mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
4ca3ced1a5
apparmor.d/docs/install.md
Alexandre Pujol f40a2ef457
build: improve install process. 
- Add make local
- Warn on local partial install regarding missing deps.
2023-02-11 18:59:08 +00:00

3.1 KiB
Raw Blame History

title
Installation

!!! danger

In order to not break your system, the default package configuration installs
all profiles in complain mode. They can be enforced later.
See the [Enforce Mode](/enforce) page.

Requirements

AppArmor

An apparmor based Linux distribution is required. The basic profiles and abstractions shipped with AppArmor must be installed.

Desktop environment

The following desktop environments are supported:

  • :material-gnome: Gnome

Also, please note wayland has better support than xorg.

Build dependencies

  • Go
  • lsb-release
  • Rsync

:material-arch: Archlinux

apparmor.d-git is available in the Arch User Repository:

git clone https://aur.archlinux.org/apparmor.d-git.git
cd apparmor.d-git
makepkg -s
sudo pacman -U apparmor.d-*.pkg.tar.zst \
  --overwrite etc/apparmor.d/tunables/global \
  --overwrite etc/apparmor.d/tunables/xdg-user-dirs \
  --overwrite etc/apparmor.d/abstractions/trash

The overwrite options are only required on the first install. You can use yay or your preferred AUR install method to update it.

!!! note

The following Archlinux based distributions are supported:

- [x] CachyOS
- [x] EndeavourOS
- [x] :material-manjaro: Manjaro Linux

:material-ubuntu: Ubuntu & :material-debian: Debian

Build the package from sources:

sudo apt install apparmor-profiles build-essential config-package-dev debhelper golang-go rsync git
git clone https://github.com/roddhjav/apparmor.d.git
cd apparmor.d
dpkg-buildpackage -b -d --no-sign
sudo dpkg -i ../apparmor.d_*_all.deb

:simple-suse: OpenSUSE

Build and install from source:

./configure --complain
make
sudo make install
sudo systemctl restart apparmor

!!! note

RPM package is still a work in progress. Help is welcome.

Partial install

For test purposes, you can install specific profiles with the following commands. Abstractions, tunables, and most of the OS dependent post-processing is managed.

./configure --complain
make
sudo make profile-names...

!!! warning

Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))

For instance, `sudo make pass` gives:
```sh
Warning: profile dependencies fallback to unconfined.
/{usr/,}bin/wl-{copy,paste} rPx,
/{usr/,}bin/xclip           rPx,
/{usr/,}bin/python3.[0-9]* rPx -> pass-import,  # pass-import
    /{usr/,}bin/pager         rPx -> child-pager,
    /{usr/,}bin/less          rPx -> child-pager,
    /{usr/,}bin/more          rPx -> child-pager,
'.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'
```
So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.