhjav Sep 11, 2025
d32fd03
feat(profile): improve ibus-portal.
roddhjav Sep 11, 2025
c7e999f
feat(profile): update freedesktop profiles.
roddhjav Sep 11, 2025
4d7e03a
feat(profile): add missing grep to locale-gen.
roddhjav Sep 11, 2025
e5012e3
chore: pids means all pid.
roddhjav Sep 11, 2025
69fcef0
feat(profile): add a large profile for mkosi.
roddhjav Sep 11, 2025
445576f
Merge branch 'main' of github.com:roddhjav/apparmor.d
roddhjav Sep 11, 2025
e09251d
feat(abs): update org.freedesktop.PolicyKit1
roddhjav Sep 11, 2025
fce5de8
feat(abs): update org.freedesktop.PackageKit
roddhjav Sep 11, 2025
93c9483
feat(abs): add snapcraft dbus reference call.
roddhjav Sep 11, 2025
8f0ee24
feat(abs): add org.gtk.vfs.MountOperation
roddhjav Sep 11, 2025
76c5586
feat(abs): add org.freedesktop.IBus.Portal
roddhjav Sep 11, 2025
865bac4
feat(abs): update org.freedesktop.ColorManager.
roddhjav Sep 11, 2025
0c90adb
Update mdadm
doublez13 Sep 11, 2025
c4bad04
mdadm
doublez13 Sep 11, 2025
1540315
mdadm: include all config file locations
doublez13 Sep 12, 2025
1d2b271
ssh-keygen: allow execution of ssh-sk-helper
doublez13 Sep 12, 2025
c677739
ssh: allow ssh to authenticate to remote hosts using kerberos tickets
doublez13 Sep 12, 2025
53501d8
ssh: allow ssh to write to the kerberos CC when it picks up a ticket
doublez13 Sep 12, 2025
fda74f5
chore(abs): add some device description.
roddhjav Sep 12, 2025
56948a5
feat(abs): reorganise the audio abstractions.
roddhjav Sep 12, 2025
122b004
feat(abs): aff the uinput abs.
roddhjav Sep 12, 2025
7cf4719
feat(abs): add the secrets-service abs.
roddhjav Sep 12, 2025
db347d1
feat(abs): revisit and restrict the devices-usb abs.
roddhjav Sep 12, 2025
26f905b
feat(abs): X-strict: use tunables.
roddhjav Sep 12, 2025
170575f
feat(abs): ensure graphics devices are in nvidia-strict.
roddhjav Sep 12, 2025
34cc1ab
feat(abs): graphics: limit access to cpu sys value.
roddhjav Sep 12, 2025
51bcdd5
feat(abs): add the input abs.
roddhjav Sep 12, 2025
8c6b0ce
feat(profile): cleanup profiles using the new abs.
roddhjav Sep 12, 2025
ad406da
feat(abs): add org.freedesktop.portal.Settings.
roddhjav Sep 12, 2025
608ff3d
fix(abs): ColorManager peer name.
roddhjav Sep 12, 2025
4bbe0a1
feat(abs): use the new secrets-service abstraction.
roddhjav Sep 12, 2025
ddfe75f
refractor(abs): move org.kde.StatusNotifierItem inside the session ab…
roddhjav Sep 12, 2025
f199cfe
feat(abs): app: minor improvement to common app action.
roddhjav Sep 12, 2025
cd6bb7b
feat(abs): add NEEDS-VARIABLE to abs using variable.
roddhjav Sep 12, 2025
84f3f94
feat(abs): improve chromium common.
roddhjav Sep 12, 2025
31cbe5e
fix(profile): revert 06d476c
roddhjav Sep 13, 2025
bd487d1
fear(profile): remove profile for spectre-meltdown-checker.
roddhjav Sep 13, 2025
4982ff1
feat(profile): remove rules not needed anymore
