Amir Alexander Abdelbaki fb8ca498ef feat(freeipa): add AppArmor deny profiles to binary blocking policy ... Binary blocking now applies two layers: 1. PATH-priority wrapper in /usr/local/bin/ (existing) 2. Empty AppArmor profile in /etc/apparmor.d/ loaded in enforce mode An empty AppArmor profile denies all access — the blocked binary cannot load shared libraries and exits immediately with a permission error, covering callers that use absolute paths and bypassed the wrapper. AppArmor layer is skipped silently when apparmor_parser is not present, and deferred with a warning if the real binary is not yet installed. Profiles are unloaded and deleted when the host leaves the policy group. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-05-20 12:00:55 +02:00
..
Setup-shell-4-containers	setup: housekeeping — rename, deprecate, fix refs	2026-05-11 15:02:25 +02:00
archiso	fix(archiso): move user input before partitioning, fall back to bash on exit	2026-05-20 07:20:14 +02:00
deprecated	privacy: remove hardcoded username and AWS signed URL	2026-05-12 14:17:48 +02:00
modules	feat(freeipa): add AppArmor deny profiles to binary blocking policy	2026-05-20 12:00:55 +02:00
arch-autoinstall.sh	fix(setup): port KEYMAPS+vconsole support to auto-installer and answerfile generator	2026-05-20 00:01:19 +02:00
archbaseos-guided-install.sh	fix(archiso): move user input before partitioning, fall back to bash on exit	2026-05-20 07:20:14 +02:00
audit-packages.sh	setup: fix pamtester/pinta/kew package source categorization	2026-05-11 19:45:33 +02:00
generate-answerfile.sh	fix(setup): port KEYMAPS+vconsole support to auto-installer and answerfile generator	2026-05-20 00:01:19 +02:00
install-modules.sh	feat(setup): add anti-malware module with freshclam cron job	2026-05-19 19:58:35 +02:00
install.sh	setup: add croc to optional apps; fix shell match in tui summary	2026-05-18 03:03:01 +02:00
tui-install.sh	feat: add hyprlua config set and migrate hyprland envvars to dedicated file	2026-05-19 08:50:23 +02:00