mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
Rethink the configure process.
This commit is contained in:
parent
0fc9c8b5b0
commit
1644b70d6d
19 changed files with 156 additions and 125 deletions
5
.github/workflows/main.yml
vendored
5
.github/workflows/main.yml
vendored
|
@ -30,8 +30,3 @@ jobs:
|
||||||
|
|
||||||
- name: Show AppArmor log
|
- name: Show AppArmor log
|
||||||
run: sudo aa-log
|
run: sudo aa-log
|
||||||
|
|
||||||
- name: Verify apparmor status
|
|
||||||
run: |
|
|
||||||
aa-status
|
|
||||||
sudo aa-status
|
|
||||||
|
|
6
PKGBUILD
6
PKGBUILD
|
@ -12,15 +12,15 @@ depends=('apparmor')
|
||||||
makedepends=('go' 'git')
|
makedepends=('go' 'git')
|
||||||
|
|
||||||
pkgver() {
|
pkgver() {
|
||||||
cd "$srcdir/$pkgname"
|
cd "$srcdir/$pkgname"
|
||||||
echo "0.$(git rev-list --count HEAD)"
|
echo "0.$(git rev-list --count HEAD)"
|
||||||
}
|
}
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
git clone "$startdir" "$srcdir/$pkgname"
|
git clone "$startdir" "$srcdir/$pkgname"
|
||||||
cd "$srcdir/$pkgname"
|
cd "$srcdir/$pkgname"
|
||||||
|
|
||||||
./configure --distribution=archlinux
|
./configure
|
||||||
}
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
|
167
configure
vendored
167
configure
vendored
|
@ -3,10 +3,14 @@
|
||||||
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
DISTRIBUTION="$(lsb_release --id --short)"
|
||||||
|
readonly DISTRIBUTION="${DISTRIBUTION,,}"
|
||||||
readonly ROOT=.build
|
readonly ROOT=.build
|
||||||
|
|
||||||
_die() { printf 'Error: %s\n' "$*" >&2 && exit 1; }
|
_die() { printf 'Error: %s\n' "$*" >&2 && exit 1; }
|
||||||
_warning() { printf ' Warning: %s\n' "$*" >&2; }
|
_warning() { printf ' Warning: %s\n' "$*" >&2; }
|
||||||
|
_title() { printf '%s\n' "$*" >&2; }
|
||||||
|
_msg() { printf ' - %s\n' "$*" >&2; }
|
||||||
|
|
||||||
# Displace files in the package sources
|
# Displace files in the package sources
|
||||||
# $@ List of files to displace
|
# $@ List of files to displace
|
||||||
|
@ -18,61 +22,63 @@ _displace_files() {
|
||||||
|
|
||||||
# Initialize a new clean apparmor.d build directory
|
# Initialize a new clean apparmor.d build directory
|
||||||
initialize() {
|
initialize() {
|
||||||
rm -rf "${ROOT:?}" && rsync -a --exclude=.git . "$ROOT"
|
rm -rf "${ROOT:?}"
|
||||||
|
rsync -a ./apparmor.d "$ROOT"
|
||||||
|
rsync -a ./root "$ROOT"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Ignore profiles in profiles.ignore
|
# Ignore profiles and files as defined in dists/ignore/
|
||||||
ignore() {
|
ignore() {
|
||||||
echo " Ignore profiles in profiles.ignore."
|
for name in main.ignore "$DISTRIBUTION.ignore"; do
|
||||||
while read -r profile; do
|
_msg "Ignore profiles/files in dists/ignore/$name"
|
||||||
[[ "$profile" =~ ^\# ]] && continue
|
while read -r profile; do
|
||||||
if [[ "$profile" == */ ]]; then
|
[[ "$profile" =~ ^\# ]] && continue
|
||||||
find "$ROOT/apparmor.d" -iname "${profile////}" -type d -exec rm -r {} \;
|
if [[ -e "$profile" ]]; then
|
||||||
else
|
rm -r "${ROOT:?}/$profile"
|
||||||
find "$ROOT/apparmor.d" -iname "$profile" -type f -exec rm {} \;
|
else
|
||||||
fi
|
find "$ROOT/apparmor.d" -iname "$profile" -type f -exec rm {} \;
|
||||||
done <profiles.ignore
|
fi
|
||||||
|
done <"dists/ignore/$name"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# Synchronise all profiles in a new apparmor.d directory.
