felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

build: configure sbin value according to the target distribution.

Browse source
This commit is contained in:
Alexandre Pujol 2025-05-01 14:36:57 +02:00
parent d162032af9
commit 48a37bbf34
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pkg/aa/apparmor.go
View file

@ -33,7 +33,7 @@ func DefaultTunables() *AppArmorProfileFile {
return &AppArmorProfileFile{ return &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Variable{Name: "arch", Values: []string{"x86_64", "amd64", "i386"}, Define: true}, &Variable{Name: "arch", Values: []string{"x86_64", "amd64", "i386"}, Define: true},
&Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true}, &Variable{Name: "bin", Values: []string{"/{,usr/}bin"}, Define: true},
&Variable{Name: "c", Values: []string{"[0-9a-zA-Z]"}, Define: true}, &Variable{Name: "c", Values: []string{"[0-9a-zA-Z]"}, Define: true},
&Variable{Name: "dpkg_script_ext", Values: []string{"config", "templates", "preinst", "postinst", "prerm", "postrm"}, Define: true}, &Variable{Name: "dpkg_script_ext", Values: []string{"config", "templates", "preinst", "postinst", "prerm", "postrm"}, Define: true},
&Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true}, &Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true},
@ -45,7 +45,6 @@ func DefaultTunables() *AppArmorProfileFile {
&Variable{Name: "multiarch", Values: []string{"*-linux-gnu*"}, Define: true}, &Variable{Name: "multiarch", Values: []string{"*-linux-gnu*"}, Define: true},
&Variable{Name: "rand", Values: []string{"@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}"}, Define: true}, // Up to 10 characters &Variable{Name: "rand", Values: []string{"@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}"}, Define: true}, // Up to 10 characters
&Variable{Name: "run", Values: []string{"/run/", "/var/run/"}, Define: true}, &Variable{Name: "run", Values: []string{"/run/", "/var/run/"}, Define: true},
&Variable{Name: "sbin", Values: []string{"/{,usr/}sbin"}, Define: true},
&Variable{Name: "uid", Values: []string{"{[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}"}, Define: true}, &Variable{Name: "uid", Values: []string{"{[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}"}, Define: true},
&Variable{Name: "user_cache_dirs", Values: []string{"/home/*/.cache"}, Define: true}, &Variable{Name: "user_cache_dirs", Values: []string{"/home/*/.cache"}, Define: true},
&Variable{Name: "user_config_dirs", Values: []string{"/home/*/.config"}, Define: true}, &Variable{Name: "user_config_dirs", Values: []string{"/home/*/.config"}, Define: true},

10
pkg/prebuild/builder/userspace.go
View file

@ -40,6 +40,16 @@ func (b Userspace) Apply(opt *Option, profile string) (string, error) {
} }
f := aa.DefaultTunables() f := aa.DefaultTunables()
if prebuild.Distribution == "arch" {
f.Preamble = append(f.Preamble, &aa.Variable{
Name: "sbin", Values: []string{"/{,usr/}{,s}bin"}, Define: true,
})
} else {
f.Preamble = append(f.Preamble, &aa.Variable{
Name: "sbin", Values: []string{"/{,usr/}sbin"}, Define: true,
})
}
if _, err := f.Parse(profile); err != nil { if _, err := f.Parse(profile); err != nil {
return "", err return "", err
} }