mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-11 23:07:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add 'pick', a tooll to install some AppArmor profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2021-12-05 19:17:53 +00:00
parent 1e041057fa
commit e43418a820
Failed to generate hash of commit
3 changed files with 89 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitlab-ci.yml
View file

@ -22,7 +22,7 @@ bash:
image: koalaman/shellcheck-alpine image: koalaman/shellcheck-alpine
script: script:
- shellcheck --shell=bash - shellcheck --shell=bash
PKGBUILD PKGBUILD configure pick
debian/apparmor.d.postinst debian/apparmor.d.postrm debian/apparmor.d.postinst debian/apparmor.d.postrm
golangci-lint: golangci-lint:

8
README.md
View file

@ -62,6 +62,14 @@ dpkg-buildpackage -b -d --no-sign
sudo dpkg --install ../apparmor.d_*_all.deb sudo dpkg --install ../apparmor.d_*_all.deb
``` ```
**Partial install**
For test purpose, you can install a specific profile with the following commands. The tool will also install required abstractions and tunables:
```
sudo ./pick <profiles-name>
```
## Usage ## Usage
**Enabled profiles** **Enabled profiles**

80
pick Executable file
View file

@ -0,0 +1,80 @@
#!/usr/bin/env bash
# pick - Install some AppArmor profile(s)
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
_set_complain() {
local path="$1"
[[ -d "$path" ]] && return
flags="$(grep -o -m 1 'flags=(.*)' "$path" | cut -d '(' -f2 | cut -d ')' -f1)"
[[ "$flags" =~ complain ]] && return
sed -e "s/flags=(.*)//" \
-e "s/ {$/ flags=(complain $flags) {/" \
-i "$path"
}
_install_abstractions() {
mapfile -t abstractions < <(find apparmor.d/abstractions/ -type f -printf "%P\n")
for file in "${abstractions[@]}"; do
install -Dm0644 "apparmor.d/abstractions/$file" \
"/etc/apparmor.d/abstractions/$file"
done
}
_install_tunables() {
for path in apparmor.d/tunables/*; do
install -Dm0644 "$path" "/etc/apparmor.d/tunables/$(basename "$path")"
done
}
_reload_apparmor() {
systemctl restart apparmor || true
systemctl status apparmor
return $?
}
pick() {
for profile in "$@"; do
path="$(find apparmor.d -iname "$profile" -type f)"
if [[ -f "$path" ]]; then
install -Dm0644 "$path" "/etc/apparmor.d/$profile"
[[ "$COMPLAIN" == 1 ]] && _set_complain "/etc/apparmor.d/$profile"
fi
done
return $?
}
# Print help message
cmd_help() {
cat <<-_EOF
./pick [options] <profiles> - Install some AppArmor profile(s)
Options:
-c, --complain Set profile on complain mode
-h, --help Print this help message and exit
_EOF
}
main() {
local opts err
small_arg="ch"
long_arg="complain,help"
opts="$(getopt -o $small_arg -l $long_arg -n "$PROGRAM" -- "$@")"
err=$?
eval set -- "$opts"
while true; do case $1 in
-c|--complain) COMPLAIN=1; shift ;;
-h|--help) shift; cmd_help; exit 0 ;;
--) shift; break ;;
esac done
[[ $err -ne 0 ]] && { cmd_help; exit 1; }
_install_abstractions
_install_tunables
pick "$@" && _reload_apparmor
return $?
}
COMPLAIN=0
main "$@"