|
||||||
|
synchronise() {
|
||||||
|
_msg "Synchronise all profiles."
|
||||||
|
mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
|
||||||
|
rm -rf "${ROOT:?}/apparmor.d/groups/"
|
||||||
|
mv "${ROOT:?}/apparmor.d/profiles-"*-*/* "${ROOT:?}/apparmor.d/"
|
||||||
|
rm -rf "${ROOT:?}/apparmor.d/profiles-"*
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set the distribution specificities
|
# Set the distribution specificities
|
||||||
configure() {
|
configure() {
|
||||||
case "$DISTRIBUTION" in
|
case "$DISTRIBUTION" in
|
||||||
archlinux)
|
arch)
|
||||||
echo " Ignore non Archlinux profiles."
|
_msg "Configure libexec."
|
||||||
rm -rf \
|
|
||||||
"${ROOT:?}"/apparmor.d/abstractions/apt-common \
|
|
||||||
"${ROOT:?}"/apparmor.d/groups/apt \
|
|
||||||
"${ROOT:?}"/apparmor.d/groups/cron \
|
|
||||||
"${ROOT:?}"/root/etc/initramfs-tools
|
|
||||||
|
|
||||||
echo " Configure libexec."
|
|
||||||
sed -i -e '/Debian/d' "$ROOT/apparmor.d/tunables/extend"
|
sed -i -e '/Debian/d' "$ROOT/apparmor.d/tunables/extend"
|
||||||
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
debian)
|
debian|ubuntu)
|
||||||
echo " Ignore non Debian profiles."
|
_msg "Configure libexec."
|
||||||
rm -rf \
|
|
||||||
"${ROOT:?}"/apparmor.d/groups/pacman \
|
|
||||||
"${ROOT:?}"/root/usr/share/libalpm/hooks/apparmor.hook
|
|
||||||
|
|
||||||
echo " Configure libexec."
|
|
||||||
sed -i -e '/Archlinux/d' "$ROOT/apparmor.d/tunables/extend"
|
sed -i -e '/Archlinux/d' "$ROOT/apparmor.d/tunables/extend"
|
||||||
|
|
||||||
echo " Debian does not support abi 3.0 yet."
|
_msg "$DISTRIBUTION does not support abi 3.0 yet."
|
||||||
find "$ROOT/apparmor.d" -type f -exec sed -e '/abi /d' -i {} \;
|
find "$ROOT/apparmor.d" -type f -exec sed -e '/abi /d' -i {} \;
|
||||||
|
|
||||||
echo " Debian does not have etc tunable."
|
_msg "$DISTRIBUTION does not have etc tunable."
|
||||||
sed -i -e '/etc/d' "$ROOT/apparmor.d/tunables/global"
|
sed -i -e '/etc/d' "$ROOT/apparmor.d/tunables/global"
|
||||||
|
|
||||||
echo " Displace overwritten files."
|
_msg "Displace overwritten files."
|
||||||
_displace_files apparmor.d/tunables/global apparmor.d/tunables/xdg-user-dirs
|
_displace_files apparmor.d/tunables/global apparmor.d/tunables/xdg-user-dirs
|
||||||
|
|
||||||
if [[ "$(lsb_release -is)" == "Ubuntu" ]]; then
|
if [[ "$DISTRIBUTION" == "ubuntu" ]]; then
|
||||||
echo " Ubuntu LTS compatibility."
|
_msg "Ubuntu LTS compatibility."
|
||||||
echo "@{run}=/run/ /var/run/" > "$ROOT/apparmor.d/tunables/run"
|
echo "@{run}=/run/ /var/run/" > "$ROOT/apparmor.d/tunables/run"
|
||||||
sed -i -e '/capability bpf/d' -e '/capability perfmon/d' \
|
sed -i -e '/capability bpf/d' -e '/capability perfmon/d' \
|
||||||
"$ROOT/apparmor.d/groups/virt/libvirtd"
|
"$ROOT/apparmor.d/libvirtd"
|
||||||
|
cp -a dists/ubuntu/abstractions/* $ROOT/apparmor.d/abstractions
|
||||||
fi
|
fi
|
||||||
|
|
||||||
;;
|
;;
|
||||||
|
@ -81,51 +87,37 @@ configure() {
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
# Synchronise all profile in a new apparmor.d directory.
|
|
||||||
synchronise() {
|
|
||||||
echo "Synchronise all profiles."
