s8n-ru dfda66ac7e sec: AppArmor v0.6 stub — load profiles in complain mode ... Per docs/research/2026-05-05-agent-wave/04-hardening-tier-2.md (v0.6 scope item 1). Adds: - apparmor-parser apparmor-utils apparmor-profiles to %packages in BOTH kickstart/veilor-os.ks (live ks) and overlay/usr/local/bin/ veilor-installer (generated install ks heredoc). - scripts/40-apparmor.sh — wires aa-complain on every veilor-shipped profile. Idempotent. "loaded, present, nothing breaks". - overlay/etc/apparmor.d/veilor.d/firefox — 1-liner stub (binary confinement marker only; full policy post-v0.6). - overlay/etc/apparmor.d/veilor.d/thunderbird — same pattern. - Wired 40-apparmor.sh into install %post chain after 30-apply-v03-theme.sh. Complain mode means: profiles loaded, kernel logs syscall denials but does NOT enforce. Operator can review audit.log post-install to inform v0.7 policy authoring.		2026-05-06 11:15:30 +01:00
..
apparmor	sec: AppArmor profile skeletons + audit shipping draft + veilor-firstboot SELinux module (#3)	2026-05-02 04:39:39 +01:00
selinux	v0.5.2: move veilor-installer + veilor-firstboot to /usr/local/bin	2026-05-02 05:33:22 +01:00
10-harden-base.sh	veilor-os v0.1 scaffold — kickstart + hardening + 3-mode power + DuckSans-ready KDE black theme	2026-04-30 03:43:33 +01:00
20-harden-kernel.sh	ks: keep KDE deps (cups/geoclue2/MM/PackageKit) — mask daemons at runtime instead	2026-04-30 04:31:49 +01:00
30-apply-v03-theme.sh	ux: v0.3 polish — plymouth/sddm/konsole audit + wallpaper variants + branding logo (#4)	2026-05-02 04:39:21 +01:00
40-apparmor.sh	sec: AppArmor v0.6 stub — load profiles in complain mode	2026-05-06 11:15:30 +01:00
firstboot.sh	veilor-os v0.1 scaffold — kickstart + hardening + 3-mode power + DuckSans-ready KDE black theme	2026-04-30 03:43:33 +01:00
kde-theme-apply.sh	v0.2.3: os-release branding + admin user creation in %post	2026-05-01 18:25:57 +01:00