File packages.yaml of Package smar-apparmor-profiles (Revision 33fbce7ec7c891d0c0a8cf1b091c7bbc)
Currently displaying revision 33fbce7ec7c891d0c0a8cf1b091c7bbc , Show latest
622
1
- name: "apparmor-parser"
2
abstractions:
3
- kde
4
in_directory:
5
"security/apparmor":
6
local:
7
- "apparmor_parser"
8
files:
9
- "apparmor_parser"
10
"suse":
11
local:
12
- "lib.apparmor.apparmor.systemd"
13
files:
14
- "lib.apparmor.apparmor.systemd"
15
16
- name: "apparmor-utils"
17
abstractions:
18
- kde
19
requires:
20
- "apparmor-parser"
21
in_directory:
22
"security/apparmor":
23
files:
24
- "aa-autodep"
25
- "aa-logprof"
26
- "aa-remove-unknown"
27
- "aa-status"
28
- "aa-unconfined"
29
30
- name: "aru"
31
in_directory:
32
"security/apparmor":
33
files:
34
- "aru"
35
36
- name: "aucolor"
37
in_directory:
38
"security/apparmor":
39
files:
40
- "aucolor"
41
42
- name: "audit"
43
in_directory:
44
"security/apparmor":
45
files:
46
- "ausearch"
47
"system":
48
files:
49
- "auditd"
50
- "augenrules"
51
"system/admin":
52
files:
53
- "auditctl"
54
55
- name: "rpm"
56
included_abstractions:
57
- "read-only-rpm"
58
namespace_directories:
59
- "rpm-scriptlets.d"
60
in_directory:
61
"packaging/rpm":
62
files:
63
- "rpm"
64
65
- name: "smar-aa-scripts"
66
in_directory:
67
"security/apparmor":
68
files:
69
- "smar-load-profiles"
70
71
# qt folder
72
73
- name: "libqt5-linguist"
74
in_directory:
75
"qt":
76
files:
77
- "lrelease"
78
- "lupdate"
79
80
- name: "libqt5-qdbus"
81
abstractions:
82
- kde
83
in_directory:
84
"qt":
85
files:
86
- "qdbus"
87
88
- name: "libqt5-qtbase-common-devel"
89
in_directory:
90
"qt":
91
files:
92
- "moc"
93
- "qmake"
94
- "rcc"
95
- "uic"
96
97
- name: "libqt5-qtwebengine"
98
in_directory:
99
"qt":
100
files:
101
- "qt5.QtWebEngineProcess"
102
103
- name: "nheko"
104
in_directory:
105
"qt":
106
files:
107
- "nheko"
108
109
- name: "sddm"
110
in_directory:
111
"qt":
112
files:
113
- "sddm"
114
115
# security folder
116
117
- name: "certbot"
118
in_directory:
119
"security":
120
files:
121
- "certbot"
122
123
- name: "openconnect"
124
files:
125
- "security/openconnect"
126
- "security/openconnect.vpnc-script"
127
128
- name: "wireguard-tools"
129
load_profile_by_systemd:
130
"wg-quick@": wg-quick
131
files:
132
- "security/wg-quick"
133
134
- name: "wireshark"
135
recommends:
136
- MozillaFirefox
137
- drkonqi
138
- kinit
139
abstractions:
140
- kde
141
files:
142
- "security/wireshark/dumpcap"
143
- "security/wireshark/wireshark"
144
145
- name: "gpg2"
146
abstractions:
147
- sddm
148
requires:
149
- common
150
in_directory:
151
"security/gnupg":
152
local:
153
- "gpg2"
154
- "gpg-agent"
155
- "scdaemon"
156
files:
157
- "dirmngr"
158
- "gpg2"
159
- "gpg-agent"
160
- "gpg-connect-agent"
161
- "gpgconf"
162
- "gpgsm"
163
- "scdaemon"
164
165
# ssh folder + pam folder
166
167
- name: "openssh"
168
requires:
169
- gpg2 # ssh-agent invokes gpg-agent with Px.
170
suggests:
171
- xinit # ssh-agent also seems to invoke /etc/X11/xinit/xinitrc, when launching Xorg.