|
|
||||||
mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
|
|
||||||
rm -rf "${ROOT:?}/apparmor.d/groups/"
|
|
||||||
for dir in profiles-a-f profiles-g-l profiles-m-r profiles-s-z; do
|
|
||||||
mv "${ROOT:?}/apparmor.d/$dir/"* "${ROOT:?}/apparmor.d/"
|
|
||||||
rm -rf "${ROOT:?}/apparmor.d/$dir"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set flags on some profile
|
# Set flags on some profile
|
||||||
setflags() {
|
flags() {
|
||||||
echo "Set apparmor flags from profiles.flags"
|
for name in main.flags "$DISTRIBUTION.flags"; do
|
||||||
while read -r profile; do
|
_msg "Set profiles flags from dists/flags/$name"
|
||||||
IFS=' ' read -r -a manifest <<< "$profile"
|
|
||||||
profile="${manifest[0]}" flags="${manifest[1]}"
|
|
||||||
|
|
||||||
[[ "$profile" =~ ^\# || -z "$profile" ]] && continue
|
while read -r profile; do
|
||||||
path="${ROOT:?}/apparmor.d/$profile"
|
IFS=' ' read -r -a manifest <<< "$profile"
|
||||||
if [[ ! -f "$path" ]]; then
|
profile="${manifest[0]}" flags="${manifest[1]}"
|
||||||
_warning "Profile $profile not found"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If flags is set, overwrite profile flag
|
[[ "$profile" =~ ^\# || -z "$profile" ]] && continue
|
||||||
if [[ -n "$flags" ]]; then
|
path="${ROOT:?}/apparmor.d/$profile"
|
||||||
# Remove all flags definition, then set manifest' flags
|
if [[ ! -f "$path" ]]; then
|
||||||
sed -e "s/flags=(.*)//" \
|
_warning "Profile $profile not found"
|
||||||
-e "s/ {$/ flags=(${flags//,/ }) {/" \
|
continue
|
||||||
-i "$path"
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
done <profiles.flags
|
# If flags is set, overwrite profile flag
|
||||||
|
if [[ -n "$flags" ]]; then
|
||||||
|
# Remove all flags definition, then set manifest' flags
|
||||||
|
sed -e "s/flags=(.*)//" \
|
||||||
|
-e "s/ {$/ flags=(${flags//,/ }) {/" \
|
||||||
|
-i "$path"
|
||||||
|
fi
|
||||||
|
|
||||||
}
|
done <"dists/flags/$name"
|
||||||
|
done
|
||||||
# Set AppArmor for full system policy
|
|
||||||
full() {
|
|
||||||
echo WIP
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set complain flag on all profile (Dev only)
|
# Set complain flag on all profile (Dev only)
|
||||||
complain() {
|
complain() {
|
||||||
echo "Set complain flag on all profile"
|
_msg "Set complain flag on all profiles"
|
||||||
for path in "${ROOT:?}/apparmor.d/"*; do
|
for path in "${ROOT:?}/apparmor.d/"*; do
|
||||||
[[ -d "$path" ]] && continue
|
[[ -d "$path" ]] && continue
|
||||||
flags="$(grep -o -m 1 'flags=(.*)' "$path" | cut -d '(' -f2 | cut -d ')' -f1)"
|
flags="$(grep -o -m 1 'flags=(.*)' "$path" | cut -d '(' -f2 | cut -d ')' -f1)"
|
||||||
|
@ -138,41 +130,50 @@ complain() {
|
||||||
echo
|
echo
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Set AppArmor for full system policy
|
||||||
|
# See https://gitlab.com/apparmor/apparmor/-/wikis/FullSystemPolicy
|
||||||
|
full() {
|
||||||
|
cp -a apparmor.d/groups/_full/* "$ROOT/apparmor.d/"
|
||||||
|
}
|
||||||
|
|
||||||
# Print help message
|
# Print help message
|
||||||
cmd_help() {
|
cmd_help() {
|
||||||
cat <<-_EOF
|
cat <<-_EOF
|
||||||
./configure [options] - Configure the apparmor.d package
|
./configure [options] - Configure the apparmor.d package
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
-d DIST, --dist=DIST Set the target Linux distribution: archlinux, debian
|
-f, --full Set AppArmor for full system policy
|
||||||
-f, --full Set AppArmor for full system policy
|
-c, --complain Set complain flag on all profiles
|
||||||
-c, --complain Set complain flag on all profiles
|
-h, --help Print this help message and exit
|
||||||
-h, --help Print this help message and exit
|
|
||||||
_EOF
|
_EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
local opts err full=0 complain=0
|
local opts err
|
||||||
small_arg="d:cfh"
|
FULL=0
|
||||||
long_arg="dist:,complain,full,help"
|
COMPLAIN=0
|
||||||
|
small_arg="cfh"
|
||||||
|
long_arg="complain,full,help"
|
||||||
opts="$(getopt -o $small_arg -l $long_arg -n "$PROGRAM" -- "$@")"
|
opts="$(getopt -o $small_arg -l $long_arg -n "$PROGRAM" -- "$@")"
|
||||||
err=$?
