-
https://github.com/roddhjav/apparmor.d
Massive repository of AppArmor profiles. This should be used by nix-mineral, as a strong MAC policy is the cornerstone of a good security model. It'd be more ap…
-
Hi Micah,
I hadn't packaged the new version of Onionshare yet because I was afraid of too many things to test at once. However, I packaged it for Debian now, but it runs by default without Apparmor…
u451f updated
3 years ago
-
# Bug report
### What operating system and version are you using?
```
$ osqueryi --line "SELECT version, build, platform FROM os_version;"
version = 24.04 LTS (Noble Numbat)
b…
-
### Kyverno CLI Version
1.12.5
### Description
When running restrict-apparmor-profiles against a resource with an empty annotation (null?), the tests incorrectly fail.
This seems similar to #43…
-
I'm trying to run Docker on a remote host over ssh using built-in functionality as explained by [this post](https://collabnix.com/how-to-connect-to-remote-docker-using-docker-context-cli/) but I get a…
-
### Is this the right place to submit this?
- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio
### Bug Description
On installing…
-
As mentioned in https://github.com/roddhjav/apparmor.d/issues/250
Not sure how useful it is to create such a list. Links might change over the years (do to file name changes, removed profiles, adde…
-
### What Happened?
I'm on the Demo session of the daily build ISOs. This happends in all daily images I tried since about 2 or 3 weeks.
> $ flatpak run io.elementary.calculator
> bwrap: Creati…
-
Both the default apparmor and seccomp profiles contain restrictions for **mount**. While seccomp allows it for CAP_SYS_ADMIN, apparmor blocks it altogether: https://github.com/moby/moby/blob/2eb…
-
```
ALLOWED uname open owner /var/pressure-vessel/ldso/ld.so.cache comm=uname requested_mask=r denied_mask=r
ALLOWED uname open owner @{user_share_dirs}/Steam/ubuntu12_64/gameoverlayrenderer.so comm…