roddhjav Sep 13, 2025
34aa208
refractor(abs): reorganize dbus abstraction (1)
roddhjav Sep 13, 2025
3c49755
refractor(abs): reorganize dbus abstraction (2)
roddhjav Sep 13, 2025
9444407
feat(profile): update attachement for gnome-extension-ding
roddhjav Sep 13, 2025
e4b6e7e
feat(abs): add the devices-u2f abs.
roddhjav Sep 13, 2025
939a2b7
feat(abs): add upower-observe
roddhjav Sep 13, 2025
8e73353
feat(abs): add pcscd
roddhjav Sep 13, 2025
962b372
fix(profile): qemu-ga path on opensuse.
roddhjav Sep 13, 2025
2ceaa16
feat(abs): rewrite the avahi abs, add avahi-observe
roddhjav Sep 14, 2025
63c9c8c
refractor(abs): move org.kde.kwalletd
roddhjav Sep 14, 2025
b471f83
feat(profile): update cups-browsed
roddhjav Sep 14, 2025
d9ff4ae
build: add test build target.
roddhjav Sep 14, 2025
4609595
refractor(abs): common/apt -> apt.
roddhjav Sep 14, 2025
ff21c91
tests(profile): add common autopkgtest paths.
roddhjav Sep 14, 2025
bf3b834
refractor(abs): move gtk bus interfaces.
roddhjav Sep 14, 2025
5cae18e
feat(abs): add the gtk-strict abstraction.
roddhjav Sep 14, 2025
784ced0
feat(abs): reorganise the gtk/gvfs abs.
roddhjav Sep 14, 2025
1fba94a
feat(profile): update gvfs services to the abs changes.
roddhjav Sep 14, 2025
14ec69c
profile(abs): rewrite the way we manage accessibility
roddhjav Sep 14, 2025
af6fbd2
feat(profile): set accessibility use.
roddhjav Sep 14, 2025
efa2844
feat(abs): add bus-session to electron
roddhjav Sep 14, 2025
59bdb15
feat(abs): add the mediakeys abs.
roddhjav Sep 14, 2025
4526e96
feat(abs): add the gtk-strict abs.
roddhjav Sep 14, 2025
f3a4372
refractor(profile): bus/org.bluez -> bus/system/org.bluez.
roddhjav Sep 14, 2025
48aeefa
fix: linting issue.
roddhjav Sep 14, 2025
5559670
feat(abs): add mediakeys
roddhjav Sep 14, 2025
8c66d39
feat(profile): merge dpkg-script-* profile into dpkg-scripts.
roddhjav Sep 14, 2025
d2e9411
feat(abs): add mpris
roddhjav Sep 14, 2025
5492ab1
feat(profile): rewrite the gjs profile.
roddhjav Sep 14, 2025
b76fe7c
refractor(profile): move org.gnome.SessionManager
roddhjav Sep 14, 2025
e6e0cc0
fix(profile): missing updated bus abstraction paths.
roddhjav Sep 14, 2025
6a77b7e
fix(profile): missing updated bus abstraction paths.
roddhjav Sep 14, 2025
9db6bf4
feat(abs): add the themes abs.
roddhjav Sep 16, 2025
8e488e0
feat(profile): update simple-scan.
roddhjav Sep 16, 2025
6cca455
fix(profile): ensure systemd-logind works with systemd 258
roddhjav Sep 19, 2025
49e34ec
feat(profile): dbus: ensure dbus can receive any user files.
roddhjav Sep 19, 2025
415afe2
feat(profile): update upowerd
roddhjav Sep 19, 2025
4ccead3
feat(profile): update system profiles.
roddhjav Sep 19, 2025
659f7b4
feat(profile): update some kde profiles.
roddhjav Sep 19, 2025
0bf8f93
feat(profile): minor profiles improvments.
