From ebedab89e5b35653be2ef1527b74328ff6c92f04 Mon Sep 17 00:00:00 2001 From: Jamie Strandboge Date: Tue, 5 Jan 2010 15:58:43 -0600 Subject: [PATCH] add local site configuration for HOMEDIRS tunable - add commented profiles/apparmor.d/tunables/home.d/site.local - profiles/apparmor.d/tunables/home: include tunables/home.d - profiles/Makefile: adjust for home.d sub-directory and install site.local --- profiles/Makefile | 7 +++++-- profiles/apparmor.d/tunables/home | 9 +++++++-- profiles/apparmor.d/tunables/home.d/site.local | 14 ++++++++++++++ 3 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 profiles/apparmor.d/tunables/home.d/site.local diff --git a/profiles/Makefile b/profiles/Makefile index b46cabbac..04177582d 100644 --- a/profiles/Makefile +++ b/profiles/Makefile @@ -39,6 +39,7 @@ PROFILES_SOURCE=./apparmor.d EXTRAS_SOURCE=./apparmor/profiles/extras/ SUBDIRS_MUST_BE_SKIPPED=${PROFILES_SOURCE}/abstractions ${PROFILES_SOURCE}/apache2.d ${PROFILES_SOURCE}/program-chunks ${PROFILES_SOURCE}/tunables PROFILES_TO_COPY=$(filter-out ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*)) +TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d, $(wildcard ${PROFILES_SOURCE}/tunables/*)) .PHONY: install install: @@ -46,12 +47,14 @@ install: install -m 755 -d ${PROFILES_DEST}/abstractions \ ${PROFILES_DEST}/apache2.d \ ${PROFILES_DEST}/program-chunks \ - ${PROFILES_DEST}/tunables + ${PROFILES_DEST}/tunables \ + ${PROFILES_DEST}/tunables/home.d install -m 644 ${PROFILES_TO_COPY} ${PROFILES_DEST} install -m 644 ${PROFILES_SOURCE}/abstractions/* ${PROFILES_DEST}/abstractions install -m 644 ${PROFILES_SOURCE}/apache2.d/* ${PROFILES_DEST}/apache2.d install -m 644 ${PROFILES_SOURCE}/program-chunks/* ${PROFILES_DEST}/program-chunks - install -m 644 ${PROFILES_SOURCE}/tunables/* ${PROFILES_DEST}/tunables + install -m 644 ${TUNABLES_TO_COPY} ${PROFILES_DEST}/tunables + install -m 644 ${PROFILES_SOURCE}/tunables/home.d/* ${PROFILES_DEST}/tunables/home.d install -m 755 -d ${EXTRAS_DEST} install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST} diff --git a/profiles/apparmor.d/tunables/home b/profiles/apparmor.d/tunables/home index 2682547ed..2d8529613 100644 --- a/profiles/apparmor.d/tunables/home +++ b/profiles/apparmor.d/tunables/home @@ -1,7 +1,8 @@ # $Id$ # ------------------------------------------------------------------ # -# Copyright (C) 2006 Novell/SUSE +# Copyright (C) 2006-2009 Novell/SUSE +# Copyright (C) 2010 Canonical Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -17,5 +18,9 @@ # @{HOMEDIRS} is a space-separated list of where user home directories # are stored, for programs that must enumerate all home directories on a -# system. +# system. @{HOMEDIRS}=/home/ + +# Also, include files in tunables/home.d for site-specific adjustments to +# @{HOMEDIRS}. +#include diff --git a/profiles/apparmor.d/tunables/home.d/site.local b/profiles/apparmor.d/tunables/home.d/site.local new file mode 100644 index 000000000..5521eefc4 --- /dev/null +++ b/profiles/apparmor.d/tunables/home.d/site.local @@ -0,0 +1,14 @@ +# $Id$ +# ------------------------------------------------------------------ +# +# Copyright (C) 2010 Canonical Ltd. +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# The following is a space-separated list of where additional user home +# directories are stored. Directories added here are appended to @{HOMEDIRS}. +# See tunables/home for details. Eg: +#@HOMEDIRS+=/srv/nfs/home /mnt/home