mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-23 21:46:44 +01:00
build: default to complain mode.
This commit is contained in:
parent
5f49ffeb94
commit
0177b68308
3 changed files with 12 additions and 14 deletions
2
PKGBUILD
2
PKGBUILD
|
@ -20,7 +20,7 @@ prepare() {
|
|||
git clone "$startdir" "$srcdir/$pkgname"
|
||||
cd "$srcdir/$pkgname"
|
||||
|
||||
./configure
|
||||
./configure --complain
|
||||
}
|
||||
|
||||
build() {
|
||||
|
|
22
README.md
22
README.md
|
@ -44,6 +44,8 @@ This is fundamentally different from how AppArmor is used on Linux server as it
|
|||
|
||||
## Installation
|
||||
|
||||
> **Warning**: In order to not break your system, the default package configuration install all profiles in complain mode. They can be enforced later. See [Enforce Mode](#enfore_mode)
|
||||
|
||||
**Requirements**
|
||||
* An `apparmor` based linux distribution.
|
||||
* Base profiles and abstractions shipped with AppArmor are supposed to be
|
||||
|
@ -62,7 +64,6 @@ sudo pacman -U apparmor.d-*.pkg.tar.zst \
|
|||
--overwrite etc/apparmor.d/abstractions/trash
|
||||
```
|
||||
|
||||
> **Warning**: for a first install, it is recommanded to install all profiles in complain mode. See [Complain mode](#troubleshooting)
|
||||
|
||||
**Debian / Ubuntu**
|
||||
|
||||
|
@ -74,8 +75,6 @@ dpkg-buildpackage -b -d --no-sign
|
|||
sudo dpkg -i ../apparmor.d_*_all.deb
|
||||
```
|
||||
|
||||
> **Warning**: for a first install, it is recommanded to install all profiles in complain mode. See [Complain mode](#troubleshooting)
|
||||
|
||||
**Partial install**
|
||||
|
||||
For test purpose, you can install a specific profile with the following commands. The tool will also install required abstractions and tunables:
|
||||
|
@ -162,18 +161,17 @@ profile, create a file `/etc/apparmor.d/local/gnome-shell` and add your rules.
|
|||
Then, reload the apparmor rules with `sudo systemctl restart apparmor`.
|
||||
|
||||
|
||||
## Troubleshooting
|
||||
## Enfore Mode
|
||||
|
||||
**Complain mode**
|
||||
|
||||
On first install and for test purposes, it is recommended to pass all profiles
|
||||
in *complain* mode. To do this, edit `PKGBUILD` on Archlinux or `debian/rules`
|
||||
on Debian and add the `--complain` option to the configure script. Then build
|
||||
the package as usual:
|
||||
```sh
|
||||
./configure --complain
|
||||
The default package configuration installs all profile in *complain* mode.
|
||||
You can easily swicth to *enforce* mode. To do this, edit `PKGBUILD` on Archlinux or `debian/rules` on Debian and remove the `--complain` option to the configure script. Then build the package as usual:
|
||||
```diff
|
||||
- ./configure --complain
|
||||
+ ./configure
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
**AppArmor messages**
|
||||
|
||||
Ensure that `auditd` is installed and running on your system in order to read
|
||||
|
|
2
debian/rules
vendored
2
debian/rules
vendored
|
@ -13,7 +13,7 @@
|
|||
go build ./cmd/aa-log
|
||||
|
||||
override_dh_auto_configure:
|
||||
./configure
|
||||
./configure --complain
|
||||
|
||||
override_dh_install:
|
||||
mv systemd system
|
||||
|
|
Loading…
Reference in a new issue