[apparmor] [PATCH] local site-specific changes
Jamie Strandboge
jamie at canonical.com
Thu Aug 5 21:24:52 BST 2010
On Thu, 2010-08-05 at 15:18 -0500, Jamie Strandboge wrote:
> As mentioned in the last meeting, there is a desire to all
> administrators to adjust/override a shipped profile via an include file.
> Attached is a patch that achieves this.
>
> Profiles in profiles/apparmor.d/* now include (with comment)
> local/path.to.binary
>
> /etc/apparmor.d/local/path.to.binary has only a comment
>
> /etc/aparmor.d/local/README explains what this is all about
>
> profiles/Makefile is adjusted to create
> profiles/apparmor.d/local/paths.to.binaries and install them. 'clean'
> will clean them up.
>
I forgot to mention that I used the equivalent command of 'make check'
in profiles/ to verify it all worked ok, both after doing 'make local'
and 'make install'. Eg:
$ cd /tmp/etc
$ for i in `ls -1 ./apparmor.d/[bsu]*` ; do apparmor_parser -S -I
${PWD}/apparmor.d $i > /dev/null ; done
$
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100805/e6bceb3c/attachment.pgp
More information about the AppArmor
mailing list