From 9a2e2eac565d80ef6d23370655b82f5561e87ee4 Mon Sep 17 00:00:00 2001 From: monsieuremre <130907164+monsieuremre@users.noreply.github.com> Date: Thu, 26 Oct 2023 14:27:51 +0000 Subject: [PATCH 1/6] partial.sh --- dists/partial.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 dists/partial.sh diff --git a/dists/partial.sh b/dists/partial.sh new file mode 100644 index 000000000..53a1158da --- /dev/null +++ b/dists/partial.sh @@ -0,0 +1,27 @@ +BUILD=.build +DESTDIR=/ +for profile in "$@" +do + cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/$profile + grep "rPx," "$BUILD/apparmor.d/$profile" | while read l1 + do + dep=$(echo "$l1" | awk '{print $1}') + dep=$(echo $dep | awk -F"/" '{print $NF}') + find . -type f -name $dep | while read l2 + do + if [ ! -f "$DESTDIR/etc/apparmor.d/$dep" ]; then + install_seperate_with_depends $dep + fi + done + done + grep "rPx -> " $BUILD/apparmor.d/$profile | while read l1 + do + dep=$(echo $l1 | awk '{print $NF}' | awk '{if (NR!=1) {print substr($2, 1, length($2)-1)}}') + find . -type f -name $dep | while read l2 + do + if [ ! -f "$DESTDIR/etc/apparmor.d/$dep" ]; then + install_seperate_with_depends $dep + fi + done + done +done From 46fef2a5ee7613b9fc363ea8d86d2c4b779ce31c Mon Sep 17 00:00:00 2001 From: monsieuremre <130907164+monsieuremre@users.noreply.github.com> Date: Thu, 26 Oct 2023 14:29:07 +0000 Subject: [PATCH 2/6] partial install --- Makefile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 8575a9f38..ee9e72692 100644 --- a/Makefile +++ b/Makefile @@ -57,12 +57,7 @@ $(P): @for file in ${TUNABLES}; do \ install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \ done; - @echo "Warning: profile dependencies fallback to unconfined." - @for file in ${@}; do \ - grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \ - sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \ - install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \ - done; + @bash dists/partial.sh ${@} @systemctl restart apparmor || systemctl status apparmor dist ?= archlinux From 9f89cf35e6d5d607194f8b355a7546dcb00b76c5 Mon Sep 17 00:00:00 2001 From: monsieuremre <130907164+monsieuremre@users.noreply.github.com> Date: Fri, 27 Oct 2023 17:36:55 +0000 Subject: [PATCH 3/6] fix --- dists/partial.sh | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/dists/partial.sh b/dists/partial.sh index 53a1158da..7050f3bb1 100644 --- a/dists/partial.sh +++ b/dists/partial.sh @@ -1,27 +1,35 @@ BUILD=.build DESTDIR=/ + for profile in "$@" do - cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/$profile - grep "rPx," "$BUILD/apparmor.d/$profile" | while read l1 + echo "Installing profile $profile" + cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/ + grep "rPx," "${BUILD}/apparmor.d/${profile}" | while read line do dep=$(echo "$l1" | awk '{print $1}') - dep=$(echo $dep | awk -F"/" '{print $NF}') - find . -type f -name $dep | while read l2 - do - if [ ! -f "$DESTDIR/etc/apparmor.d/$dep" ]; then - install_seperate_with_depends $dep + dep=$(echo $dep | awk -F"/" '{print $NF}') + dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") + for i in $dep + do + i=$(echo $i | awk -F"/" '{print $NF}') + if [ ! -f "$DESTDIR/etc/apparmor.d/$i" ]; then + bash "$0" "$i" fi - done + done done - grep "rPx -> " $BUILD/apparmor.d/$profile | while read l1 + grep "rPx -> " "${BUILD}/apparmor.d/${profile}" | while read line do - dep=$(echo $l1 | awk '{print $NF}' | awk '{if (NR!