|
err=$?
|
||||||
eval set -- "$opts"
|
eval set -- "$opts"
|
||||||
while true; do case $1 in
|
while true; do case $1 in
|
||||||
-d|--dist) DISTRIBUTION="$2"; shift 2 ;;
|
-f|--full) FULL=1; shift ;;
|
||||||
-f|--full) full=1; shift ;;
|
-c|--complain) COMPLAIN=1; shift ;;
|
||||||
-c|--complain) complain=1; shift ;;
|
|
||||||
-h|--help) shift; cmd_help; exit 0 ;;
|
-h|--help) shift; cmd_help; exit 0 ;;
|
||||||
--) shift; break ;;
|
--) shift; break ;;
|
||||||
esac done
|
esac done
|
||||||
[[ $err -ne 0 ]] && { cmd_help; exit 1; }
|
[[ $err -ne 0 ]] && { cmd_help; exit 1; }
|
||||||
|
|
||||||
echo "Set the configuration for $DISTRIBUTION."
|
_title "Set the configuration for $DISTRIBUTION."
|
||||||
initialize || _die "initializing build directory"
|
initialize || _die "initializing build directory"
|
||||||
ignore || _die "removing ignored profiles"
|
ignore || _die "removing ignored profiles"
|
||||||
configure || _die "configuring distributaion"
|
|
||||||
synchronise || _die "merging profiles"
|
synchronise || _die "merging profiles"
|
||||||
setflags || _die "settings flags"
|
configure || _die "configuring distributaion"
|
||||||
|
flags || _die "settings flags"
|
||||||
|
[[ "$COMPLAIN" == 1 ]] && complain
|
||||||
|
[[ "$FULL" == 1 ]] && full
|
||||||
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
main "$@"
|
main "$@"
|
||||||
|
|
10
debian/rules
vendored
10
debian/rules
vendored
|
@ -5,19 +5,19 @@
|
||||||
|
|
||||||
%:
|
%:
|
||||||
dh $@ --with=config-package
|
dh $@ --with=config-package
|
||||||
|
|
||||||
override_dh_auto_configure:
|
|
||||||
./configure --dist=debian
|
|
||||||
export CGO_CPPFLAGS="${CPPFLAGS}"
|
export CGO_CPPFLAGS="${CPPFLAGS}"
|
||||||
export CGO_CFLAGS="${CFLAGS}"
|
export CGO_CFLAGS="${CFLAGS}"
|
||||||
export CGO_CXXFLAGS="${CXXFLAGS}"
|
export CGO_CXXFLAGS="${CXXFLAGS}"
|
||||||
export CGO_LDFLAGS="${LDFLAGS}"
|
export CGO_LDFLAGS="${LDFLAGS}"
|
||||||
export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
|
export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
|
||||||
go build -o .build/ ./cmd/aa-log
|
go build ./cmd/aa-log
|
||||||
|
|
||||||
|
override_dh_auto_configure:
|
||||||
|
./configure
|
||||||
|
|
||||||
override_dh_install:
|
override_dh_install:
|
||||||
mv systemd system
|
mv systemd system
|
||||||
find system -type f -exec \
|
find system -type f -exec \
|
||||||
install -Dm0644 {} $$(pwd)/debian/apparmor.d/usr/lib/systemd/{}.d/apparmor.conf \;
|
install -Dm0644 {} $$(pwd)/debian/apparmor.d/usr/lib/systemd/{}.d/apparmor.conf \;
|
||||||
install -Dm755 .build/aa-log $$(pwd)/debian/apparmor.d/usr/bin/aa-log
|
install -Dm755 aa-log $$(pwd)/debian/apparmor.d/usr/bin/aa-log
|
||||||
dh_install
|
dh_install
|
||||||
|
|
16
dists/flags/arch.flags
Normal file
16
dists/flags/arch.flags
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
arch-audit complain
|
||||||
|
archlinux-java complain
|
||||||
|
aurpublish complain
|
||||||
|
pacman complain
|
||||||
|
pacman-conf attach_disconnected,complain
|
||||||
|
pacman-hook-dconf complain
|
||||||
