2023-04-19 18:40:40 +02:00
|
|
|
// apparmor.d - Full set of apparmor profiles
|
2024-02-07 00:16:21 +01:00
|
|
|
// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
2023-04-19 18:40:40 +02:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2024-10-02 17:22:46 +02:00
|
|
|
"slices"
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2023-05-06 14:01:07 +02:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
2024-03-26 00:37:13 +01:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
|
2024-10-02 17:22:46 +02:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/cli"
|
2024-03-26 00:37:13 +01:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
|
2023-04-19 18:40:40 +02:00
|
|
|
)
|
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
func init() {
|
|
|
|
// Define the tasks applied by default
|
|
|
|
prepare.Register(
|
|
|
|
"synchronise",
|
|
|
|
"ignore",
|
|
|
|
"merge",
|
|
|
|
"configure",
|
|
|
|
"setflags",
|
|
|
|
"systemd-default",
|
|
|
|
)
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
// Build tasks applied by default
|
|
|
|
builder.Register(
|
|
|
|
"userspace", // Resolve variable in the userspace profile
|
|
|
|
"dev", // Temporary fix for #74, #80 & #235
|
|
|
|
)
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
// Compatibility with AppArmor 3
|
|
|
|
switch prebuild.Distribution {
|
|
|
|
case "arch":
|
|
|
|
prebuild.ABI = 3
|
2024-03-21 21:36:41 +01:00
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
case "ubuntu":
|
|
|
|
if !slices.Contains([]string{"noble"}, prebuild.Release["VERSION_CODENAME"]) {
|
|
|
|
prebuild.ABI = 3
|
|
|
|
}
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
case "debian":
|
|
|
|
prebuild.ABI = 3
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
case "whonix":
|
|
|
|
prebuild.ABI = 3
|
2024-03-15 17:17:19 +01:00
|
|
|
|
2024-10-02 17:22:46 +02:00
|
|
|
// Hide rewrittem Whonix profiles
|
|
|
|
prebuild.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure
|
|
|
|
/etc/apparmor.d/home.tor-browser.firefox
|
|
|
|
/etc/apparmor.d/tunables/homsanitycheck
|
|
|
|
/etc/apparmor.d/usr.bin.url_e.d/anondist
|
|
|
|
/etc/apparmor.d/tunables/home.d/live-mode
|
|
|
|
/etc/apparmor.d/tunables/home.d/qubes-whonix-anondist
|
|
|
|
/etc/apparmor.d/usr.bin.hexchat
|
|
|
|
/etc/apparmor.d/usr.bin.sdwdate
|
|
|
|
/etc/apparmor.d/usr.bin.systemcheck
|
|
|
|
/etc/apparmor.d/usr.bin.timeto_unixtime
|
|
|
|
/etc/apparmor.d/whonix-firewall
|
|
|
|
`
|
2023-05-06 14:01:07 +02:00
|
|
|
}
|
2024-10-02 17:22:46 +02:00
|
|
|
if prebuild.ABI == 3 {
|
2024-03-26 00:37:13 +01:00
|
|
|
builder.Register("abi3")
|
2023-12-16 00:34:32 +01:00
|
|
|
}
|
2023-04-19 18:40:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
2024-10-02 17:22:46 +02:00
|
|
|
cli.Prebuild()
|
2023-04-19 18:40:40 +02:00
|
|
|
}
|