build: split systemd drop file in function of their purpose.

default: ensure a service use a given profile
early: ensure a service start after apparmor.
This commit is contained in:
Alexandre Pujol 2024-03-15 16:17:19 +00:00
parent cf4e47f10f
commit a66ff700a2
Failed to generate hash of commit
9 changed files with 13 additions and 4 deletions

View file

@ -52,13 +52,15 @@ func aaPrebuild() error {
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
} else {
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetDefaultSystemd)
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd)
}
if complain {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)
} else if enforce {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)
}
if abi4 {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)
}

View file

@ -23,6 +23,7 @@ var (
Merge,
Configure,
SetFlags,
SetProfileSystemd,
}
PrepareMsg = map[string]string{
"Synchronise": "Initialize a new clean apparmor.d build directory",
@ -30,7 +31,8 @@ var (
"Merge": "Merge all profiles",
"Configure": "Set distribution specificities",
"SetFlags": "Set flags on some profiles",
"SetDefaultSystemd": "Set systemd unit drop in files to ensure some service start after apparmor",
"SetProfileSystemd": "Use the systemd unit file to set a profile for a given unit",
"SetEarlySystemd": "Set systemd unit drop in files to ensure some service start after apparmor",
"SetFullSystemPolicy": "Configure AppArmor for full system policy",
}
)
@ -198,11 +200,16 @@ func SetFlags() ([]string, error) {
return res, nil
}
// Set systemd unit drop in files to ensure some service start after apparmor
func SetDefaultSystemd() ([]string, error) {
// Use the systemd unit file to set a profile for a given unit
func SetProfileSystemd() ([]string, error) {
return []string{}, copyTo(paths.New("systemd/default/"), Root.Join("systemd"))
}
// Set systemd unit drop in files to ensure some service start after apparmor
func SetEarlySystemd() ([]string, error) {
return []string{}, copyTo(paths.New("systemd/early/"), Root.Join("systemd"))
}
// Set AppArmor for (experimental) full system policy.
// See https://apparmor.pujol.io/full-system-policy/
func SetFullSystemPolicy() ([]string, error) {