veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
veilor-os/overlay/usr/local/bin
History
s8n-ru dfda66ac7e
Some checks failed
Lint / Kickstart syntax (pull_request) Failing after 0s
Details
Lint / Shell scripts (pull_request) Failing after 0s
Details
Lint / No personal/onyx leaks (pull_request) Failing after 0s
Details
sec: AppArmor v0.6 stub — load profiles in complain mode 
Per docs/research/2026-05-05-agent-wave/04-hardening-tier-2.md (v0.6
scope item 1).

Adds:
  - apparmor-parser apparmor-utils apparmor-profiles to %packages in
    BOTH kickstart/veilor-os.ks (live ks) and overlay/usr/local/bin/
    veilor-installer (generated install ks heredoc).
  - scripts/40-apparmor.sh — wires aa-complain on every veilor-shipped
    profile. Idempotent. "loaded, present, nothing breaks".
  - overlay/etc/apparmor.d/veilor.d/firefox — 1-liner stub (binary
    confinement marker only; full policy post-v0.6).
  - overlay/etc/apparmor.d/veilor.d/thunderbird — same pattern.
  - Wired 40-apparmor.sh into install %post chain after
    30-apply-v03-theme.sh.

Complain mode means: profiles loaded, kernel logs syscall denials but
does NOT enforce. Operator can review audit.log post-install to
inform v0.7 policy authoring.
2026-05-06 11:15:30 +01:00
..
veilor-doctor v0.6: pre-stage veilor-update + veilor-doctor CLI tools (#11) 2026-05-02 04:39:33 +01:00
veilor-firstboot v0.5.2: move veilor-installer + veilor-firstboot to /usr/local/bin 2026-05-02 05:33:22 +01:00
veilor-installer sec: AppArmor v0.6 stub — load profiles in complain mode 2026-05-06 11:15:30 +01:00
veilor-power veilor-os v0.1 scaffold — kickstart + hardening + 3-mode power + DuckSans-ready KDE black theme 2026-04-30 03:43:33 +01:00
veilor-update v0.6: pre-stage veilor-update + veilor-doctor CLI tools (#11) 2026-05-02 04:39:33 +01:00