apparmor.d/pkg/aa/templates/profile.j2

{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}

{{- define "profile" -}}

    {{- with .Header -}}
        {{- "profile" -}}
        {{- with .Name -}}
            {{ " " }}{{ . }}
        {{- end -}}
        {{- with .Attachments -}}
            {{ " " }}{{ join . }}
        {{- end -}}
        {{- with .Attributes -}}
            {{ " xattrs=(" }}{{ join . }}{{ ")" }}
        {{- end -}}
        {{- with .Flags -}}
            {{ " flags=(" }}{{ join . }}{{ ")" }}
        {{- end -}}
        {{- " {\n" -}}
    {{- end -}}

    {{- $oldtype := "" -}}
    {{- range .Rules -}}
        {{- $type := typeof . -}}
        {{- if eq $type "Rule" -}}
            {{- template "comment" . -}}
            {{- "\n" -}}
            {{- continue -}}
        {{- end -}}
        {{- if and (ne $type $oldtype) (ne $oldtype "") -}}
            {{- "\n" -}}
        {{- end -}}
        {{- indent "" -}}

        {{- if eq $type "Include" -}}
            {{ template "include" . }}
        {{- end -}}

        {{- if eq $type "Rlimit" -}}
            {{- template "rlimit" . -}}
        {{- end -}}

        {{- if eq $type "Userns" -}}
            {{- template "userns" . -}}
        {{- end -}}

        {{- if eq $type "Capability" -}}
            {{- template "capability" . -}}
        {{- end -}}

        {{- if eq $type "Network" -}}
            {{- template "network" . -}}
        {{- end -}}

        {{- if eq $type "Mount" -}}
            {{- template "mount" . -}}
        {{- end -}}

        {{- if eq $type "Remount" -}}
            {{- template "remount" . -}}
        {{- end -}}

        {{- if eq $type "Umount" -}}
            {{- template "umount" . -}}
        {{- end -}}

        {{- if eq $type "PivotRoot" -}}
            {{- template "pivot_root" . -}}
        {{- end -}}

        {{- if eq $type "ChangeProfile" -}}
            {{- template "change_profile" . -}}
        {{- end -}}

        {{- if eq $type "Mqueue" -}}
            {{- template "mqueue" . -}}
        {{- end -}}

        {{- if eq $type "Unix" -}}
            {{- template "unix" . -}}
        {{- end -}}

        {{- if eq $type "Ptrace" -}}
            {{- template "ptrace" . -}}
        {{- end -}}

        {{- if eq $type "Signal" -}}
            {{- template "signal" . -}}
        {{- end -}}

        {{- if eq $type "Dbus" -}}
            {{- template "dbus" . -}}
        {{- end -}}

        {{- if eq $type "File" -}}
            {{- template "file" . -}}
        {{- end -}}

        {{- if eq $type "Profile" -}}
            {{ template "profile" . }}
        {{- end -}}

        {{- "\n" -}}
        {{- $oldtype = $type -}}
    {{- end -}}

    {{- with .Header -}}
        {{- "}\n" -}}
    {{- end -}}

{{- end -}}
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- /* apparmor.d - Full set of apparmor profiles */ -}}`
			`{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}`
			`{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}`

			`{{- define "profile" -}}`

feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`{{- with .Header -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- "profile" -}}`
			`{{- with .Name -}}`
			`{{ " " }}{{ . }}`
			`{{- end -}}`
			`{{- with .Attachments -}}`
			`{{ " " }}{{ join . }}`
			`{{- end -}}`
			`{{- with .Attributes -}}`
			`{{ " xattrs=(" }}{{ join . }}{{ ")" }}`
			`{{- end -}}`
			`{{- with .Flags -}}`
			`{{ " flags=(" }}{{ join . }}{{ ")" }}`
			`{{- end -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- " {\n" -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- $oldtype := "" -}}`
			`{{- range .Rules -}}`
			`{{- $type := typeof . -}}`
			`{{- if eq $type "Rule" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "comment" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- "\n" -}}`
			`{{- continue -}}`
			`{{- end -}}`
			`{{- if and (ne $type $oldtype) (ne $oldtype "") -}}`
			`{{- "\n" -}}`
			`{{- end -}}`
			`{{- indent "" -}}`

			`{{- if eq $type "Include" -}}`
			`{{ template "include" . }}`
			`{{- end -}}`

			`{{- if eq $type "Rlimit" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "rlimit" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Userns" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "userns" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Capability" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "capability" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Network" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "network" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Mount" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "mount" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- if eq $type "Remount" -}}`
			`{{- template "remount" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- if eq $type "Umount" -}}`
			`{{- template "umount" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "PivotRoot" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "pivot_root" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "ChangeProfile" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "change_profile" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Mqueue" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "mqueue" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Unix" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "unix" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Ptrace" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "ptrace" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Signal" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "signal" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Dbus" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "dbus" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "File" -}}`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`{{- template "file" . -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- end -}}`

			`{{- if eq $type "Profile" -}}`
			`{{ template "profile" . }}`
			`{{- end -}}`

			`{{- "\n" -}}`
			`{{- $oldtype = $type -}}`
			`{{- end -}}`

feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`{{- with .Header -}}`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`{{- "}\n" -}}`
			`{{- end -}}`

			`{{- end -}}`