mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-25 06:27:49 +01:00
Improve Debian support.
This commit is contained in:
parent
723695c626
commit
937171d40c
5 changed files with 60 additions and 44 deletions
90
configure
vendored
90
configure
vendored
|
@ -4,52 +4,28 @@
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
readonly ROOT=.build
|
readonly ROOT=.build
|
||||||
declare -a REMOVE_LIST
|
|
||||||
|
|
||||||
_die() { printf '%s\n' "$*" >&2 && exit 1; }
|
_die() { printf '%s\n' "$*" >&2 && exit 1; }
|
||||||
_warning() { printf 'Warning: %s\n' "$*" >&2; }
|
_warning() { printf ' Warning: %s\n' "$*" >&2; }
|
||||||
_init() { rm -rf "${ROOT:?}" && rsync -a --exclude=.git . "$ROOT"; }
|
|
||||||
|
|
||||||
# Remove files or directories in the package
|
# Displace files in the package sources
|
||||||
remove_files() {
|
# $@ List of files to displace
|
||||||
msg="Remove unneeded profiles/resources:"
|
_displace_files() {
|
||||||
for path in "${REMOVE_LIST[@]}"; do
|
for path in "$@"; do
|
||||||
[[ ! -e "${ROOT:?}/$path" ]] && continue
|
mv "${ROOT:?}/$path" "${ROOT:?}/$path.apparmor.d"
|
||||||
msg+=$'\n'" $(stat -c '%A %u:%g' "${ROOT:?}/$path") $path"
|
|
||||||
done
|
|
||||||
echo "$msg"
|
|
||||||
|
|
||||||
for path in "${REMOVE_LIST[@]}"; do
|
|
||||||
rm -rf "${ROOT:?}/$path"
|
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set the distribution, flavor & groups
|
# Initialise a new clean apparmor.d build directory
|
||||||
|
initialise() {
|
||||||
|
rm -rf "${ROOT:?}" && rsync -a --exclude=.git . "$ROOT"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set the distribution specificities
|
||||||
configure() {
|
configure() {
|
||||||
echo "Set the configuration for $DISTRIBUTION."
|
echo "Set the configuration for $DISTRIBUTION."
|
||||||
if [[ "$DISTRIBUTION" == archlinux ]]; then
|
|
||||||
REMOVE_LIST+=(
|
|
||||||
apparmor.d/abstractions/apt-common
|
|
||||||
apparmor.d/groups/apt
|
|
||||||
apparmor.d/groups/cron
|
|
||||||
)
|
|
||||||
|
|
||||||
elif [[ "$DISTRIBUTION" == debian ]]; then
|
echo " Ignore profiles in profiles.ignore."
|
||||||
REMOVE_LIST+=(
|
|
||||||
apparmor.d/groups/pacman
|
|
||||||
root/usr/share/libalpm/hooks/apparmor.hook
|
|
||||||
)
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
# Initialise the apparmor.d with the selected configuration.
|
|
||||||
initialise() {
|
|
||||||
_init
|
|
||||||
remove_files
|
|
||||||
|
|
||||||
echo "Ignore profiles in profiles.ignore."
|
|
||||||
while read -r profile; do
|
while read -r profile; do
|
||||||
[[ "$profile" =~ ^\# ]] && continue
|
[[ "$profile" =~ ^\# ]] && continue
|
||||||
if [[ "$profile" == */ ]]; then
|
if [[ "$profile" == */ ]]; then
|
||||||
|
@ -59,6 +35,39 @@ initialise() {
|
||||||
fi
|
fi
|
||||||
done <profiles.ignore
|
done <profiles.ignore
|
||||||
|
|
||||||
|
case "$DISTRIBUTION" in
|
||||||
|
archlinux)
|
||||||
|
echo " Ignore non Archlinux profiles."
|
||||||
|
rm -rf \
|
||||||
|
"${ROOT:?}"/apparmor.d/abstractions/apt-common \
|
||||||
|
"${ROOT:?}"/apparmor.d/groups/apt \
|
||||||
|
"${ROOT:?}"/apparmor.d/groups/cron
|
||||||
|
|
||||||
|
;;
|
||||||
|
|
||||||
|
debian)
|
||||||
|
echo " Ignore non Debian profiles."
|
||||||
|
rm -rf \
|
||||||
|
"${ROOT:?}"/apparmor.d/groups/pacman \
|
||||||
|
"${ROOT:?}"/root/usr/share/libalpm/hooks/apparmor.hook
|
||||||
|
|
||||||
|
echo " Debian does not support abi 3.0 yet."