roddhjav Sep 19, 2025
4dd4d3e
feat(tunable): add support for gnucoreutils.
roddhjav Sep 19, 2025
86d9bba
feat(abs): update nvidia-strict.
roddhjav Sep 19, 2025
b4ba960
feat(profile): firefox: add integration with 1Password
roddhjav Sep 19, 2025
5382e8f
fix(profile): ensure sddm-greeter has the disconnected flag.
roddhjav Sep 19, 2025
eef0e92
feat(profile): put back some chromium tmp files.
roddhjav Sep 21, 2025
e806708
feat(profile): mkfs-btrfs add sys_rawio
roddhjav Sep 21, 2025
e5ca862
fix(profile): flatpak: remove denied gvfs data.
roddhjav Sep 21, 2025
356acec
feat(profile): gnome-shell: improve icon management.
roddhjav Sep 21, 2025
a18f73f
fix(profile): ensure ffmpeg works with any graphics hardware.
roddhjav Sep 21, 2025
35993bd
fix(profile): hyprland
roddhjav Sep 21, 2025
a57a6f5
fix: temporary remove comments.
roddhjav Sep 21, 2025
8371a9d
feat(profile): update zfs profiles.
roddhjav Sep 21, 2025
9e901bf
Create profile for tickrs
doublez13 Sep 18, 2025
26048d9
tickrs: make the linter happy
doublez13 Sep 18, 2025
e3ace80
add poppler tools
valoq Sep 9, 2025
3f7b839
remove whitespace
valoq Sep 9, 2025
f5d7140
fix pdftoppm
valoq Sep 10, 2025
eeb42cc
fix pdftoppm
valoq Sep 10, 2025
793c085
restrict tmp writes
valoq Sep 10, 2025
03d82fb
feat(profile): ensure that all systemd generator can ptrace systemd.
roddhjav Sep 21, 2025
fdf4d60
feat(profile): simplify unattended-upgrade.
roddhjav Sep 21, 2025
10cabcf
feat(profile): update apt profiles.
roddhjav Sep 21, 2025
90db4b1
feat(abs): globally deny LTTng.
roddhjav Sep 21, 2025
4503ad6
feat(profile): update own apparmor profles.
roddhjav Sep 21, 2025
dc1b69d
feat(profles): update core fsp profiles.
roddhjav Sep 21, 2025
ee67dbb
feat(profile): ensure child-open-* profile can open app through snap/…
roddhjav Sep 21, 2025
2af907d
feat(abs): add nvidia-drivers.
roddhjav Sep 21, 2025
00d2366
feat(profile): rename gjs-console to gjs in peer label.
roddhjav Sep 21, 2025
ef79363
feat(abs): add udev c226 to the dri abs.
roddhjav Sep 21, 2025
2c9d21e
feat(abs): add the nss abs.
roddhjav Sep 21, 2025
eb9725f
feat(abs): update camera & media-control abs
roddhjav Sep 21, 2025
308d27a
feat(abs): base: allow signal from pkill
roddhjav Sep 21, 2025
3657368
feat(abs): remove the not used user-data abs.
roddhjav Sep 21, 2025
fdf89f6
feat(abs): improve the u2f abs.
roddhjav Sep 21, 2025
2287364
chore(abs): remove deduplicated rule.
roddhjav Sep 21, 2025
7e12619
refractor(abs): add deskop base abstractions.
roddhjav Sep 21, 2025
2b9318c
chore(abs): cleanup vulkan-strict
roddhjav Sep 21, 2025
582428c
feat(profiles): various minor improvements.
roddhjav Sep 21, 2025
71527e5
fix(abs): x11: tmp file too strict.
roddhjav Sep 21, 2025
b1ac57e
feat(profile): udisk: add support for squashfs.
roddhjav Sep 21, 2025
65b73d7
feat(profile): update flatpak.
