mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-12 07:17:13 +01:00
build: split systemd drop file in function of their purpose.
default: ensure a service use a given profile early: ensure a service start after apparmor.
This commit is contained in:
parent
cf4e47f10f
commit
a66ff700a2
9 changed files with 13 additions and 4 deletions
|
@ -52,13 +52,15 @@ func aaPrebuild() error {
|
||||||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
|
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
|
||||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
|
||||||
} else {
|
} else {
|
||||||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetDefaultSystemd)
|
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd)
|
||||||
}
|
}
|
||||||
|
|
||||||
if complain {
|
if complain {
|
||||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)
|
||||||
} else if enforce {
|
} else if enforce {
|
||||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)
|
||||||
}
|
}
|
||||||
|
|
||||||
if abi4 {
|
if abi4 {
|
||||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)
|
prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ var (
|
||||||
Merge,
|
Merge,
|
||||||
Configure,
|
Configure,
|
||||||
SetFlags,
|
SetFlags,
|
||||||
|
SetProfileSystemd,
|
||||||
}
|
}
|
||||||
PrepareMsg = map[string]string{
|
PrepareMsg = map[string]string{
|
||||||
"Synchronise": "Initialize a new clean apparmor.d build directory",
|
"Synchronise": "Initialize a new clean apparmor.d build directory",
|
||||||
|
@ -30,7 +31,8 @@ var (
|
||||||
"Merge": "Merge all profiles",
|
"Merge": "Merge all profiles",
|
||||||
"Configure": "Set distribution specificities",
|
"Configure": "Set distribution specificities",
|
||||||
"SetFlags": "Set flags on some profiles",
|
"SetFlags": "Set flags on some profiles",
|
||||||
"SetDefaultSystemd": "Set systemd unit drop in files to ensure some service start after apparmor",
|
"SetProfileSystemd": "Use the systemd unit file to set a profile for a given unit",
|
||||||
|
"SetEarlySystemd": "Set systemd unit drop in files to ensure some service start after apparmor",
|
||||||
"SetFullSystemPolicy": "Configure AppArmor for full system policy",
|
"SetFullSystemPolicy": "Configure AppArmor for full system policy",
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
@ -198,11 +200,16 @@ func SetFlags() ([]string, error) {
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set systemd unit drop in files to ensure some service start after apparmor
|
// Use the systemd unit file to set a profile for a given unit
|
||||||
func SetDefaultSystemd() ([]string, error) {
|
func SetProfileSystemd() ([]string, error) {
|
||||||
return []string{}, copyTo(paths.New("systemd/default/"), Root.Join("systemd"))
|
return []string{}, copyTo(paths.New("systemd/default/"), Root.Join("systemd"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set systemd unit drop in files to ensure some service start after apparmor
|
||||||
|
func SetEarlySystemd() ([]string, error) {
|
||||||
|
return []string{}, copyTo(paths.New("systemd/early/"), Root.Join("systemd"))
|
||||||
|
}
|
||||||
|
|
||||||
// Set AppArmor for (experimental) full system policy.
|
// Set AppArmor for (experimental) full system policy.
|
||||||
// See https://apparmor.pujol.io/full-system-policy/
|
// See https://apparmor.pujol.io/full-system-policy/
|
||||||
func SetFullSystemPolicy() ([]string, error) {
|
func SetFullSystemPolicy() ([]string, error) {
|
||||||
|
|
Loading…
Reference in a new issue