mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rewrite the configure process.

Browse source 
- Install all
- Ignore a few
- Set flags on specific profile.
This commit is contained in:
Alexandre Pujol 2021-05-16 21:15:34 +01:00
parent 420aebcfa5
commit 63ff50df13
Failed to generate hash of commit
3 changed files with 30 additions and 250 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
configure vendored
View file

@ -49,24 +49,34 @@ initialise() {
_init _init
remove_files remove_files
mkdir "${ROOT:?}/apparmor.d/profiles" echo "Ignore profiles in profiles.ignore."
mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/profiles/" while read -r profile; do
[[ "$profile" =~ ^\# ]] && continue
if [[ "$profile" == */ ]]; then
find "$ROOT/apparmor.d" -iname "${profile////}" -type d -exec rm -r {} \;
else
find "$ROOT/apparmor.d" -iname "$profile" -type f -exec rm {} \;
fi
done <profiles.ignore
echo "Synchronise all profiles."
mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
rm -rf "${ROOT:?}/apparmor.d/groups/" rm -rf "${ROOT:?}/apparmor.d/groups/"
for dir in profiles-a-l profiles-m-z; do for dir in profiles-a-l profiles-m-z; do
mv "${ROOT:?}/apparmor.d/$dir/"* "${ROOT:?}/apparmor.d/profiles/" mv "${ROOT:?}/apparmor.d/$dir/"* "${ROOT:?}/apparmor.d/"
rm -rf "${ROOT:?}/apparmor.d/$dir" rm -rf "${ROOT:?}/apparmor.d/$dir"
done done
} }
# Generate the apparmor.d directory with profile from the manifest # Set flags on some profile
generate() { setflags() {
echo "Generated apparmor.d directory: $ROOT" echo "Set apparmor flags from profiles.flags"
while read -r profile; do while read -r profile; do
IFS=' ' read -r -a manifest <<< "$profile" IFS=' ' read -r -a manifest <<< "$profile"
profile="${manifest[0]}" flags="${manifest[1]}" profile="${manifest[0]}" flags="${manifest[1]}"
[[ "$profile" =~ ^\# ]] && continue [[ "$profile" =~ ^\# ]] && continue
path="${ROOT:?}/apparmor.d/profiles/$profile" path="${ROOT:?}/apparmor.d/$profile"
if [[ ! -f "$path" ]]; then if [[ ! -f "$path" ]]; then
_warning "Profile $profile not found" _warning "Profile $profile not found"
continue continue
@ -80,11 +90,7 @@ generate() {
-i "$path" -i "$path"
fi fi
mv "$path" "${ROOT:?}/apparmor.d/" done <profiles.flags
done <profiles.manifest
rm -rf "${ROOT:?}/apparmor.d/profiles"
} }
# Print help message # Print help message
@ -113,7 +119,7 @@ main() {
configure configure
initialise initialise
generate setflags
exit 0 exit 0
} }