|
||||||
|
find "$ROOT/apparmor.d" -type f -exec sed -i -e "s;abi <abi/3.0>,;;" {} \;
|
||||||
|
|
||||||
|
echo " Debian does not have etc tunable."
|
||||||
|
sed -i -e '/etc/d' "$ROOT/apparmor.d/tunables/global"
|
||||||
|
|
||||||
|
echo " Displace overwritten files."
|
||||||
|
_displace_files apparmor.d/tunables/global apparmor.d/tunables/xdg-user-dirs
|
||||||
|
|
||||||
|
;;
|
||||||
|
|
||||||
|
*) _die "$DISTRIBUTION is not a supported distribution." ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# Synchronise all profile in a new apparmor.d directory.
|
||||||
|
synchronise() {
|
||||||
echo "Synchronise all profiles."
|
echo "Synchronise all profiles."
|
||||||
mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
|
mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
|
||||||
rm -rf "${ROOT:?}/apparmor.d/groups/"
|
rm -rf "${ROOT:?}/apparmor.d/groups/"
|
||||||
|
@ -75,7 +84,7 @@ setflags() {
|
||||||
IFS=' ' read -r -a manifest <<< "$profile"
|
IFS=' ' read -r -a manifest <<< "$profile"
|
||||||
profile="${manifest[0]}" flags="${manifest[1]}"
|
profile="${manifest[0]}" flags="${manifest[1]}"
|
||||||
|
|
||||||
[[ "$profile" =~ ^\# ]] && continue
|
[[ "$profile" =~ ^\# || -z "$profile" ]] && continue
|
||||||
path="${ROOT:?}/apparmor.d/$profile"
|
path="${ROOT:?}/apparmor.d/$profile"
|
||||||
if [[ ! -f "$path" ]]; then
|
if [[ ! -f "$path" ]]; then
|
||||||
_warning "Profile $profile not found"
|
_warning "Profile $profile not found"
|
||||||
|
@ -99,7 +108,7 @@ cmd_help() {
|
||||||
./configure [options] - Configure the apparmor.d package
|
./configure [options] - Configure the apparmor.d package
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
--distribution=DIST Set the target Linux distribution (Archlinux, Debian)
|
--distribution=DIST Set the target Linux distribution: archlinux, debian
|
||||||
--help Print this help message and exit.
|
--help Print this help message and exit.
|
||||||
_EOF
|
_EOF
|
||||||
}
|
}
|
||||||
|
@ -117,8 +126,9 @@ main() {
|
||||||
|
|
||||||
[[ $err -ne 0 ]] && { cmd_help; exit 1; }
|
[[ $err -ne 0 ]] && { cmd_help; exit 1; }
|
||||||
|
|
||||||
configure
|
|
||||||
initialise
|
initialise
|
||||||
|
configure
|
||||||
|
synchronise
|
||||||
setflags
|
setflags
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
5
debian/apparmor.d.displace
vendored
Normal file
5
debian/apparmor.d.displace
vendored
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
/etc/apparmor.d/tunables/global.apparmor.d
|
||||||
|
/etc/apparmor.d/tunables/xdg-user-dirs.apparmor.d
|
1
debian/apparmor.d.displace-extension
vendored
Normal file
1
debian/apparmor.d.displace-extension
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.apparmor.d
|
4
debian/apparmor.d.postinst
vendored
4
debian/apparmor.d.postinst
vendored
|
@ -3,8 +3,8 @@
|
||||||
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
systemctl reload apparmor.service >/dev/null 2>&1 || true
|
|
||||||
|
|
||||||
#DEBHELPER#
|
#DEBHELPER#
|
||||||
|
|
||||||
|
systemctl reload apparmor.service >/dev/null 2>&1 || true
|
||||||
|
|
||||||
exit 0
|
exit 0
|
4
debian/apparmor.d.postrm
vendored
4
debian/apparmor.d.postrm
vendored
|
@ -3,8 +3,8 @@
|
||||||
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
systemctl reload apparmor.service >/dev/null 2>&1 || true
|
|
||||||
|
|
||||||
#DEBHELPER#
|
#DEBHELPER#
|
||||||
|
|
||||||
|
systemctl reload apparmor.service >/dev/null 2>&1 || true
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
Loading…
Reference in a new issue