2023-04-19 18:40:40 +02:00
|
|
|
// apparmor.d - Full set of apparmor profiles
|
2024-02-07 00:16:21 +01:00
|
|
|
// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
2023-04-19 18:40:40 +02:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"flag"
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
|
|
|
|
"github.com/roddhjav/apparmor.d/pkg/logging"
|
2023-05-06 14:01:07 +02:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
2023-04-19 18:40:40 +02:00
|
|
|
)
|
|
|
|
|
2023-09-05 20:44:36 +02:00
|
|
|
const usage = `prebuild [-h] [--full] [--complain | --enforce]
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2023-09-05 20:44:36 +02:00
|
|
|
Prebuild apparmor.d profiles for a given distribution.
|
2023-04-19 18:40:40 +02:00
|
|
|
|
|
|
|
Options:
|
|
|
|
-h, --help Show this help message and exit.
|
|
|
|
-f, --full Set AppArmor for full system policy.
|
|
|
|
-c, --complain Set complain flag on all profiles.
|
2023-09-05 20:44:36 +02:00
|
|
|
-e, --enforce Set enforce flag on all profiles.
|
2023-12-16 00:34:32 +01:00
|
|
|
--abi4 Convert the profiles to Apparmor abi/4.0.
|
2023-04-19 18:40:40 +02:00
|
|
|
`
|
|
|
|
|
|
|
|
var (
|
2023-05-06 14:01:07 +02:00
|
|
|
help bool
|
|
|
|
full bool
|
|
|
|
complain bool
|
2023-09-05 20:44:36 +02:00
|
|
|
enforce bool
|
2023-12-16 00:34:32 +01:00
|
|
|
abi4 bool
|
2023-04-19 18:40:40 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
flag.BoolVar(&help, "h", false, "Show this help message and exit.")
|
|
|
|
flag.BoolVar(&help, "help", false, "Show this help message and exit.")
|
2023-05-06 14:01:07 +02:00
|
|
|
flag.BoolVar(&full, "f", false, "Set AppArmor for full system policy.")
|
|
|
|
flag.BoolVar(&full, "full", false, "Set AppArmor for full system policy.")
|
|
|
|
flag.BoolVar(&complain, "c", false, "Set complain flag on all profiles.")
|
|
|
|
flag.BoolVar(&complain, "complain", false, "Set complain flag on all profiles.")
|
2023-09-05 20:44:36 +02:00
|
|
|
flag.BoolVar(&enforce, "e", false, "Set enforce flag on all profiles.")
|
|
|
|
flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.")
|
2023-12-16 00:34:32 +01:00
|
|
|
flag.BoolVar(&abi4, "abi4", false, "Convert the profiles to Apparmor abi/4.0.")
|
2023-04-19 18:40:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func aaPrebuild() error {
|
2023-05-06 14:01:07 +02:00
|
|
|
logging.Step("Building apparmor.d profiles for %s.", prebuild.Distribution)
|
2023-04-19 18:40:40 +02:00
|
|
|
|
2023-05-06 14:01:07 +02:00
|
|
|
if full {
|
|
|
|
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
|
2023-11-22 21:52:25 +01:00
|
|
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
|
2023-11-19 15:20:14 +01:00
|
|
|
} else {
|
2024-03-15 17:17:19 +01:00
|
|
|
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd)
|
2023-05-06 14:01:07 +02:00
|
|
|
}
|
2024-03-15 17:17:19 +01:00
|
|
|
|
2023-05-06 14:01:07 +02:00
|
|
|
if complain {
|
|
|
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)
|
2023-09-05 20:44:36 +02:00
|
|
|
} else if enforce {
|
|
|
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)
|
2023-05-06 14:01:07 +02:00
|
|
|
}
|
2024-03-15 17:17:19 +01:00
|
|
|
|
2023-12-16 00:34:32 +01:00
|
|
|
if abi4 {
|
|
|
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)
|
|
|
|
}
|
2023-05-06 14:01:07 +02:00
|
|
|
|
|
|
|
if err := prebuild.Prepare(); err != nil {
|
|
|
|
return err
|
2023-04-19 18:40:40 +02:00
|
|
|
}
|
2023-12-16 00:22:01 +01:00
|
|
|
return prebuild.Build()
|
2023-04-19 18:40:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
flag.Usage = func() { fmt.Print(usage) }
|
|
|
|
flag.Parse()
|
|
|
|
if help {
|
|
|
|
flag.Usage()
|
|
|
|
os.Exit(0)
|
|
|
|
}
|
2023-05-06 14:01:07 +02:00
|
|
|
if err := aaPrebuild(); err != nil {
|
2023-04-19 18:40:40 +02:00
|
|
|
logging.Fatal(err.Error())
|
|
|
|
}
|
|
|
|
}
|