apparmor/utils/easyprof/templates/sandbox

#
# Example usage for a program named 'foo' which is installed in /opt/foo
# $ aa-easyprof --template=sandbox \
#               --template-var="@{APPNAME}=foo" \
#               --policy-groups=opt-application,user-application \
#               /opt/foo/bin/foo
#
###ENDUSAGE###
# vim:syntax=apparmor
# AppArmor policy for ###NAME###

#include <tunables/global>

###VAR###

###PROFILEATTACH### {
  #include <abstractions/base>
  / r,
  /**/ r,
  /usr/** r,

  ###ABSTRACTIONS###

  ###POLICYGROUPS###

  ###READS###

  ###WRITES###
}
add preliminary aa-sandbox which starts an X application in Xephyr. Currently does not add policy 2012-05-09 11:33:36 -07:00			`#`
			`# Example usage for a program named 'foo' which is installed in /opt/foo`
			`# $ aa-easyprof --template=sandbox \`
			`# --template-var="@{APPNAME}=foo" \`
			`# --policy-groups=opt-application,user-application \`
			`# /opt/foo/bin/foo`
			`#`
			`###ENDUSAGE###`
			`# vim:syntax=apparmor`
			`# AppArmor policy for ###NAME###`

			`#include <tunables/global>`

			`###VAR###`

Add aa-easyprof and easyprof.py and related pieces from the Ubuntu apparmor packaging. These were originally 0030-easyprof-sdk.patch and 0037-easyprof-sdk-pt2.patch. Jamie posted an updated 0030-easyprof-sdk_v2.patch and I squashed both patches into one commit. Acked-By: Jamie Strandboge <jamie@canonical.com> 2014-02-13 17:53:40 -08:00			`###PROFILEATTACH### {`
add preliminary aa-sandbox which starts an X application in Xephyr. Currently does not add policy 2012-05-09 11:33:36 -07:00			`#include <abstractions/base>`
fix up option parsing implement profile loading and transition (sudo for now) 2012-05-10 01:17:56 -07:00			`/ r,`
			`/**/ r,`
			`/usr/** r,`
add preliminary aa-sandbox which starts an X application in Xephyr. Currently does not add policy 2012-05-09 11:33:36 -07:00
			`###ABSTRACTIONS###`

			`###POLICYGROUPS###`

			`###READS###`

			`###WRITES###`
			`}`