roddhjav Sep 21, 2025
ab36223
refractor(abs): remove deprecated org.freedesktop.Avahi
roddhjav Sep 21, 2025
c9756ea
feat(profile): add missing some avahi access.
roddhjav Sep 21, 2025
ea171ab
feat(profile): update gnome profiles.
roddhjav Sep 21, 2025
0a206eb
feat(profile): prevent ps from ptrace.
roddhjav Sep 21, 2025
714f535
Update sddm-greeter: add mediate_deleted
curiosityseeker Sep 21, 2025
364c863
Update main.flags: adding mediate_deleted to sddm-greeter
curiosityseeker Sep 21, 2025
57fd6a9
Update sddm-greeter
curiosityseeker Sep 21, 2025
8174a6d
fix(profile): linter issue.
roddhjav Sep 21, 2025
71b81ff
fix zpool
Stoppedpuma Sep 22, 2025
500db22
Update lscpu: adding attach_disconnected
curiosityseeker Sep 22, 2025
acca23f
Update main.flags: adding lscpu
curiosityseeker Sep 22, 2025
c256243
Update flatpak: adding gschemas abs
curiosityseeker Sep 22, 2025
bbc7514
fix zpool again
Stoppedpuma Sep 22, 2025
18cd23b
zpool review fix
Stoppedpuma Sep 22, 2025
1eb3891
fix(profile): grub-probe add attach_disconnected flag.
roddhjav Sep 22, 2025
cddbd9c
fix(profile): bluetoothd dbus definition.
roddhjav Sep 22, 2025
43b621a
feat(profile): apparmor_parser: more generic path for apparmor profil…
roddhjav Sep 22, 2025
5dbff71
feat(profile): improve some kmod path.
roddhjav Sep 22, 2025
2a6f51e
feat(profile): improve kernel profile.
roddhjav Sep 22, 2025
8009afb
fix(profile): add some missing uevent.
roddhjav Sep 22, 2025
df41b50
fix(profile): add some missing uevent.
roddhjav Sep 22, 2025
c1846fe
refractor(abs): common/bwrap -> bwrap
roddhjav Sep 22, 2025
b8071c0
feat(profile): Improve restriction of bwrap when used with glycin.
roddhjav Sep 22, 2025
9ea4574
feat(abs): add the gvfs-backend abstraction.
roddhjav Sep 23, 2025
e9594d7
feat(profile): add gnome-session-service.
roddhjav Sep 23, 2025
9baf879
feat(abs): add desktop user dconf path to the dconf abs.
roddhjav Sep 23, 2025
66aab34
feat(profile): update gnome profiles.
roddhjav Sep 23, 2025
655750d
feat(abs): improve the bwrap abs.
roddhjav Sep 23, 2025
560ae98
feat: initial global support for lycin-loaders.
roddhjav Sep 23, 2025
a178d10
chore: fix linter issue
roddhjav Sep 23, 2025
33594a0
feat(abs): add initial version of network-manager-observe.
roddhjav Sep 23, 2025
c5572a2
feat(abs): add glycin tmp file to gtk and gtk-strict.
roddhjav Sep 23, 2025
8786266
feat(profile): rename glycin//app to glycin//loaders and minor fixes.
roddhjav Sep 24, 2025
c9f1471
Update texstudio
valoq Sep 25, 2025
ba52165
feat(abs): add glycin-loaders to gtk abs.
roddhjav Sep 25, 2025
cbe7aab
feat(abs): update gdm config & state path.
roddhjav Sep 25, 2025
d4347fb
feat(abs): use etc_ro in desktop-files.
roddhjav Sep 25, 2025
838330c
feat(abs): update cuda lib location.
roddhjav Sep 25, 2025
81ef842
feat(abs): add boot_vga to dri.