=1) {print substr($2, 1, length($2)-1)}}') - find . -type f -name $dep | while read l2 - do - if [ ! -f "$DESTDIR/etc/apparmor.d/$dep" ]; then - install_seperate_with_depends $dep - fi + dep=${line%%#*} + dep=$(echo $dep | awk '{print $NF}') + dep=${dep::-1} + dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") + for i in $dep + do + i=$(echo $i | awk -F"/" '{print $NF}') + if [ ! -f "$DESTDIR/etc/apparmor.d/$i" ]; then + bash "$0" "$i" + fi done done done From a8d8127c73bbb5039897a9f3f3e69299e2e95aea Mon Sep 17 00:00:00 2001 From: monsieuremre <130907164+monsieuremre@users.noreply.github.com> Date: Sat, 28 Oct 2023 10:24:35 +0000 Subject: [PATCH 4/6] even more fix --- dists/partial.sh | 62 ++++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/dists/partial.sh b/dists/partial.sh index 7050f3bb1..94288fba8 100644 --- a/dists/partial.sh +++ b/dists/partial.sh @@ -3,33 +3,39 @@ DESTDIR=/ for profile in "$@" do - echo "Installing profile $profile" - cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/ - grep "rPx," "${BUILD}/apparmor.d/${profile}" | while read line - do - dep=$(echo "$l1" | awk '{print $1}') - dep=$(echo $dep | awk -F"/" '{print $NF}') - dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") - for i in $dep + echo "Installing profile $profile" + cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/ + grep "rPx," "${BUILD}/apparmor.d/${profile}" | while read line do - i=$(echo $i | awk -F"/" '{print $NF}') - if [ ! -f "$DESTDIR/etc/apparmor.d/$i" ]; then - bash "$0" "$i" - fi - done - done - grep "rPx -> " "${BUILD}/apparmor.d/${profile}" | while read line - do - dep=${line%%#*} - dep=$(echo $dep | awk '{print $NF}') - dep=${dep::-1} - dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") - for i in $dep - do - i=$(echo $i | awk -F"/" '{print $NF}') - if [ ! -f "$DESTDIR/etc/apparmor.d/$i" ]; then - bash "$0" "$i" - fi - done - done + if [[ -z "$dep" ]]; then + continue + fi + dep=$(echo "$l1" | awk '{print $1}') + dep=$(echo $dep | awk -F"/" '{print $NF}') + dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") + for i in $dep + do + i=$(echo $i | awk -F"/" '{print $NF}') + if [ ! -f "$DESTDIR/etc/apparmor.d/$i" ]; then + bash "$0" "$i" + fi + done + done + grep "rPx -> " "${BUILD}/apparmor.d/${profile}" | while read line + do + if [[ -z "$dep" ]]; then + continue + fi + dep=${line%%#*} + dep=$(echo $dep | awk '{print $NF}') + dep=${dep::-1} + dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") + for i in $dep + do + i=$(echo $i | awk -F"/" '{print $NF}') + if [ ! -f "$DESTDIR/etc/apparmor.d/$i" ]; then + bash "$0" "$i" + fi + done + done done From 794c3cf19d017cacfa51a39587e4313910b1bb9c Mon Sep 17 00:00:00 2001 From: monsieuremre <130907164+monsieuremre@users.noreply.github.com> Date: Sat, 28 Oct 2023 10:31:09 +0000 Subject: [PATCH 5/6] names --- dists/partial.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dists/partial.sh b/dists/partial.sh index 94288fba8..0a239cbe8 100644 --- a/dists/partial.sh +++ b/dists/partial.sh @@ -7,10 +7,10 @@ do cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/ grep "rPx," "${BUILD}/apparmor.d/${profile}" | while read line do - if [[ -z "$dep" ]]; then + if [[ -z "$line" ]]; then continue fi - dep=$(echo "$l1" | awk '{print $1}') + dep=$(echo "$line" | awk '{print $1}') dep=$(echo $dep | awk -F"/" '{print $NF}') dep=$(eval "ls ${BUILD}/apparmor.d/${dep} 2>/dev/null") for i in $dep @@ -23,7 +23,7 @@ do done grep "rPx -> " "${BUILD}/apparmor.d/${profile}" | while read line do - if [[ -z "$dep" ]]; then + if [[ -z "$line" ]]; then continue fi dep=${line%%#*} From 2696a5e7e7c5b85eea7c5edf3b02462fa045dcdf Mon Sep 17 00:00:00 2001 From: monsieuremre <130907164+monsieuremre@users.noreply.github.com> Date: Sat, 28 Oct 2023 11:59:11 +0000 Subject: [PATCH 6/6] dont try abstractions --- dists/partial.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dists/partial.sh b/dists/partial.sh index 0a239cbe8..ec7b7c703 100644 --- a/dists/partial.sh +++ b/dists/partial.sh @@ -3,6 +3,9 @@ DESTDIR=/ for profile in "$@" do + if [ ! -f "${BUILD}/apparmor.d/${profile}" ]; then + continue + fi echo "Installing profile $profile" cp $BUILD/apparmor.d/$profile $DESTDIR/etc/apparmor.d/ grep "rPx," "${BUILD}/apparmor.d/${profile}" | while read line