172
abstractions:
173
- sddm
174
extra_directories:
175
- "pam"
176
- "pam/abstractions"
177
extra_files:
178
ssh:
179
- "lib/ssh_client"
180
- "pam/mappings"
181
- "pam/abstractions/confined_user"
182
- "pam/abstractions/unconfined_user"
183
- "pam/abstractions/default_user"
184
- "pam/abstractions/user_base"
185
in_directory:
186
"security/ssh":
187
included_tunables:
188
- "ssh"
189
files:
190
- "ssh"
191
- "ssh-agent"
192
- "ssh.sftp-server"
193
- "sshd"
194
local:
195
- "sshd"
196
197
- name: "mosh"
198
files:
199
- "security/ssh/mosh-client"
200
201
- name: "sshfs"
202
in_directory:
203
"security/ssh":
204
files:
205
- "sshfs"
206
207
# git folder
208
209
- name: "git-core"
210
requires:
211
- gettext-runtime
212
abstractions:
213
- less
214
included_abstractions:
215
- "git"
216
included_tunables:
217
- "git"
218
local:
219
- "git"
220
in_directory:
221
"programming/git":
222
files:
223
- "git"
224
- "git-credential-store"
225
- "git-mergetool"
226
- "git-remote-http"
227
rpm_scriptlets_symlinks:
228
- "git"
229
230
- name: "git-svn"
231
in_directory:
232
"programming/git":
233
files:
234
- "git-svn"
235
236
# kerberos folder
237
238
- name: "krb5-client"
239
in_directory:
240
"security/kerberos":
241
files:
242
- "kadmin"
243
- "kinit"
244
- "klist"
245
246
# suse folder
247
248
- name: "aaa_base"
249
requires:
250
- systemd
251
files:
252
- "suse/usr.sbin.service"
253
254
- name: "fonts-config"
255
recommends:
256
- xfs
257
in_directory:
258
"suse/zypper":
259
files:
260
- "fonts-config"
261
262
- name: "libzypp-plugin-appdata"
263
requires:
264
- appstream-glib
265
files:
266
- "suse/zypper/plugins.appdata.InstallAppdata"
267
- "suse/zypper/libzypp.AsHelper"
268
269
- name: "permissions"
270
in_directory:
271
"suse":
272
files:
273
- "chkstat"
274
275
- name: "permissions-zypp-plugin"
276
in_directory:
277
"suse/zypper":
278
files:
279
- "plugins.commit.permissions.py"
280
281
- name: "snapper"
282
in_directory:
283
"suse":
284
files:
285
- "snapper"
286
- "snapperd"
287
288
- name: "snapper-zypp-plugin"
289
files:
290
- "suse/zypper/plugins.commit.snapper.py"
291
- "suse/zypper/plugins.commit.snapper-zypp-plugin"
292
293
- name: "supportutils"
294
in_directory:
295
"suse":
296
files:
297
- "supportconfig"
298
299
- name: "suse-module-tools"
300
requires:
301
- dracut # for mkinitrd
302
in_directory:
303
"suse/kernel":
304
files:
305
- "module-init-tools.regenerate-initrd-posttrans"
306
- "module-init-tools.kernel-scriptlets.cert-script"
307
- "module-init-tools.kernel-scriptlets.inkmp-script"
308
- "module-init-tools.kernel-scriptlets.kmp-script"
309
- "module-init-tools.kernel-scriptlets.rpm-script"
310
- "module-init-tools.weak-modules2"
311
312
- name: "update-alternatives"
313
files:
314
- "suse/update-alternatives"
315
316
- name: "yast2"
317
requires:
318
- aaa_base
319
- yast2-control-center
320
- yast2-ruby-bindings
321
in_directory:
322
"suse":
323
files:
324
- "yast2"
325
"suse/yast":
326
files:
327
- "yast.online_update"
328
329
- name: "yast2-control-center"
330
files:
331
- "suse/yast.y2controlcenter"
332
333
- name: "yast2-ruby-bindings"
334
abstractions:
335
- ruby
336
requires:
337
- systemd
338
- desktop-file-utils
339
- btrfsprogs
340
# This could depend on yast2, but it would cause unnecessary circular dependency.
341
- libzypp-plugin-appdata
342
- snapper-zypp-plugin
343
files:
344
- "suse/yast.y2start"
345
346
- name: "zypper"
347
abstractions:
348
- systemd
349
requires:
350
- btrfsmaintenance
351
- libzypp-plugin-appdata
352
- rpm
353
- snapper-zypp-plugin
354
recommends:
355
- dracut
356
suggests:
357
- libreoffice
358
in_directory:
359
"suse/zypper":
360
files:
361
- "zypper"
362
- "zypper.gpg2"
363
- "zypper.gpg-agent"
364
365
- name: "libzypp"
366
in_directory:
367
"suse/zypper":
368
files:
369
- "zypp-NameReqPrv"
370
371
# media folder
372
373
- name: "ffmpeg"
374
files:
375
- "media/ffmpeg"
376
- "media/ffprobe"
377
378
- name: "mpv"
379
in_directory:
380
"media":
381
files:
382
- "mpv"
383
local:
384
- "mpv"
385
386
- name: "youtube-dl"
387
files:
388
- "media/youtube-dl"
389
390
- name: "yt-dlp"
391
files:
392
- "media/yt-dlp"
393
394
- name: "vlc-noX"
395
in_directory:
396
"media":
397
files:
398
- "vlc.vlc-cache-gen"
399
400
# No folder
401
402
- name: "chromium"
403
files:
404
- "browsers/chromium"
405
406
- name: "MozillaFirefox"
407
abstractions:
408
- sddm
409
suggests:
410
- kmozillahelper
411
- plasma-browser-integration
412
- sssd # For GSSAPI login to websites.
