mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 10:15:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(full): set systemd profile name on build time.

Browse source
This commit is contained in:
Alexandre Pujol 2023-11-19 11:14:31 +00:00
parent 2143fb03af
commit 6dc990ac02
Failed to generate hash of commit
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pkg/prebuild/prepare.go
View file

@ -176,12 +176,25 @@ func SetFlags() error {
// Set AppArmor for (experimental) full system policy. // Set AppArmor for (experimental) full system policy.
// See https://apparmor.pujol.io/development/structure/#full-system-policy // See https://apparmor.pujol.io/development/structure/#full-system-policy
func SetFullSystemPolicy() error { func SetFullSystemPolicy() error {
// Install full system policy profiles
for _, name := range []string{"systemd", "systemd-user"} { for _, name := range []string{"systemd", "systemd-user"} {
err := paths.New("apparmor.d/groups/_full/" + name).CopyTo(RootApparmord.Join(name)) err := paths.New("apparmor.d/groups/_full/" + name).CopyTo(RootApparmord.Join(name))
if err != nil { if err != nil {
return err return err
} }
} }
// Set systemd profile name
path := paths.New("apparmor.d/tunables/multiarch.d/apparmor.d")
content, err := path.ReadFile()
if err != nil {
return err
}
res := strings.Replace(string(content), "@{systemd}=unconfined", "@{systemd}=systemd", -1)
if err := path.WriteFile([]byte(res)); err != nil {
return err
}
logging.Success("Configure AppArmor for full system policy") logging.Success("Configure AppArmor for full system policy")
return nil return nil
} }