roddhjav Sep 25, 2025
2eb1763
feat(abs): add cache dir to dconf.
roddhjav Sep 25, 2025
ac1d6bd
feat(abs): update core dbus own path
roddhjav Sep 25, 2025
cf0da21
feat(abs): update bus interfaces.
roddhjav Sep 25, 2025
91e621e
feat(abs): add the session-manager abstraction.
roddhjav Sep 25, 2025
df7d2e0
feat(profile): expand avahi access for ippfind.
roddhjav Sep 25, 2025
44349ff
feat(abs): move org.gnome.Mutter.IdleMonitor to gnome-strict.
roddhjav Sep 25, 2025
465f6e7
feat(abs): add ibus-strict.
roddhjav Sep 25, 2025
dfd12fe
feat(abs): add the localization abs.
roddhjav Sep 25, 2025
de8e999
refractor(abs): fi.w1.wpa_supplicant1 -> system/fi.w1.wpa_supplicant1
roddhjav Sep 25, 2025
eea9921
feat(abs): add org.gtk.vfs.MountTracker to gtk.
roddhjav Sep 25, 2025
268b721
feat(profile): update the dbus profiles.
roddhjav Sep 25, 2025
f431105
feat(profile): minor update on firefox.
roddhjav Sep 25, 2025
5dfef03
feta(profile): update flatpak.
roddhjav Sep 25, 2025
c0d79b8
feat(profile): update freedesktop profiles.
roddhjav Sep 25, 2025
484a96d
feat(profile): add xdg-terminal-exec.
roddhjav Sep 25, 2025
cf90d0a
feat(profile): update gnome profiles.
roddhjav Sep 25, 2025
7d7c78f
feat(profile): cleanup scdaemon
roddhjav Sep 25, 2025
81081b2
feat(profile): add polkit rule in pkttyagent.
roddhjav Sep 25, 2025
2b6e737
feat(profile): remove ptrac from htop, cleanup ps.
roddhjav Sep 25, 2025
e7a7cb4
feat(profile): glycin: deny more path.
roddhjav Sep 25, 2025
cb32e88
feat(profile): general update.
roddhjav Sep 25, 2025
8ffbcfc
feat(abs): improve signal and ptrace in the glycin stack.
roddhjav Sep 25, 2025
487bf85
build: add build support for apparmor 4 vs apparmor 4.1
roddhjav Sep 25, 2025
36cd3bb
feat(abs): add fontconfig-cache
roddhjav Sep 25, 2025
a9fefa0
feat(abs): rewrite fontconfig read and cache abs.
roddhjav Sep 25, 2025
99c441c
feat(profile): reduce the number of transition in some profile,
roddhjav Sep 25, 2025
37290dd
feat(profile): update userdbctl
roddhjav Sep 25, 2025
1e87a59
fix(profile): minor profile fixes.
roddhjav Sep 25, 2025
3edc598
fix(profile): linter issues.
roddhjav Sep 25, 2025
e8cb99c
fix(profile): removed moved bus abstraction.
roddhjav Sep 27, 2025
7d9df93
fix(profile): various small fixes in profiles.
roddhjav Sep 27, 2025
76cafe0
feat(profiles): add global support for glycin loaders
roddhjav Sep 27, 2025
2613cce
chore: linter fix
roddhjav Sep 27, 2025
0ef6041
tests: generalise autopkgtest path
roddhjav Sep 27, 2025
81d433f
Add allowed paths for correct generation of swap target
Sep 29, 2025
72616ed
minor fixes
valoq Oct 2, 2025
a17c93c
Update xdg-desktop-portal
JND94 Oct 4, 2025
cdc782c
Update xdg-desktop-portal-kde
JND94 Oct 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 0 additions & 2 deletions .github/local/needrestart
View file
Open in desktop

