diff --git a/dists/overwrite b/dists/overwrite index 3ddd83d97..1464f03ff 100644 --- a/dists/overwrite +++ b/dists/overwrite @@ -12,15 +12,22 @@ firefox flatpak foliate loupe +lsblk +lsusb msedge mullvad nautilus +openvpn opera +os-prober plasmashell +remmina signal-desktop slirp4netns +steam systemd-coredump thunderbird transmission unix-chkpwd virtiofsd +wg-quick diff --git a/pkg/prebuild/builder/attach.go b/pkg/prebuild/builder/attach.go index 6fd700291..cc1062a69 100644 --- a/pkg/prebuild/builder/attach.go +++ b/pkg/prebuild/builder/attach.go @@ -23,7 +23,7 @@ func init() { RegisterBuilder(&ReAttach{ Base: prebuild.Base{ Keyword: "attach", - Msg: "Re-attach disconnect path", + Msg: "Re-attach disconnected path", }, }) } diff --git a/pkg/prebuild/cli/cli.go b/pkg/prebuild/cli/cli.go index f33296881..ef307a8f1 100644 --- a/pkg/prebuild/cli/cli.go +++ b/pkg/prebuild/cli/cli.go @@ -19,7 +19,8 @@ import ( const ( nilABI uint = 0 - usage = `aa-prebuild [-h] [--complain | --enforce] [--full] [--abi 3|4] + nilVer = "4.0" + usage = `aa-prebuild [-h] [--complain | --enforce] [--full] [--abi 3|4] [--version V] [--file FILE] Prebuild apparmor.d profiles for a given distribution and apply internal built-in directives. @@ -29,6 +30,7 @@ Options: -c, --complain Set complain flag on all profiles. -e, --enforce Set enforce flag on all profiles. -a, --abi ABI Target apparmor ABI. + -v, --version V Target apparmor version. -f, --full Set AppArmor for full system policy. -F, --file Only prebuild a given file. ` @@ -40,6 +42,7 @@ var ( enforce bool full bool abi uint + version string file string ) @@ -54,6 +57,8 @@ func init() { flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.") flag.UintVar(&abi, "a", nilABI, "Target apparmor ABI.") flag.UintVar(&abi, "abi", nilABI, "Target apparmor ABI.") + flag.StringVar(&version, "v", nilVer, "Target apparmor version.") + flag.StringVar(&version, "version", nilVer, "Target apparmor version.") flag.StringVar(&file, "F", "", "Only prebuild a given file.") flag.StringVar(&file, "file", "", "Only prebuild a given file.") } @@ -92,11 +97,14 @@ func Configure() { case 3: builder.Register("abi3") // Convert all profiles from abi 4.0 to abi 3.0 case 4: - // builder.Register("attach") // Re-attach disconnect path + // builder.Register("attach") // Re-attach disconnected path default: logging.Fatal("Invalid ABI version: %d", prebuild.ABI) } + if version != nilVer { + prebuild.Version = version + } if file != "" { sync, _ := prepare.Tasks["synchronise"].(*prepare.Synchronise) sync.Paths = []string{file} diff --git a/pkg/prebuild/directories.go b/pkg/prebuild/directories.go index dcf368f51..462f4fbc1 100644 --- a/pkg/prebuild/directories.go +++ b/pkg/prebuild/directories.go @@ -10,6 +10,9 @@ var ( // AppArmor ABI version ABI uint = 0 + // AppArmor version + Version string = "4.0" + // Pkgname is the name of the package Pkgname string = "apparmor.d" diff --git a/pkg/prebuild/prepare/configure.go b/pkg/prebuild/prepare/configure.go index 4b8e11ec5..f1a61db1a 100644 --- a/pkg/prebuild/prepare/configure.go +++ b/pkg/prebuild/prepare/configure.go @@ -55,5 +55,21 @@ func (p Configure) Apply() ([]string, error) { return []string{}, fmt.Errorf("%s is not a supported distribution", prebuild.Distribution) } + + if prebuild.Version == "4.1" { + // Remove files upstreamed in 4.1 + remove := []string{ + "abstractions/devices-usb-read", + "abstractions/devices-usb", + "abstractions/nameservice-strict", + "tunables/multiarch.d/base", + "wg", // Upstream version is identical + } + for _, name := range remove { + if err := prebuild.RootApparmord.Join(name).RemoveAll(); err != nil { + return res, err + } + } + } return res, nil }