248
profiles.manifest → profiles.flags
View file

@ -1,89 +1,30 @@
aa-notify
accounts-daemon
acpi
acpid attach_disconnected,complain acpid attach_disconnected,complain
adb adb complain
adduser agetty complain
amixer
arch-audit complain arch-audit complain
at-spi-bus-launcher attach_disconnected at-spi-bus-launcher attach_disconnected
at-spi2-registryd
auditd complain auditd complain
badblocks complain badblocks complain
biosdecode complain biosdecode complain
blkid complain blkid complain
blockdev complain blockdev complain
blueman
blueman-mechanism
blueman-rfcomm-watcher
bluemoon
bluetoothctl
bluetoothd
bootctl complain bootctl complain
borg complain borg complain
browserpass
cfdisk complain cfdisk complain
cgdisk complain cgdisk complain
chage
chfn
child-lsb_release
child-pager
child-systemctl
chrome-gnome-shell complain chrome-gnome-shell complain
chromium
chromium-chrome-sandbox
chromium-chromium
chsh
colord
colord-sane
colord-session
coredumpctl
cpupower
crda
dbus-daemon attach_disconnected,complain dbus-daemon attach_disconnected,complain
dbus-daemon-launch-helper complain dbus-daemon-launch-helper complain
dbus-run-session complain dbus-run-session complain
dconf-editor
dconf-service
df
dfc
dhclient
dig
dirmngr
dkms complain dkms complain
dmcrypt-get-device
dmesg complain dmesg complain
dmidecode
dumpe2fs
e2fsck complain e2fsck complain
e2image complain e2image complain
eject
evolution-addressbook-factory
evolution-alarm-notify
evolution-calendar-factory
evolution-source-registry
exo-open
fatlabel complain fatlabel complain
fc-cache complain fc-cache complain
fc-list complain fc-list complain
fdisk complain fdisk complain
ffmpeg
ffplay
ffprobe
filecap
firefox
firefox-crashreporter
firefox-minidump-analyzer
firefox-pingsender
firefox-plugin-container
freefall
fsck
fsck-btrfs
fsck-ext4 complain fsck-ext4 complain
fsck-fat
fuseiso
fusermount
gconfd
gdisk complain gdisk complain
gdk-pixbuf-query-loaders complain gdk-pixbuf-query-loaders complain
gdm attach_disconnected,complain gdm attach_disconnected,complain
@ -91,11 +32,8 @@ gdm-session-worker attach_disconnected,complain
gdm-wayland-session complain gdm-wayland-session complain
gdm-x-session attach_disconnected,complain gdm-x-session attach_disconnected,complain
gdm-xsession complain gdm-xsession complain
gio-launch-desktop
gio-querymodules complain gio-querymodules complain
git complain git complain
gitstatusd
gjs-console
glib-compile-resources complain glib-compile-resources complain
glib-compile-schemas complain glib-compile-schemas complain
glib-genmarshal complain glib-genmarshal complain
@ -115,18 +53,9 @@ gnome-shell attach_disconnected,complain
gnome-shell-calendar-server complain gnome-shell-calendar-server complain
gnome-shell-hotplug-sniffer complain gnome-shell-hotplug-sniffer complain
gnome-tweak-tool-lid-inhibitor complain gnome-tweak-tool-lid-inhibitor complain
goa-daemon
goa-identity-service
gpasswd
gpg-agent
gpg-connect-agent
gpgconf complain gpgconf complain
gpgsm complain gpgsm complain
groupadd
groupdel
groupmod
groups complain groups complain
grpck
gsd-a11y-settings attach_disconnected,complain gsd-a11y-settings attach_disconnected,complain
gsd-color attach_disconnected,complain gsd-color attach_disconnected,complain
gsd-datetime attach_disconnected,complain gsd-datetime attach_disconnected,complain
@ -145,79 +74,19 @@ gsd-sound attach_disconnected,complain
gsd-usb-protection complain gsd-usb-protection complain
gsd-wacom attach_disconnected,complain gsd-wacom attach_disconnected,complain
gsd-xsettings attach_disconnected,complain gsd-xsettings attach_disconnected,complain
gtk-update-icon-cache gvfsd-dav complain
gvfs-afc-volume-monitor
gvfs-goa-volume-monitor
gvfs-gphoto2-volume-monitor
gvfs-mtp-volume-monitor
gvfs-udisks2-volume-monitor
gvfsd
gvfsd-admin
gvfsd-afc
gvfsd-afp
gvfsd-afp-browse
gvfsd-archive
gvfsd-burn
gvfsd-cdda
gvfsd-computer
gvfsd-dav
gvfsd-dnssd
gvfsd-ftp
gvfsd-fuse
gvfsd-google
gvfsd-gphoto2
gvfsd-http
gvfsd-localtest
gvfsd-metadata
gvfsd-mtp
gvfsd-network
gvfsd-nfs
gvfsd-recent
gvfsd-sftp
gvfsd-smb
gvfsd-smb-browse
gvfsd-trash
haveged
hostname
hostnamectl complain hostnamectl complain
htop complain htop complain
ibus-daemon
ibus-dconf
ibus-engine-simple
ibus-extension-gtk3
ibus-portal
ibus-x11
id
ifconfig
install-info complain install-info complain
ip
ipcalc
kernel-install complain kernel-install complain
kmod complain kmod complain
last complain last complain
lastlog complain lastlog complain
less
libvirt-dbus complain libvirt-dbus complain
libvirt/TEMPLATE.lxc
libvirt/TEMPLATE.qemu
localectl complain localectl complain
