mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
5657799dc7
(except the deprecated tunables/sys) This allows users to extend variables without editing the main tunables files. It also allows to cleanly introduce new tunable files (via tunables/global.d) and new aliases (via tunables/alias.d). Note: some files already had `include <tunables/$FILE.d>`. These get changed to `include if exists`, and the comments for these includes get unified. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/347
28 lines
1.2 KiB
Text
28 lines
1.2 KiB
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2020 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
# @{etc_ro} contains a space-separated list of the system configuration directories.
|
|
# Traditionally this means /etc/, but when using a read-only / filesystem and/or
|
|
# with the goal of having only user-modified config files in /etc/, directories
|
|
# like /usr/etc/ get introduced for storing the default config.
|
|
|
|
# @{etc_ro} contains directories with configuration files, including read-only directories.
|
|
# Do not use @{etc_ro} in rules that allow write access.
|
|
@{etc_ro}=/etc/ /usr/etc/
|
|
|
|
# @{etc_rw} contains directories where writing to configuration files is allowed.
|
|
# @{etc_rw} should always be a subset of @{etc_ro}.
|
|
#
|
|
# Only use @{etc_rw} if the profile allows writing to a configuration file.
|
|
# For rules that only allows read access, use @{etc_ro}.
|
|
@{etc_rw}=/etc/
|
|
|
|
# Also, include files in tunables/etc.d for site-specific adjustments
|
|
include if exists <tunables/etc.d>
|