felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa): ensure the prebuild jobs are working.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-29 21:12:54 +01:00
parent fe4c86a245
commit 23eaa20fb7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 29 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/prebuild/builder/core.go
View file

@ -58,7 +58,7 @@ func Run(file *paths.Path, profile string) (string, error) {
for _, b := range Builds {
profile, err = b.Apply(opt, profile)
if err != nil {
return "", err
return "", fmt.Errorf("%s %s: %w", b.Name(), opt.File, err)
}
}
return profile, nil

19
pkg/prebuild/builder/userspace.go
View file

@ -30,10 +30,21 @@ func init() {
}
func (b Userspace) Apply(opt *Option, profile string) (string, error) {
p := aa.DefaultTunables()
p.ParseVariables(profile)
p.ResolveAttachments()
att := p.NestAttachments()
if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("abstractions")); ok {
return profile, nil
}
if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("tunables")); ok {
return profile, nil
}
f := aa.DefaultTunables()
if err := f.Parse(profile); err != nil {
return "", err
}
if err := f.Resolve(); err != nil {
return "", err
}
att := f.GetDefaultProfile().GetAttachments()
matches := regAttachments.FindAllString(profile, -1)
if len(matches) > 0 {
strheader := strings.Replace(matches[0], "@{exec_path}", att, -1)