mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
Check if all profiles and abstractions contain abi/4.0
... and add abi/4.0 where it was missing
This commit is contained in:
Christian Boltz
parent
bb460ba467
commit
8c80c56252
11 changed files with 24 additions and 2 deletions
|
|
@ -154,11 +154,12 @@ check-logprof: test-dependencies
|
||||||
|
|
||||||
.PHONY: check-abstractions.d
|
.PHONY: check-abstractions.d
|
||||||
check-abstractions.d:
|
check-abstractions.d:
|
||||||
@echo "*** Checking if all abstractions (with a few exceptions) contain 'include if exists <abstractions/*.d>'"
|
@echo "*** Checking if all abstractions (with a few exceptions) contain 'include if exists <abstractions/*.d>' and 'abi <abi/4.0>,'"
|
||||||
$(Q)for file in $$(find ${ABSTRACTIONS_SOURCE} ${EXTRAS_ABSTRACTIONS_SOURCE} -maxdepth 1 -type f) ; do \
|
$(Q)for file in $$(find ${ABSTRACTIONS_SOURCE} ${EXTRAS_ABSTRACTIONS_SOURCE} -maxdepth 1 -type f) ; do \
|
||||||
case "$${file}" in */ubuntu-browsers | */ubuntu-helpers) continue ;; esac ; \
|
case "$${file}" in */ubuntu-browsers | */ubuntu-helpers) continue ;; esac ; \
|
||||||
include="include if exists <abstractions/$$(basename $${file}).d>" ; \
|
include="include if exists <abstractions/$$(basename $${file}).d>" ; \
|
||||||
grep -q "^ $${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
|
grep -q "^ $${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
|
||||||
|
grep -q "^ *abi <abi/4.0>," $${file} || { echo "$${file} does not contain 'abi <abi/4.0>,'"; exit 1; } ; \
|
||||||
done
|
done
|
||||||
|
|
||||||
.PHONY: check-tunables.d
|
.PHONY: check-tunables.d
|
||||||
|
|
@ -172,9 +173,10 @@ check-tunables.d:
|
||||||
|
|
||||||
.PHONY: check-local
|
.PHONY: check-local
|
||||||
check-local:
|
check-local:
|
||||||
@echo "*** Checking if all profiles contain 'include if exists <local/*>'"
|
@echo "*** Checking if all profiles contain 'include if exists <local/*>' and 'abi <abi/4.0>,'"
|
||||||
$(Q)for file in $$(find ${PROFILES_SOURCE} ${EXTRAS_SOURCE} -maxdepth 1 -type f) ; do \
|
$(Q)for file in $$(find ${PROFILES_SOURCE} ${EXTRAS_SOURCE} -maxdepth 1 -type f) ; do \
|
||||||
case "$${file}" in */README) continue ;; esac ; \
|
case "$${file}" in */README) continue ;; esac ; \
|
||||||
include="include if exists <local/$$(basename $${file})>" ; \
|
include="include if exists <local/$$(basename $${file})>" ; \
|
||||||
grep -q "^ *$${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
|
grep -q "^ *$${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
|
||||||
|
grep -q "^ *abi <abi/4.0>," $${file} || { echo "$${file} does not contain 'abi <abi/4.0>,'"; exit 1; } ; \
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,8 @@
|
||||||
#
|
#
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
# Note: executing groff and nroff themself is not included in this abstraction
|
# Note: executing groff and nroff themself is not included in this abstraction
|
||||||
# so that you can choose to ix, Px or Cx them in your profile
|
# so that you can choose to ix, Px or Cx them in your profile
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
profile snap_browsers {
|
profile snap_browsers {
|
||||||
include if exists <abstractions/snap_browsers.d>
|
include if exists <abstractions/snap_browsers.d>
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
# LOGPROF-SUGGEST: no
|
# LOGPROF-SUGGEST: no
|
||||||
# Author: Daniel Richard G. <skunk@iSKUNK.ORG>
|
# Author: Daniel Richard G. <skunk@iSKUNK.ORG>
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/freedesktop.org>
|
include <abstractions/freedesktop.org>
|
||||||
include <abstractions/nameservice>
|
include <abstractions/nameservice>
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# vim: ft=apparmor
|
# vim: ft=apparmor
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
profile dovecot-director /usr/lib*/dovecot/director flags=(attach_disconnected) {
|
profile dovecot-director /usr/lib*/dovecot/director flags=(attach_disconnected) {
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# vim: ft=apparmor
|
# vim: ft=apparmor
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
profile dovecot-doveadm-server /usr/lib*/dovecot/doveadm-server flags=(attach_disconnected) {
|
profile dovecot-doveadm-server /usr/lib*/dovecot/doveadm-server flags=(attach_disconnected) {
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,8 @@
|
||||||
# vim: ft=apparmor
|
# vim: ft=apparmor
|
||||||
# for https://wiki.dovecot.org/Replication
|
# for https://wiki.dovecot.org/Replication
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/dovecot>
|
include <tunables/dovecot>
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
#
|
#
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
profile pyzorsocket /usr/bin/pyzorsocket {
|
profile pyzorsocket /usr/bin/pyzorsocket {
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
#
|
#
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
profile razorsocket /usr/bin/razorsocket {
|
profile razorsocket /usr/bin/razorsocket {
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
#
|
#
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
profile clamd /usr/sbin/clamd {
|
profile clamd /usr/sbin/clamd {
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
#
|
#
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
profile haproxy /usr/sbin/haproxy {
|
profile haproxy /usr/sbin/haproxy {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue