File packages.yaml of Package smar-apparmor-profiles
- name: "apparmor-parser"
abstractions:
- kde
in_directory:
"security/apparmor":
local:
- "apparmor_parser"
files:
- "apparmor_parser"
"suse":
local:
- "lib.apparmor.apparmor.systemd"
files:
- "lib.apparmor.apparmor.systemd"
- name: "apparmor-utils"
abstractions:
- kde
requires:
- "apparmor-parser"
in_directory:
"security/apparmor":
files:
- "aa-autodep"
- "aa-logprof"
- "aa-remove-unknown"
- "aa-status"
- "aa-unconfined"
- name: "aru"
in_directory:
"security/apparmor":
files:
- "aru"
- name: "aucolor"
in_directory:
"security/apparmor":
files:
- "aucolor"
- name: "audit"
in_directory:
"security/apparmor":
files:
- "ausearch"
"system":
files:
- "auditd"
- "augenrules"
"system/admin":
files:
- "auditctl"
- name: "rpm"
included_abstractions:
- "read-only-rpm"
namespace_directories:
- "rpm-scriptlets.d"
in_directory:
"packaging/rpm":
files:
- "rpm"
extra_directories:
- absolute_path: "%{_sysconfdir}/apparmor/smar-load-profiles"
extra_files:
- smar-load-profiles/rpm_scriptlets: "%{_sysconfdir}/apparmor/smar-load-profiles/rpm_scriptlets"
- name: "smar-aa-scripts"
in_directory:
"security/apparmor":
files:
- "smar-load-profiles"
# qt folder
- name: "libqt5-linguist"
in_directory:
"qt":
files:
- "lrelease"
- "lupdate"
- name: "libqt5-qdbus"
abstractions:
- kde
in_directory:
"qt":
files:
- "qdbus"
- name: "libqt5-qtbase-common-devel"
in_directory:
"qt":
files:
- "moc"
- "qmake"
- "rcc"
- "uic"
- name: "libqt5-qtwebengine"
in_directory:
"qt":
files:
- "qt5.QtWebEngineProcess"
- name: "nheko"
in_directory:
"qt":
files:
- "nheko"
# security folder
- name: "certbot"
in_directory:
"security":
files:
- "certbot"
- name: "openconnect"
files:
- "security/openconnect"
- "security/openconnect.vpnc-script"
- name: "wireguard-tools"
load_profile_by_systemd:
"wg-quick@": wg-quick
files:
- "security/wg-quick"
- name: "wireshark"
recommends:
- MozillaFirefox
- drkonqi
- kinit
abstractions:
- kde
files:
- "security/wireshark/dumpcap"
- "security/wireshark/wireshark"
- name: "gpg2"
abstractions:
- sddm
requires:
- common
in_directory:
"security/gnupg":
local:
- "gpg2"
- "gpg-agent"
- "scdaemon"
files:
- "dirmngr"
- "gpg2"
- "gpg-agent"
- "gpg-connect-agent"
- "gpgconf"
- "gpgsm"
- "keyboxd"
- "scdaemon"
# ssh folder + pam folder
- name: "openssh"
requires:
- gpg2 # ssh-agent invokes gpg-agent with Px.
