Amir Alexander Abdelbaki
87b62f368b
policy-block-binary-<name> is now a FreeIPA *user* group instead of a host group, so restrictions follow the user to every enrolled machine. The PATH wrapper is installed on all hosts and checks group membership at runtime via id(1)/SSSD, passing non-members through transparently. __ in the group name decodes to . so Flatpak app IDs are supported (flatpak run fallback included). AppArmor layer removed since per-user confinement requires a different approach and the wrapper alone is sufficient. Adds local_sudo_<username> host group policy which writes a sudoers drop-in granting that user full sudo on the specific device, reverted on group leave. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| Setup-shell-4-containers | ||
| archiso | ||
| deprecated | ||
| modules | ||
| arch-autoinstall.sh | ||
| archbaseos-guided-install.sh | ||
| audit-packages.sh | ||
| generate-answerfile.sh | ||
| install-modules.sh | ||
| install.sh | ||
| reset-arch.sh | ||
| tui-install.sh | ||