mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-26 11:44:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

build: add initial build support for ubuntu 24.04

Browse source
This commit is contained in:
Alexandre Pujol 2024-02-28 17:35:14 +00:00
parent 431e93c9df
commit ae9f7e7442
Failed to generate hash of commit
4 changed files with 106 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
dists/displace Normal file
View file

@ -0,0 +1,20 @@
# Apparmor ships some unconfined profiles that allow everything and set the
# userns rules. This file keeps track of them and allow apparmor.d to replace
# them by our own.
# File format: one profile name by line.
# This is managed globally in this file and not in debian/apparmor.d.displace as
# it applies to all distributions using apparmor 4.0+
brave
chrome
element-desktop
epiphany
flatpak
opera
plasmashell
slirp4netns
systemd-coredump
thunderbird
virtiofsd
firefox

8
pkg/prebuild/prebuild.go
View file

@ -14,6 +14,7 @@ import (
) )
var ( var (
needDisplace bool = false
Distribution string Distribution string
DistDir *paths.Path DistDir *paths.Path
Root *paths.Path Root *paths.Path
@ -27,6 +28,13 @@ func init() {
FlagDir = DistDir.Join("flags") FlagDir = DistDir.Join("flags")
RootApparmord = Root.Join("apparmor.d") RootApparmord = Root.Join("apparmor.d")
Distribution = getSupportedDistribution() Distribution = getSupportedDistribution()
if Distribution == "ubuntu" {
os := NewOSRelease()
if os["VERSION_CODENAME"] == "noble" {
Builds = append(Builds, BuildABI3)
needDisplace = true
}
}
} }
func getFctName(i any) string { func getFctName(i any) string {

18
pkg/prebuild/prepare.go
View file

@ -130,8 +130,22 @@ func Configure() ([]string, error) {
switch Distribution { switch Distribution {
case "arch", "opensuse": case "arch", "opensuse":
case "debian", "ubuntu", "whonix": case "ubuntu":
// Copy Ubuntu specific profiles if needDisplace {
if _, err := paths.New("debian/apparmor.d.displace").Create(); err != nil {
return res, err
}
filesToDisplace := overwriteProfile(DistDir.Join("displace"))
if err := displaceFiles(filesToDisplace); err != nil {
return res, err
}
} else {
if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil {
return res, err
}
}
case "debian", "whonix":
// Copy Debian specific abstractions
if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil { if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil {
return res, err return res, err
} }

79
pkg/prebuild/tools.go
View file

@ -21,7 +21,29 @@ var (
"opensuse": {"suse"}, "opensuse": {"suse"},
"whonix": {}, "whonix": {},
} }
)
func NewOSRelease() map[string]string {
var lines []string
var err error
for _, name := range []string{osReleaseFile, "/usr/lib/os-release"} {
path := paths.New(name)
if path.Exist() {
lines, err = path.ReadFileAsLines()
if err != nil {
panic(err)
}
break
}
}
os := map[string]string{}
for _, line := range lines {
item := strings.Split(line, "=")
if len(item) == 2 {
os[item[0]] = strings.Trim(item[1], "\"")
}
}
return os
}
func getSupportedDistribution() string { func getSupportedDistribution() string {
dist, present := os.LookupEnv("DISTRIBUTION") dist, present := os.LookupEnv("DISTRIBUTION")
@ -29,25 +51,12 @@ func getSupportedDistribution() string {
return dist return dist
} }
lines, err := paths.New(osReleaseFile).ReadFileAsLines() os := NewOSRelease()
if err != nil { id := os["ID"]
panic(err)
}
id := ""
id_like := ""
for _, line := range lines {
item := strings.Split(line, "=")
if item[0] == "ID" {
id = strings.Split(strings.Trim(item[1], "\""), " ")[0]
} else if item[0] == "ID_LIKE" {
id_like = strings.Split(strings.Trim(item[1], "\""), " ")[0]
}
}
if id == "ubuntu" { if id == "ubuntu" {
return id return id
} }
id_like := os["ID_LIKE"]
for main, based := range supportedDists { for main, based := range supportedDists {
if main == id || main == id_like { if main == id || main == id_like {
return main return main
@ -80,3 +89,39 @@ func copyTo(src *paths.Path, dst *paths.Path) error {
} }
return nil return nil
} }
// Displace files in the package sources
func displaceFiles(files []string) error {
const ext = ".apparmor.d"
for _, name := range files {
origin := RootApparmord.Join(name)
dest := RootApparmord.Join(name + ext)
if err := origin.Rename(dest); err != nil {
return err
}
file, err := paths.New("debian/apparmor.d.displace").Append()
if err != nil {
return err
}
if _, err := file.WriteString("/etc/apparmor.d/" + name + ext + "\n"); err != nil {
return err
}
}
return nil
}
func overwriteProfile(path *paths.Path) []string {
res := []string{}
lines, err := path.ReadFileAsLines()
if err != nil {
panic(err)
}
for _, line := range lines {
if strings.HasPrefix(line, "#") || line == "" {
continue
}
res = append(res, line)
}
return res
}