|
pacman-hook-depmod complain
|
||||||
|
pacman-hook-dkms complain
|
||||||
|
pacman-hook-fontconfig complain
|
||||||
|
pacman-hook-gio complain
|
||||||
|
pacman-hook-gtk complain
|
||||||
|
pacman-hook-mkinitcpio-install attach_disconnected,complain
|
||||||
|
pacman-hook-mkinitcpio-remove complain
|
||||||
|
pacman-hook-perl complain
|
||||||
|
pacman-hook-systemd complain
|
||||||
|
pacman-key complain
|
22
dists/flags/debian.flags
Normal file
22
dists/flags/debian.flags
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
dhclient complain
|
||||||
|
dhclient-script complain
|
||||||
|
dpkg complain
|
||||||
|
dpkg-architecture complain
|
||||||
|
dpkg-buildflags complain
|
||||||
|
dpkg-checkbuilddeps complain
|
||||||
|
dpkg-deb complain
|
||||||
|
dpkg-divert complain
|
||||||
|
dpkg-genbuildinfo complain
|
||||||
|
dpkg-genchanges complain
|
||||||
|
dpkg-preconfigure complain
|
||||||
|
dpkg-query complain
|
||||||
|
dpkg-split complain
|
||||||
|
dpkg-status complain
|
||||||
|
dpkg-trigger complain
|
||||||
|
dpkg-vendor complain
|
||||||
|
ifup complain
|
||||||
|
macchanger complain
|
||||||
|
resolvconf complain
|
||||||
|
run-parts complain
|
||||||
|
unattended-upgrade complain
|
||||||
|
unattended-upgrade-shutdown attach_disconnected,complain
|
|
@ -1,8 +1,9 @@
|
||||||
|
# Common profile flags definition for all distributions
|
||||||
|
# One profile by line using the format: '<profile> <flags>'
|
||||||
|
|
||||||
acpid attach_disconnected,complain
|
acpid attach_disconnected,complain
|
||||||
adb complain
|
adb complain
|
||||||
aa-status
|
|
||||||
agetty complain
|
agetty complain
|
||||||
arch-audit complain
|
|
||||||
at-spi-bus-launcher attach_disconnected
|
at-spi-bus-launcher attach_disconnected
|
||||||
auditd complain
|
auditd complain
|
||||||
badblocks complain
|
badblocks complain
|
||||||
|
@ -37,9 +38,6 @@ fsck-ext4 complain
|
||||||
fuse-overlayfs complain
|
fuse-overlayfs complain
|
||||||
fusermount complain
|
fusermount complain
|
||||||
gdisk complain
|
gdisk complain
|
||||||
gdm attach_disconnected,complain
|
|
||||||
gdm-session-worker attach_disconnected,complain
|
|
||||||
gdm-wayland-session complain
|
|
||||||
gdm-x-session attach_disconnected,complain
|
gdm-x-session attach_disconnected,complain
|
||||||
gdm-xsession complain
|
gdm-xsession complain
|
||||||
git complain
|
git complain
|
||||||
|
@ -98,19 +96,6 @@ obexfs complain
|
||||||
obexpush-atd complain
|
obexpush-atd complain
|
||||||
obexpushd complain
|
obexpushd complain
|
||||||
oomctl complain
|
oomctl complain
|
||||||
pacman complain
|
|
||||||
pacman-conf attach_disconnected,complain
|
|
||||||
pacman-hook-dconf complain
|
|
||||||
pacman-hook-depmod complain
|
|
||||||
pacman-hook-dkms complain
|
|
||||||
pacman-hook-fontconfig complain
|
|
||||||
pacman-hook-gio complain
|
|
||||||
pacman-hook-gtk complain
|
|
||||||
pacman-hook-mkinitcpio-install complain
|
|
||||||
pacman-hook-mkinitcpio-remove complain
|
|
||||||
pacman-hook-perl complain
|
|
||||||
pacman-hook-systemd complain
|
|
||||||
