ccfa715678
* Overflow for images on project cards.
* Allow unreacting from comment popover.
* The scope of application tokens is not verified when writing
containers or Conan packages.
* When a Forgejo Actions workflow includes a workflow_dispatch with
inputs and other events (for instance push), it is silently ignored
because of a parsing error.
* Automerge on AGit pull requests is ignored.
* Show lock owner instead of repo owner on LFS setting page.
* Render plain text file if the LFS object doesn't exist.
* Panic of ssh public key page after deletion of an auth source.
* Add missing repository type filter parameters to pager.
* Reverted a change from Gitea which prevented allow/reject reviews on
merged or closed PRs. This change was not considered by the Forgejo
UI team and there is a consensus that it feels like a regression,
since it interferes with workflows known to be used by Forgejo users
without providing a tangible benefit.
* Run full PR checks on AGit push.
* Updated translations
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=33
65 lines
2.0 KiB
Plaintext
65 lines
2.0 KiB
Plaintext
abi <abi/3.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
profile forgejo /usr/bin/forgejo flags=(attach_disconnected) {
|
|
include <abstractions/base>
|
|
include <abstractions/mysql>
|
|
include <abstractions/nameservice>
|
|
include <abstractions/opencl-pocl>
|
|
include <abstractions/openssl>
|
|
include <abstractions/user-tmp>
|
|
include if exists <local/usr.bin.forgejo>
|
|
|
|
network inet stream,
|
|
network inet6 stream,
|
|
|
|
/etc/forgejo/ r,
|
|
/etc/forgejo/conf/app.ini r,
|
|
/etc/forgejo/public/ r,
|
|
/etc/forgejo/public/** r,
|
|
/etc/forgejo/{conf,https,mailer}/ r,
|
|
/etc/gitconfig r,
|
|
/etc/mime.types r,
|
|
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
|
/usr/bin/forgejo mr,
|
|
/usr/bin/git mr,
|
|
/usr/bin/gzip mr,
|
|
/usr/bin/{basename,env,git,git-lfs,forgejo,ssh-keygen,gzip} ix,
|
|
/usr/libexec/git/git-write-tree mrix,
|
|
/usr/share/forgejo/** r,
|
|
/usr/share/forgejo/.gitconfig rw,
|
|
/usr/share/forgejo/.gitconfig.lock rw,
|
|
/usr/share/git-core/templates/ r,
|
|
/usr/share/git-core/templates/** r,
|
|
/usr/share/mime/globs2 r,
|
|
/usr/{lib,libexec}/git/git ix,
|
|
/usr/{lib,libexec}/git/git-remote-http ix,
|
|
/var/ r,
|
|
/var/lib/ r,
|
|
/var/lib/forgejo/ r,
|
|
/var/lib/forgejo/.local/** rw,
|
|
/var/lib/forgejo/.ssh/ rw,
|
|
/var/lib/forgejo/.ssh/* rw,
|
|
/var/log/forgejo/ rw,
|
|
/var/log/forgejo/access.log rw,
|
|
/var/log/forgejo/access.log.* w,
|
|
/var/log/forgejo/doctors-* rw,
|
|
@{PROC}/sys/net/core/somaxconn r,
|
|
owner /etc/forgejo/conf/app.ini w,
|
|
owner /tmp/forgejo** rwl,
|
|
owner /tmp/index* rw,
|
|
owner /tmp/patch* rw,
|
|
owner /usr/share/forgejo/** rw,
|
|
owner /var/lib/forgejo/backups/forgejo-dump-*.{zip,tar.gz,tar.xz} rw,
|
|
owner /var/lib/forgejo/data/forgejo-repositories/** rwlk,
|
|
owner /var/lib/forgejo/data/forgejo-repositories/**.git/hooks/** ix,
|
|
owner /var/lib/forgejo/https/** rwlk,
|
|
owner /var/lib/forgejo/{data,indexers,queues,repositories,backups}/ r,
|
|
owner /var/lib/forgejo/{data,indexers,queues,repositories}/** rwk,
|
|
owner /var/log/forgejo/gitea.log w,
|
|
owner @{PROC}/@{pid}/fd/ r,
|
|
owner @{PROC}/@{pid}/{cgroup,cpuset,status,stat,limits} r,
|
|
|
|
}
|