From d526461515106aefd1911b6fe3069c39e94b3d50 Mon Sep 17 00:00:00 2001 From: Olivier Mauras Date: Tue, 21 Mar 2017 00:59:03 +0100 Subject: [PATCH] runit-void: Add subpkg -apparmor --- srcpkgs/runit-void-apparmor | 1 + srcpkgs/runit-void/files/09-apparmor.sh | 32 +++++++++++++++++++++++++ srcpkgs/runit-void/files/rc.apparmor | 11 +++++++++ srcpkgs/runit-void/template | 13 +++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) create mode 120000 srcpkgs/runit-void-apparmor create mode 100644 srcpkgs/runit-void/files/09-apparmor.sh create mode 100644 srcpkgs/runit-void/files/rc.apparmor diff --git a/srcpkgs/runit-void-apparmor b/srcpkgs/runit-void-apparmor new file mode 120000 index 00000000000..56af4340f73 --- /dev/null +++ b/srcpkgs/runit-void-apparmor @@ -0,0 +1 @@ +runit-void \ No newline at end of file diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh new file mode 100644 index 00000000000..d74b7ad74c5 --- /dev/null +++ b/srcpkgs/runit-void/files/09-apparmor.sh @@ -0,0 +1,32 @@ +# vim: set ts=4 sw=4 et: + +# AppArmor is not enabled in kernel, silently exit +[ ! -d /sys/kernel/security/apparmor ] && return + +# Load config +[ -r /etc/rc.apparmor ] && . /etc/rc.apparmor + +# Proceed to load profiles depending on user settings +msg "Loading AppArmor profiles..." + +if [ -n "$APPARMOR" ]; then + if [ "$APPARMOR" != "complain" -a "$APPARMOR" != "enforce" ]; then + printf '! AppArmor set to %s - ignoring profiles\n' "$APPARMOR" + return + fi + + [ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C" + + if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then + for profile in /etc/apparmor.d/*; do + if [ -f "$profile" ]; then + printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile" + apparmor_parser -a $AACOMPLAIN "$profile" + fi + done + else + printf '! AppArmor installation problem - ensure you have installed apparmor package\n' + fi +else + printf '! AppArmor disabled - ignoring profiles\n' +fi diff --git a/srcpkgs/runit-void/files/rc.apparmor b/srcpkgs/runit-void/files/rc.apparmor new file mode 100644 index 00000000000..95ff443928a --- /dev/null +++ b/srcpkgs/runit-void/files/rc.apparmor @@ -0,0 +1,11 @@ +# AppArmor configuration + +# Possible options: +# - disable +# - complain +# - enforce +#APPARMOR=disable + +# Profiles path: +AA_PROFILES_PATH="/etc/apparmor.d" + diff --git a/srcpkgs/runit-void/template b/srcpkgs/runit-void/template index d246f3f8fd1..2bdb98617d4 100644 --- a/srcpkgs/runit-void/template +++ b/srcpkgs/runit-void/template @@ -1,7 +1,7 @@ # Template file for 'runit-void' pkgname=runit-void version=20171102 -revision=1 +revision=2 wrksrc="void-runit-${version}" build_style=gnu-makefile homepage="http://www.voidlinux.eu" @@ -32,9 +32,20 @@ post_install() { vconf ${FILESDIR}/hostname vconf ${FILESDIR}/os-release vconf ${FILESDIR}/locale.conf + vconf ${FILESDIR}/rc.apparmor + vinstall ${FILESDIR}/09-apparmor.sh 644 /etc/runit/core-services/ # Enable services at post-install time instead. rm -f ${DESTDIR}/etc/runit/runsvdir/current rm -rf ${DESTDIR}/etc/runit/runsvdir/default rm -rf ${DESTDIR}/etc/runit/runsvdir/single ln -s runit-init ${DESTDIR}/usr/bin/init } + +runit-void-apparmor_package() { + short_desc+=" - AppArmor initialization" + depends="${sourcepkg}-${version}_${revision}" + pkg_install() { + vmove etc/rc.apparmor + vmove etc/runit/core-services/09-apparmor.sh + } +}