mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't create local/* profile sniplets by default

Browse source 
... and document how to create them if you still want them.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/337
This commit is contained in:
Christian Boltz 2023-08-20 11:44:17 +02:00
parent 1758b66c9d
commit adf19138d5
Failed to generate hash of commit
3 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -181,6 +181,9 @@ $ make check # depends on the parser having been built first
$ make install $ make install
``` ```
Note that the empty local/* profile sniplets no longer get created by default.
If you want them, run `make local` before running `make check`.
[Note that for the parser, binutils, and utils, if you only wish to build/use [Note that for the parser, binutils, and utils, if you only wish to build/use
some of the locale languages, you can override the default by passing some of the locale languages, you can override the default by passing
the LANGS arguments to make; e.g. make all install "LANGS=en_US fr".] the LANGS arguments to make; e.g. make all install "LANGS=en_US fr".]

8
profiles/Makefile
View file

@ -20,7 +20,7 @@
# Makefile for LSM-based AppArmor profiles # Makefile for LSM-based AppArmor profiles
NAME=apparmor-profiles NAME=apparmor-profiles
all: local docs all: docs
COMMONDIR=../common/ COMMONDIR=../common/
include $(COMMONDIR)/Make.rules include $(COMMONDIR)/Make.rules
@ -86,7 +86,7 @@ local:
done done
.PHONY: install .PHONY: install
install: local install:
install -m 755 -d ${PROFILES_DEST} install -m 755 -d ${PROFILES_DEST}
install -m 755 -d ${PROFILES_DEST}/disable install -m 755 -d ${PROFILES_DEST}/disable
for dir in ${SUBDIRS} ; do \ for dir in ${SUBDIRS} ; do \
@ -122,7 +122,7 @@ CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print)
check: check-parser check-logprof check-abstractions.d check-tunables.d check-extras check: check-parser check-logprof check-abstractions.d check-tunables.d check-extras
.PHONY: check-parser .PHONY: check-parser
check-parser: test-dependencies local check-parser: test-dependencies
@echo "*** Checking profiles from ${PROFILES_SOURCE} and ${EXTRAS_SOURCE} against apparmor_parser" @echo "*** Checking profiles from ${PROFILES_SOURCE} and ${EXTRAS_SOURCE} against apparmor_parser"
$(Q)for profile in ${CHECK_PROFILES} ; do \ $(Q)for profile in ${CHECK_PROFILES} ; do \
[ -n "${VERBOSE}" ] && echo "Testing $${profile}" ; \ [ -n "${VERBOSE}" ] && echo "Testing $${profile}" ; \
@ -138,7 +138,7 @@ check-parser: test-dependencies local
done done
.PHONY: check-logprof .PHONY: check-logprof
check-logprof: test-dependencies local check-logprof: test-dependencies
@echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof" @echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"
$(Q)${LOGPROF} -d ${PROFILES_SOURCE} -f /dev/null || exit 1 $(Q)${LOGPROF} -d ${PROFILES_SOURCE} -f /dev/null || exit 1

7
profiles/apparmor.d/local/README
View file

@ -13,9 +13,12 @@
# #
# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has: # For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
# include <local/usr.sbin.smbd> # include <local/usr.sbin.smbd>
# or
# include if exists <local/usr.sbin.smbd>
# #
# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to # then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd
# contain any additional paths to be allowed, such as: # (create the file if it doesn't exist yet) to contain any additional paths
# to be allowed, such as:
# #
# /var/exports/** lrwk, # /var/exports/** lrwk,
# #