extra_directories:
- "pam"
- "pam/abstractions"
extra_files:
ssh:
- "lib/ssh_client"
- "pam/mappings"
- "pam/abstractions/confined_user"
- "pam/abstractions/unconfined_user"
- "pam/abstractions/default_user"
- "pam/abstractions/user_base"
in_directory:
"security/ssh":
included_tunables:
- "ssh"
files:
- "ssh"
- "ssh-agent"
- "ssh.sftp-server"
- "sshd"
local:
- "sshd"
- name: "mosh"
files:
- "security/ssh/mosh-client"
- name: "sshfs"
in_directory:
"security/ssh":
files:
- "sshfs"
# git folder
- name: "git-core"
requires:
- gettext-runtime
abstractions:
- less
included_abstractions:
- "git"
included_tunables:
- "git"
local:
- "git"
in_directory:
"programming/git":
files:
- "git"
- "git-credential-store"
- "git-mergetool"
- "git-remote-http"
rpm_scriptlets_symlinks:
- "git"
- name: "git-lfs"
in_directory:
"programming/git":
files:
- "git-lfs"
rpm_scriptlets_symlinks:
- "git-lfs"
- name: "git-svn"
in_directory:
"programming/git":
files:
- "git-svn"
# kerberos folder
- name: "krb5-client"
in_directory:
"security/kerberos":
extra_directories:
- "abstractions/kerberosclient.d"
extra_files:
- "abstractions/kerberosclient.d/smar-additions"
files:
- "kadmin"
- "kinit"
- "klist"
# suse folder
- name: "aaa_base"
requires:
- systemd
in_directory:
"suse/aaa_base":
files:
- "chkconfig"
- "service"
- name: "aaa_base-extras"
in_directory:
"suse/aaa_base":
files:
- "backup-rpmdb"
- "backup-sysconfig"
- "convert_sysctl"
- name: "fonts-config"
recommends:
- xfs
in_directory:
"suse/zypper":
files:
- "fonts-config"
rpm_scriptlets_symlinks:
- "fonts-config"
- name: "libzypp-plugin-appdata"
requires:
- appstream-glib
files:
- "suse/zypper/plugins.appdata.InstallAppdata"
- "suse/zypper/libzypp.AsHelper"
- name: "permissions"
in_directory:
"suse":
files:
- "chkstat"
- name: "permissions-zypp-plugin"
in_directory:
"suse/zypper":
files:
- "plugins.commit.permissions.py"
- name: "snapper"
in_directory:
"suse":
files:
- "snapper"
- "snapper.systemd-helper"
- "snapperd"
- name: "snapper-zypp-plugin"
files:
- "suse/zypper/plugins.commit.snapper.py"
- "suse/zypper/plugins.commit.snapper-zypp-plugin"
- name: "supportutils"
in_directory:
"suse":
files:
- "supportconfig"
- name: "suse-module-tools"
requires:
- dracut # for mkinitrd
in_directory:
"suse/kernel":
files:
- "module-init-tools.regenerate-initrd-posttrans"
- "module-init-tools.kernel-scriptlets.cert-script"
- "module-init-tools.kernel-scriptlets.inkmp-script"
- "module-init-tools.kernel-scriptlets.kmp-script"
- "module-init-tools.kernel-scriptlets.rpm-script"
- "module-init-tools.weak-modules2"
- name: "suseconnect-ng"
in_directory:
"suse":
files:
- "suseconnect"
- name: "update-alternatives"
files:
- "suse/update-alternatives"
- name: "yast2"
requires:
- aaa_base
- yast2-control-center
- yast2-ruby-bindings
in_directory:
"suse":
files:
- "yast2"
"suse/yast":
files:
- "yast.online_update"
- name: "yast2-control-center"
files:
- "suse/yast.y2controlcenter"
- name: "yast2-ruby-bindings"
abstractions:
- ruby
requires:
- systemd
- desktop-file-utils
- btrfsprogs
# This could depend on yast2, but it would cause unnecessary circular dependency.
- libzypp-plugin-appdata
- snapper-zypp-plugin
files:
- "suse/yast.y2start"
- name: "zypper"
abstractions:
- systemd
requires:
- btrfsmaintenance
- libzypp-plugin-appdata
- rpm
- snapper-zypp-plugin
recommends:
- dracut
suggests:
- libreoffice
in_directory:
"suse/zypper":
files:
- "zypper"
- "zypper.gpg2"
- "zypper.gpg-agent"
- "zypper.scdaemon"
- name: "libzypp"
in_directory:
"suse/zypper":
files:
- "zypp-NameReqPrv"
# media folder
- name: "ffmpeg"
files:
- "media/ffmpeg"
- "media/ffprobe"
- name: "mpv"
in_directory:
"media":
files:
- "mpv"
local:
- "mpv"
- name: "youtube-dl"
files:
- "media/youtube-dl"
- name: "yt-dlp"
files:
- "media/yt-dlp"
- name: "vlc-noX"
in_directory:
"media":
files:
- "vlc.vlc-cache-gen"
rpm_scriptlets_symlinks:
- "vlc.vlc-cache-gen"
# No folder
- name: "chromium"
files:
- "browsers/chromium"
- name: "MozillaFirefox"
abstractions:
- sddm
suggests:
- kmozillahelper
- plasma-browser-integration
- sssd # For GSSAPI login to websites.
in_directory:
"browsers":
included_tunables:
- "firefox"
files:
- "firefox"
- "firefox.sh"
local:
- "firefox"
# server folder
- name: "apt-cacher-ng"
files:
- "server/apt-cacher-ng"
- name: "memcached"
files:
- "server/memcached"
- name: "mysql-client"
provides:
- "mariadb-client"
in_directory:
"server/mysql":
files:
- "mysqladmin"
- name: "mysql-server"
provides:
- "mariadb-server"
in_directory:
"server/mysql":
files:
- "mariadb-upgrade"
- "mysql-systemd-helper"
- "mysqld"
extra_files:
- "lib/mariadb-install-db"
- name: "nginx"
in_directory:
"server":
files:
- "nginx"
extra_directories:
- "lib/logrotate.d"
extra_files:
- "lib/logrotate.d/nginx"
- name: "oidentd"
files:
- "server/oidentd"
- name: "redis"
files:
- "server/redis-server"
- name: "rspamd"
in_directory:
"server/mail/rspamd":
files:
# rspamd package has actual rspamd profile.
- "learn-ham.rspamd.script"
- "learn-spam.rspamd.script"
- "rspamc"
- "usr.bin.rspamd"
- name: "samba"
in_directory:
"server/samba":
files:
- "net"
- "nmbd"
- "smbd"
- name: "spamassassin"
files:
- "server/spamassassin.spamc"
- "server/spamassassin.spamd"
- name: "sphinx"
files:
- "server/searchd"
- name: "squid"
files:
- "server/web/squid"
- name: "varnish"
in_directory:
"server/web":
files:
- "varnishd"
- "varnishlog"
# audio folder
- name: "alsa-utils"
in_directory:
"hardware/audio/alsa":
files:
- "alsactl"
- name: "gstreamer"
in_directory:
"hardware/audio":
files:
- "gst-plugin-scanner"
- name: "pipewire"
load_profile_by_systemd:
user:
"pipewire-media-session":
profile: "pipewire-media-session"
# Override NoNewPrivileges=yes in /usr/lib/systemd/user/pipewire.service
#
# NOTE: Before systemd-255, MemoryDenyWriteExecute=
# and few similar flags also needs to be
# disabled.
no_new_privs: false
in_directory:
"hardware/audio":
files:
- "pipewire"
- "pipewire-media-session"
- name: "pulseaudio"
load_profile_by_systemd:
user:
pulseaudio:
profile: pulseaudio
# Override NoNewPrivileges=yes in /usr/lib/systemd/user/pulseaudio.service
#
# NOTE: Before systemd-255, MemoryDenyWriteExecute=
# and few similar flags also needs to be
# disabled.
no_new_privs: false
in_directory:
"hardware/audio":
files:
- "pulseaudio"
- "pulse.gconf-helper"
- name: "pulseaudio-module-gsettings"
in_directory:
"hardware/audio":
files:
- "pulse.gsettings-helper"
- name: "pulseaudio-module-x11"
in_directory:
"hardware/audio":
files:
- "start-pulseaudio-x11"
- name: "pulseaudio-utils"
in_directory:
"hardware/audio":
files:
- "pacmd"
- "pactl"
- name: "wireplumber"
load_profile_by_systemd:
user:
wireplumber:
profile: wireplumber
# Override NoNewPrivileges=yes in /usr/lib/systemd/user/pulseaudio.service
#
# NOTE: Before systemd-255, MemoryDenyWriteExecute=
# and few similar flags also needs to be
# disabled.
no_new_privs: false
in_directory:
"hardware/audio":
files:
- "wireplumber"
# kate: indent-width 2
