add local site configuration for HOMEDIRS tunable

- add commented profiles/apparmor.d/tunables/home.d/site.local - profiles/apparmor.d/tunables/home: include tunables/home.d - profiles/Makefile: adjust for home.d sub-directory and install site.local
2025-03-04 08:24:42 +01:00 · 2010-01-05 15:58:43 -06:00 · 2010-01-05 15:58:43 -06:00 · ebedab89e5
commit ebedab89e5
parent a0e8bf9661
3 changed files with 26 additions and 4 deletions
--- a/profiles/Makefile
+++ b/profiles/Makefile
@ -39,6 +39,7 @@ PROFILES_SOURCE=./apparmor.d
 EXTRAS_SOURCE=./apparmor/profiles/extras/
 SUBDIRS_MUST_BE_SKIPPED=${PROFILES_SOURCE}/abstractions ${PROFILES_SOURCE}/apache2.d ${PROFILES_SOURCE}/program-chunks ${PROFILES_SOURCE}/tunables
 PROFILES_TO_COPY=$(filter-out ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*))
+TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d, $(wildcard ${PROFILES_SOURCE}/tunables/*))

 .PHONY: install
 install: 
@ -46,12 +47,14 @@ install:
 	install -m 755 -d ${PROFILES_DEST}/abstractions \
                          ${PROFILES_DEST}/apache2.d \
                          ${PROFILES_DEST}/program-chunks \
-                          ${PROFILES_DEST}/tunables
+                          ${PROFILES_DEST}/tunables \
+                          ${PROFILES_DEST}/tunables/home.d
 	install -m 644 ${PROFILES_TO_COPY} ${PROFILES_DEST}
 	install -m 644 ${PROFILES_SOURCE}/abstractions/* ${PROFILES_DEST}/abstractions
 	install -m 644 ${PROFILES_SOURCE}/apache2.d/* ${PROFILES_DEST}/apache2.d
 	install -m 644 ${PROFILES_SOURCE}/program-chunks/* ${PROFILES_DEST}/program-chunks
-	install -m 644 ${PROFILES_SOURCE}/tunables/* ${PROFILES_DEST}/tunables
+	install -m 644 ${TUNABLES_TO_COPY} ${PROFILES_DEST}/tunables
+	install -m 644 ${PROFILES_SOURCE}/tunables/home.d/* ${PROFILES_DEST}/tunables/home.d
 	install -m 755 -d ${EXTRAS_DEST}
 	install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST}

--- a/profiles/apparmor.d/tunables/home
+++ b/profiles/apparmor.d/tunables/home
@ -1,7 +1,8 @@
 # $Id$
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2006 Novell/SUSE
+#    Copyright (C) 2006-2009 Novell/SUSE
+#    Copyright (C) 2010 Canonical Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -17,5 +18,9 @@

 # @{HOMEDIRS} is a space-separated list of where user home directories
 # are stored, for programs that must enumerate all home directories on a
-# system. 
+# system.
@{HOMEDIRS}=/home/
+
+# Also, include files in tunables/home.d for site-specific adjustments to
+# @{HOMEDIRS}.
+#include <tunables/home.d>
--- a/profiles/apparmor.d/tunables/home.d/site.local
+++ b/profiles/apparmor.d/tunables/home.d/site.local
@ -0,0 +1,14 @@
+# $Id$
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2010 Canonical Ltd.
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following is a space-separated list of where additional user home
+# directories are stored. Directories added here are appended to @{HOMEDIRS}.
+# See tunables/home for details. Eg:
+#@HOMEDIRS+=/srv/nfs/home /mnt/home