logrotate mission-control complain
lsblk
lscpu
lspci
lsusb
mandb
mimetype
mke2fs
mkinitcpio complain mkinitcpio complain
mkntfs
mkswap
mount complain mount complain
nautilus
netcap
networkctl
NetworkManager
newgrp
nft complain nft complain
nm-dhcp-helper complain nm-dhcp-helper complain
nm-dispatcher complain nm-dispatcher complain
@ -229,23 +98,6 @@ nm-openvpn-service-openvpn-helper complain
nmap complain nmap complain
ntfs-3g complain ntfs-3g complain
ntfs-3g-probe complain ntfs-3g-probe complain
ntfscat
ntfsclone
ntfscluster
ntfscmp
ntfscp
ntfsdecrypt
ntfsfix
ntfsinfo
ntfslabel
ntfsls
ntfsrecover
ntfsresize
ntfssecaudit
ntfstruncate
ntfsundelete
ntfsusermap
ntfswipe
obex-folder-listing complain obex-folder-listing complain
obexautofs complain obexautofs complain
obexctl complain obexctl complain
@ -253,137 +105,59 @@ obexd complain
obexfs complain obexfs complain
obexpush-atd complain obexpush-atd complain
obexpushd complain obexpushd complain
openvpn
pacdiff complain pacdiff complain
pacman complain
pacman-conf attach_disconnected,complain pacman-conf attach_disconnected,complain
pacman-key complain pacman-key complain
pacmd
pactl
parted
partprobe
passwd
pcscd
pinentry-gtk-2 complain pinentry-gtk-2 complain
pinentry-qt pipewire complain
pkexec pipewire-media-session complain
polkit-agent-helper
polkitd
ps
pscap
pulseaudio
pwck complain pwck complain
reflector attach_disconnected,complain reflector attach_disconnected,complain
resize2fs
rfkill
rngd
rtkit-daemon
rtkitctl
run-parts complain run-parts complain
runc complain
runuser complain runuser complain
scdaemon
seahorse complain seahorse complain
sensors
sensors-detect
setpci
setpriv
sfdisk
sgdisk
ssh complain ssh complain
ssh-agent su complain
sshfs
sudo complain sudo complain
swaplabel complain swaplabel complain
swapoff complain swapoff complain
swapon complain swapon complain
systemd-ac-power
systemd-analyze complain systemd-analyze complain
systemd-ask-password complain systemd-ask-password complain
systemd-backlight
systemd-binfmt complain systemd-binfmt complain
systemd-coredump
systemd-detect-virt
systemd-environment-d-generator complain systemd-environment-d-generator complain
systemd-escape complain systemd-escape complain
systemd-fsck
systemd-fsckd
systemd-hostnamed
systemd-hwdb complain systemd-hwdb complain
systemd-journald
systemd-localed
systemd-logind complain systemd-logind complain
systemd-machine-id-setup complain systemd-machine-id-setup complain
systemd-machined complain systemd-machined complain
systemd-modules-load
systemd-mount complain systemd-mount complain
systemd-networkd
systemd-networkd-wait-online
systemd-notify complain systemd-notify complain
systemd-path complain systemd-path complain
systemd-random-seed complain systemd-random-seed complain
systemd-remount-fs complain systemd-remount-fs complain
systemd-resolve complain
systemd-resolved complain systemd-resolved complain
systemd-rfkill
systemd-shutdown
systemd-sysctl
systemd-sysusers complain systemd-sysusers complain
systemd-timedated
systemd-timesyncd
systemd-tmpfiles complain systemd-tmpfiles complain
systemd-tty-ask-password-agent complain systemd-tty-ask-password-agent complain
systemd-udevd
systemd-xdg-autostart-generator complain systemd-xdg-autostart-generator complain
timedatectl complain timedatectl complain
top
tracker-extract complain tracker-extract complain
tracker-miner
tune2fs
udisksctl complain udisksctl complain
udisksd attach_disconnected,complain udisksd attach_disconnected,complain
umount complain umount complain
umount.udisks2 complain umount.udisks2 complain
uname
update-alternatives
update-ca-trust complain update-ca-trust complain
update-desktop-database
update-mime-database complain update-mime-database complain
update-pciids complain update-pciids complain
upower
upowerd
uptime
usb-devices
usbguard
usbguard-daemon
usbguard-dbus
usbguard-notifier
useradd
userdel
usermod
usr.bin.man
usr.bin.tcpdump
utmpdump
virt-manager complain virt-manager complain
virtlogd complain
vlc-cache-gen complain vlc-cache-gen complain
w
whiptail
who
wpa_cli
wpa-supplicant
xbrlapi attach_disconnected,complain xbrlapi attach_disconnected,complain
xclip complain xclip complain
xdg-dbus-proxy attach_disconnected,complain xdg-dbus-proxy attach_disconnected,complain
xdg-desktop-menu
xdg-email
xdg-icon-resource
xdg-mime
xdg-open
xdg-screensaver
xdg-settings
xdg-user-dirs-update complain xdg-user-dirs-update complain
xhost xhost complain
xkbcomp
xprop
xrdb
xset complain xset complain
xwayland systemd-update-utmp complain

0
profiles.ignore Normal file
View file