runit-void: Add subpkg -apparmor

This commit is contained in:
Olivier Mauras 2017-03-21 00:59:03 +01:00
parent bcd8897ec2
commit d526461515
4 changed files with 56 additions and 1 deletions

1
srcpkgs/runit-void-apparmor Symbolic link
View File

@ -0,0 +1 @@
runit-void

View File

@ -0,0 +1,32 @@
# vim: set ts=4 sw=4 et:
# AppArmor is not enabled in kernel, silently exit
[ ! -d /sys/kernel/security/apparmor ] && return
# Load config
[ -r /etc/rc.apparmor ] && . /etc/rc.apparmor
# Proceed to load profiles depending on user settings
msg "Loading AppArmor profiles..."
if [ -n "$APPARMOR" ]; then
if [ "$APPARMOR" != "complain" -a "$APPARMOR" != "enforce" ]; then
printf '! AppArmor set to %s - ignoring profiles\n' "$APPARMOR"
return
fi
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
for profile in /etc/apparmor.d/*; do
if [ -f "$profile" ]; then
printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
apparmor_parser -a $AACOMPLAIN "$profile"
fi
done
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
else
printf '! AppArmor disabled - ignoring profiles\n'
fi

View File

@ -0,0 +1,11 @@
# AppArmor configuration
# Possible options:
# - disable
# - complain
# - enforce
#APPARMOR=disable
# Profiles path:
AA_PROFILES_PATH="/etc/apparmor.d"

View File

@ -1,7 +1,7 @@
# Template file for 'runit-void' # Template file for 'runit-void'
pkgname=runit-void pkgname=runit-void
version=20171102 version=20171102
revision=1 revision=2
wrksrc="void-runit-${version}" wrksrc="void-runit-${version}"
build_style=gnu-makefile build_style=gnu-makefile
homepage="http://www.voidlinux.eu" homepage="http://www.voidlinux.eu"
@ -32,9 +32,20 @@ post_install() {
vconf ${FILESDIR}/hostname vconf ${FILESDIR}/hostname
vconf ${FILESDIR}/os-release vconf ${FILESDIR}/os-release
vconf ${FILESDIR}/locale.conf vconf ${FILESDIR}/locale.conf
vconf ${FILESDIR}/rc.apparmor
vinstall ${FILESDIR}/09-apparmor.sh 644 /etc/runit/core-services/
# Enable services at post-install time instead. # Enable services at post-install time instead.
rm -f ${DESTDIR}/etc/runit/runsvdir/current rm -f ${DESTDIR}/etc/runit/runsvdir/current
rm -rf ${DESTDIR}/etc/runit/runsvdir/default rm -rf ${DESTDIR}/etc/runit/runsvdir/default
rm -rf ${DESTDIR}/etc/runit/runsvdir/single rm -rf ${DESTDIR}/etc/runit/runsvdir/single
ln -s runit-init ${DESTDIR}/usr/bin/init ln -s runit-init ${DESTDIR}/usr/bin/init
} }
runit-void-apparmor_package() {
short_desc+=" - AppArmor initialization"
depends="${sourcepkg}-${version}_${revision}"
pkg_install() {
vmove etc/rc.apparmor
vmove etc/runit/core-services/09-apparmor.sh
}
}