The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Dotfiles/setup/modules
History
Amir Alexander Abdelbaki fb8ca498ef feat(freeipa): add AppArmor deny profiles to binary blocking policy 
Binary blocking now applies two layers:
  1. PATH-priority wrapper in /usr/local/bin/ (existing)
  2. Empty AppArmor profile in /etc/apparmor.d/ loaded in enforce mode

An empty AppArmor profile denies all access — the blocked binary cannot
load shared libraries and exits immediately with a permission error,
covering callers that use absolute paths and bypassed the wrapper.

AppArmor layer is skipped silently when apparmor_parser is not present,
and deferred with a warning if the real binary is not yet installed.
Profiles are unloaded and deleted when the host leaves the policy group.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-20 12:00:55 +02:00
..
Desktop-Environments fixed theming issues 2026-05-19 14:39:29 +02:00
FreeipaAnsible feat(freeipa): add AppArmor deny profiles to binary blocking policy 2026-05-20 12:00:55 +02:00
optional-Modules feat(setup): add anti-malware module with freshclam cron job 2026-05-19 19:58:35 +02:00
core-packages.sh setup: add browser/IDE modules and lynx to core packages 2026-05-18 14:23:43 +02:00
core.sh added udiskie 2025-11-27 18:04:00 +01:00
package-managers.sh setup: fix module scripts and add TUI installer 2026-05-08 10:27:43 +02:00
shell-setup.sh fix(nvim): place airline cyberqueer theme inside rtp so it is auto-discovered 2026-05-19 08:59:50 +02:00