mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

build: cleanup configure & fix full system policy build.

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-06 21:27:53 +00:00
parent a8808d3da6
commit de4fed4997
Failed to generate hash of commit
1 changed files with 13 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
configure vendored
View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Configure the apparmor.d package # Configure the apparmor.d package
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io> # Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
set -eu set -eu
@ -23,9 +23,11 @@ _displace_files() {
} }
# Process management function to run a function over all the profile files # Process management function to run a function over all the profile files
# $1 The function to run. # $1 The function to run
_process() { # $2 Usage message to print
local len nprof nproc fct="$1" process() {
local len nprof nproc fct="$1" msg="$2"
_msg "$msg"
mapfile -t files < <(find "${ROOT:?}/apparmor.d" -type f) mapfile -t files < <(find "${ROOT:?}/apparmor.d" -type f)
len="${#files[@]}" len="${#files[@]}"
nproc=$(nproc) nproc=$(nproc)
@ -181,7 +183,7 @@ _resolve_attachments() {
echo "$entrypoint" echo "$entrypoint"
} }
# Internal userspace process # Remove variables in profile attachment to bypass userspace tools restriction
_userspace() { _userspace() {
local start="$1" end="$2"; shift 2 local start="$1" end="$2"; shift 2
files=("$@") files=("$@")
@ -198,13 +200,7 @@ _userspace() {
done done
} }
# Remove variables in profile attachment to bypass userspace tools restriction # Set complain flag on all profiles
userspace() {
_msg "Bypass userspace tools restriction"
_process _userspace
}
# Internal complain process
_complain() { _complain() {
local start="$1" end="$2"; shift 2 local start="$1" end="$2"; shift 2
files=("$@") files=("$@")
@ -222,24 +218,19 @@ _complain() {
done done
} }
# Set complain flag on all profile
complain() {
_msg "Set complain flag on all profiles"
_process _complain
}
# Set AppArmor for full system policy # Set AppArmor for full system policy
# See https://gitlab.com/apparmor/apparmor/-/wikis/FullSystemPolicy # See https://gitlab.com/apparmor/apparmor/-/wikis/FullSystemPolicy
full() { full() {
_msg "Configure AppArmor for full system policy"
cp -a apparmor.d/groups/_full/init "$ROOT/apparmor.d/" cp -a apparmor.d/groups/_full/init "$ROOT/apparmor.d/"
cp -a apparmor.d/groups/_full/systemd "$ROOT/apparmor.d/" cp -a apparmor.d/groups/_full/systemd "$ROOT/apparmor.d/"
case "$DISTRIBUTION" in case "$DISTRIBUTION" in
arch|endeavouros|cachyos|manjarolinux) arch|endeavouros|cachyos|manjarolinux)
cp -r root/usr/lib/initcpio root/usr/lib/systemd/ "$ROOT/root/" cp -r root/usr/lib/initcpio root/usr/lib/systemd/ "$ROOT/root/usr/lib/"
;; ;;
debian|ubuntu|whonix) debian|ubuntu|whonix)
cp -r root/etc/initramfs-tools "$ROOT/root/" cp -r root/usr/share/initramfs-tools "$ROOT/root/usr/share/"
;; ;;
*) _die "$DISTRIBUTION is not a supported distribution." ;; *) _die "$DISTRIBUTION is not a supported distribution." ;;
@ -280,9 +271,9 @@ main() {
ignore || _die "removing ignored profiles" ignore || _die "removing ignored profiles"
synchronise || _die "merging profiles" synchronise || _die "merging profiles"
configure || _die "configuring distribution" configure || _die "configuring distribution"
userspace || _die "bypassing userspace" process _userspace 'Bypass userspace tools restriction' || _die "bypassing userspace"
flags || _die "settings flags" flags || _die "settings flags"
[[ "$COMPLAIN" == 1 ]] && complain [[ "$COMPLAIN" == 1 ]] && process _complain 'Set complain flag on all profiles'
[[ "$FULL" == 1 ]] && full [[ "$FULL" == 1 ]] && full
return 0 return 0
} }