pacman-key complain
|
|
||||||
pass complain
|
pass complain
|
||||||
pass-import complain
|
pass-import complain
|
||||||
pinentry-gtk-2 complain
|
pinentry-gtk-2 complain
|
||||||
|
@ -178,7 +163,7 @@ systemd-socket-activate complain
|
||||||
systemd-socket-proxyd complain
|
systemd-socket-proxyd complain
|
||||||
systemd-stdio-bridge complain
|
systemd-stdio-bridge complain
|
||||||
systemd-sulogin-shell complain
|
systemd-sulogin-shell complain
|
||||||
systemd-sysctl complain
|
systemd-sysctl attach_disconnected,complain
|
||||||
systemd-sysext complain
|
systemd-sysext complain
|
||||||
systemd-sysusers attach_disconnected,complain
|
systemd-sysusers attach_disconnected,complain
|
||||||
systemd-time-wait-sync complain
|
systemd-time-wait-sync complain
|
1
dists/flags/ubuntu.flags
Normal file
1
dists/flags/ubuntu.flags
Normal file
|
@ -0,0 +1 @@
|
||||||
|
aa-status complain
|
3
dists/ignore/arch.ignore
Normal file
3
dists/ignore/arch.ignore
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
apparmor.d/abstractions/apt-common
|
||||||
|
apparmor.d/groups/apt
|
||||||
|
apparmor.d/groups/cron
|
2
dists/ignore/debian.ignore
Normal file
2
dists/ignore/debian.ignore
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
apparmor.d/groups/pacman
|
||||||
|
root/usr/share/libalpm/hooks/apparmor.hook
|
13
dists/ignore/main.ignore
Normal file
13
dists/ignore/main.ignore
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# Common ignore file for all distributions
|
||||||
|
# One ignore by line. Can be a profile name or a directory to ignore
|
||||||
|
|
||||||
|
# Contains profile for full system confinement, only included when ./configure
|
||||||
|
# is given the --full option
|
||||||
|
apparmor.d/groups/_full
|
||||||
|
|
||||||
|
apparmor.d/groups/apps
|
||||||
|
|
||||||
|
anki
|
||||||
|
torbrowser.Browser.firefox
|
||||||
|
torbrowser.Browser.plugin-container
|
||||||
|
torbrowser.Tor.tor
|
3
dists/ignore/ubuntu.ignore
Normal file
3
dists/ignore/ubuntu.ignore
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
apparmor.d/groups/pacman
|
||||||
|
apparmor.systemd
|
||||||
|
root/usr/share/libalpm/hooks/apparmor.hook
|
|
@ -1,7 +1,5 @@
|
||||||
# vim:syntax=apparmor
|
# vim:syntax=apparmor
|
||||||
|
|
||||||
abi <abi/3.0>,
|
|
||||||
|
|
||||||
dbus send
|
dbus send
|
||||||
bus=system
|
bus=system
|
||||||
path=/org/freedesktop/NetworkManager
|
path=/org/freedesktop/NetworkManager
|
|
@ -1,7 +1,5 @@
|
||||||
# vim:syntax=apparmor
|
# vim:syntax=apparmor
|
||||||
|
|
||||||
abi <abi/3.0>,
|
|
||||||
|
|
||||||
# This abstraction is designed to be used in a child profile to limit what
|
# This abstraction is designed to be used in a child profile to limit what
|
||||||
# confined application can invoke via exo-open helper.
|
# confined application can invoke via exo-open helper.
|
||||||
#
|
#
|
|
@ -1,6 +0,0 @@
|
||||||
anki
|
|
||||||
apps/
|
|
||||||
apparmor.systemd
|
|
||||||
torbrowser.Browser.firefox
|
|
||||||
torbrowser.Browser.plugin-container
|
|
||||||
torbrowser.Tor.tor
|
|
Loading…
Reference in a new issue