This file was deleted.

38 changes: 19 additions & 19 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,14 @@ jobs:
- name: Check out repository code
uses: actions/checkout@v4

- name: Install linter dependencies
run: |
pipx install rust-just
echo "$HOME/.local/bin" >> $GITHUB_PATH

- name: Run basic profile linter check
run: |
make check
just check

build:
runs-on: ${{ matrix.os }}
Expand All @@ -23,8 +28,6 @@ jobs:
mode: default
- os: ubuntu-24.04
mode: full-system-policy
- os: ubuntu-22.04
mode: default
steps:
- name: Check out repository code
uses: actions/checkout@v4
Expand All @@ -35,17 +38,14 @@ jobs:
sudo apt-get install -y \
devscripts debhelper config-package-dev \
auditd apparmor-profiles apparmor-utils
pipx install rust-just
echo "$HOME/.local/bin" >> $GITHUB_PATH
sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real

- name: Build the apparmor.d package
run: |
if [[ ${{ matrix.mode }} == full-system-policy ]]; then
echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules
fi
if [[ ${{ matrix.os }} == ubuntu-24.04 ]] && [[ ${{ matrix.mode }} == default ]]; then
# Test with Re-attach disconnected path
sed -e 's;// builder.Register("attach");builder.Register("attach");' -i pkg/prebuild/cli/cli.go
sed -e '/@{att}/d' -i apparmor.d/tunables/multiarch.d/system
sed -e "s/just complain/just fsp-complain/" -i debian/rules
fi
bash dists/build.sh dpkg

Expand All @@ -54,13 +54,10 @@ jobs:

- name: Reload AppArmor
run: |
sudo systemctl restart apparmor.service || true
sudo systemctl status apparmor.service

- name: Ensure compatibility with some AppArmor userspace tools
if: matrix.os != 'ubuntu-24.04'
run: |
sudo aa-enforce /etc/apparmor.d/aa-notify
if ! sudo systemctl restart apparmor.service; then
sudo journalctl -xeu apparmor.service
exit 1
fi

- name: Show AppArmor log and rules
run: |
Expand All @@ -81,6 +78,7 @@ jobs:
tests:
runs-on: ubuntu-24.04
needs: build
if: github.ref_name == 'dev' || github.event_name == 'workflow_dispatch'
steps:
- name: Check out repository code
uses: actions/checkout@v4
Expand All @@ -100,7 +98,8 @@ jobs:
sudo apt-get install -y \
apparmor-profiles apparmor-utils \
bats bats-support
sudo install -Dm0644 .github/local/needrestart /etc/apparmor.d/local/needrestart
pipx install rust-just
echo "$HOME/.local/bin" >> $GITHUB_PATH

- name: Install apparmor.d
run: |
Expand Down Expand Up @@ -132,11 +131,12 @@ jobs:

- name: Install integration dependencies
run: |
bash tests/requirements.sh
just init
find /usr/sbin/ -type f

- name: Run the integration tests
run: |
make integration
just integration

- name: Show final AppArmor logs
if: always()
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Build
.build
.logs
.pkg
tests/tldr
tests/tldr.tar.gz

Expand Down
15 changes: 7 additions & 8 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ check:
stage: test
image: registry.gitlab.com/roddhjav/builders/archlinux
script:
- make check
- just check

# Package Build
# -------------
Expand All @@ -84,13 +84,12 @@ archlinux:

debian:
stage: build
image: registry.gitlab.com/roddhjav/builders/debian:12
image: registry.gitlab.com/roddhjav/builders/debian:trixie
script:
- sudo chown -R build:build /builds/
- git config --global --add safe.directory $CI_PROJECT_DIR
- mkdir -p "$PKGDEST"
- sudo apt-get update -q && sudo apt-get install -y config-package-dev lsb-release
- sudo apt-get install -y -t bookworm-backports golang-go
- sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release libdistro-info-perl
- bash dists/build.sh dpkg
artifacts:
expire_in: 1 day
Expand All @@ -105,7 +104,7 @@ ubuntu:
script:
- git config --global --add safe.directory $CI_PROJECT_DIR
- mkdir -p "$PKGDEST"
- sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release
- sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release libdistro-info-perl
- bash dists/build.sh dpkg
artifacts:
expire_in: 1 day
Expand All @@ -117,7 +116,7 @@ whonix:
variables:
DISTRIBUTION: whonix
before_script:
- echo "\noverride_dh_auto_build:\n\tmake full" >> debian/rules
- sed -e "s/just complain/just fsp-complain/" -i debian/rules

opensuse:
stage: build
Expand Down Expand Up @@ -147,7 +146,7 @@ preprocess-archlinux:

preprocess-debian:
stage: preprocess
image: debian
image: debian:trixie
dependencies:
- debian
script:
Expand All @@ -167,7 +166,7 @@ preprocess-ubuntu:
- dpkg --install $PKGDEST/*
- apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null

preprocess-whonix:
.preprocess-whonix:
extends: preprocess-debian
dependencies:
- whonix
Expand Down
Loading