mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-23 21:46:44 +01:00
build: split systemd drop file in function of their purpose.
default: ensure a service use a given profile early: ensure a service start after apparmor.
This commit is contained in:
parent
cf4e47f10f
commit
a66ff700a2
9 changed files with 13 additions and 4 deletions
|
@ -52,13 +52,15 @@ func aaPrebuild() error {
|
|||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
|
||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
|
||||
} else {
|
||||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetDefaultSystemd)
|
||||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd)
|
||||
}
|
||||
|
||||
if complain {
|
||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)
|
||||
} else if enforce {
|
||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)
|
||||
}
|
||||
|
||||
if abi4 {
|
||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)
|
||||
}
|
||||
|
|
|
@ -23,6 +23,7 @@ var (
|
|||
Merge,
|
||||
Configure,
|
||||
SetFlags,
|
||||
SetProfileSystemd,
|
||||
}
|
||||
PrepareMsg = map[string]string{
|
||||
"Synchronise": "Initialize a new clean apparmor.d build directory",
|
||||
|
@ -30,7 +31,8 @@ var (
|
|||
"Merge": "Merge all profiles",
|
||||
"Configure": "Set distribution specificities",
|
||||
"SetFlags": "Set flags on some profiles",
|
||||
"SetDefaultSystemd": "Set systemd unit drop in files to ensure some service start after apparmor",
|
||||
"SetProfileSystemd": "Use the systemd unit file to set a profile for a given unit",
|
||||
"SetEarlySystemd": "Set systemd unit drop in files to ensure some service start after apparmor",
|
||||
"SetFullSystemPolicy": "Configure AppArmor for full system policy",
|
||||
}
|
||||
)
|
||||
|
@ -198,11 +200,16 @@ func SetFlags() ([]string, error) {
|
|||
return res, nil
|
||||
}
|
||||
|
||||
// Set systemd unit drop in files to ensure some service start after apparmor
|
||||
func SetDefaultSystemd() ([]string, error) {
|
||||
// Use the systemd unit file to set a profile for a given unit
|
||||
func SetProfileSystemd() ([]string, error) {
|
||||
return []string{}, copyTo(paths.New("systemd/default/"), Root.Join("systemd"))
|
||||
}
|
||||
|
||||
// Set systemd unit drop in files to ensure some service start after apparmor
|
||||
func SetEarlySystemd() ([]string, error) {
|
||||
return []string{}, copyTo(paths.New("systemd/early/"), Root.Join("systemd"))
|
||||
}
|
||||
|
||||
// Set AppArmor for (experimental) full system policy.
|
||||
// See https://apparmor.pujol.io/full-system-policy/
|
||||
func SetFullSystemPolicy() ([]string, error) {
|
||||
|
|
Loading…
Reference in a new issue