413
in_directory:
414
"browsers":
415
included_tunables:
416
- "firefox"
417
files:
418
- "firefox"
419
- "firefox.sh"
420
local:
421
- "firefox"
422
423
# hardware folder
424
425
- name: "cups"
426
files:
427
- "hardware/cupsd"
428
429
- name: "fwupd"
430
files:
431
- "hardware/fwupd"
432
433
- name: "kbd"
434
in_directory:
435
"hardware/keyboard":
436
files:
437
- "dumpkeys"
438
- "loadkeys"
439
440
- name: "kmod"
441
files:
442
- "hardware/kmod"
443
444
- name: "ModemManager"
445
files:
446
- "hardware/ModemManager"
447
448
- name: "suse-prime-bbswitch"
449
in_directory:
450
"hardware/video":
451
files:
452
- "prime-select"
453
454
- name: "udev"
455
in_directory:
456
"hardware/udev":
457
files:
458
- "udevadm"
459
extra_files:
460
- "lib/udevadm"
461
extra_directories:
462
- "lib/udevadm.d/"
463
464
- name: "x11-video-nvidiaG05"
465
in_directory:
466
"hardware/video":
467
files:
468
- "nvidia-sleep.sh"
469
- "systemd.system-sleep.nvidia"
470
471
# server folder
472
473
- name: "apt-cacher-ng"
474
files:
475
- "server/apt-cacher-ng"
476
477
- name: "memcached"
478
files:
479
- "server/memcached"
480
481
- name: "mysql-client"
482
provides:
483
- "mariadb-client"
484
in_directory:
485
"server/mysql":
486
files:
487
- "mysqladmin"
488
489
- name: "mysql-server"
490
provides:
491
- "mariadb-server"
492
in_directory:
493
"server/mysql":
494
files:
495
- "mysqld"
496
extra_files:
497
- "lib/mariadb-install-db"
498
499
- name: "nginx"
500
in_directory:
501
"server":
502
files:
503
- "nginx"
504
extra_directories:
505
- "lib/logrotate.d"
506
extra_files:
507
- "lib/logrotate.d/nginx"
508
509
- name: "oidentd"
510
files:
511
- "server/oidentd"
512
513
- name: "redis"
514
files:
515
- "server/redis-server"
516
517
- name: "rspamd"
518
in_directory:
519
"server/mail/rspamd":
520
files:
521
# rspamd package has actual rspamd profile.
522
- "learn-ham.rspamd.script"
523
- "learn-spam.rspamd.script"
524
- "rspamc"
525
526
527
- name: "samba"
528
files:
529
- "server/samba/nmbd"
530
- "server/samba/smbd"
531
532
- name: "spamassassin"
533
files:
534
- "server/spamassassin.spamc"
535
- "server/spamassassin.spamd"
536
537
- name: "sphinx"
538
files:
539
- "server/searchd"
540
541
- name: "squid"
542
files:
543
- "server/web/squid"
544
545
# audio folder
546
547
- name: "gstreamer"
548
in_directory:
549
"hardware/audio":
550
files:
551
- "gst-plugin-scanner"
552
553
- name: "pipewire"
554
load_profile_by_systemd:
555
user:
556
"pipewire-media-session":
557
profile: "pipewire-media-session"
558
# Override NoNewPrivileges=yes in /usr/lib/systemd/user/pipewire.service
559
#
560
# NOTE: Before systemd-255, MemoryDenyWriteExecute=
561
# and few similar flags also needs to be
562
# disabled.
563
no_new_privs: false
564
in_directory:
565
"hardware/audio":
566
files:
567
- "pipewire"
568
- "pipewire-media-session"
569
570
- name: "pulseaudio"
571
load_profile_by_systemd:
572
user:
573
pulseaudio:
574
profile: pulseaudio
575
# Override NoNewPrivileges=yes in /usr/lib/systemd/user/pulseaudio.service
576
#
577
# NOTE: Before systemd-255, MemoryDenyWriteExecute=
578
# and few similar flags also needs to be
579
# disabled.
580
no_new_privs: false
581
in_directory:
582
"hardware/audio":
583
files:
584
- "pulseaudio"
585
- "pulse.gconf-helper"
586
587
- name: "pulseaudio-module-gsettings"
588
in_directory:
589
"hardware/audio":
590
files:
591
- "pulse.gsettings-helper"
592
593
- name: "pulseaudio-module-x11"
594
in_directory:
595
"hardware/audio":
596
files:
597
- "start-pulseaudio-x11"
598
599
- name: "pulseaudio-utils"
600
in_directory:
601
"hardware/audio":
602
files:
603
- "pacmd"
604
- "pactl"
605
606
- name: "wireplumber"
607
load_profile_by_systemd:
608
user:
609
wireplumber:
610
profile: wireplumber
611
# Override NoNewPrivileges=yes in /usr/lib/systemd/user/pulseaudio.service
612
#
613
# NOTE: Before systemd-255, MemoryDenyWriteExecute=
614
# and few similar flags also needs to be
615
# disabled.
616
no_new_privs: false
617
in_directory:
618
"hardware/audio":
619
files:
620
- "wireplumber"
621
622
# kate: indent-width 2