Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:cboltz
apparmor.d
apparmor.d.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor.d.spec of Package apparmor.d
# # spec file for package apparmor.d # # Copyright (c) 2023 SUSE LLC # Copyright (c) 2023 Christian Boltz # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # defined in home:cboltz:aa4 to enable abi/4.0 %bcond_with aa4 Name: apparmor.d Version: 0.0.git.1714684322.3f69b9fe Release: 0 Summary: Set of over 1500 AppArmor profiles License: GPL-2.0-only URL: https://github.com/roddhjav/apparmor.d Source: %{name}-%{version}.tar.xz Source1: vendor.tar.gz # BuildRequires: git-core # not needed for openSUSE, see https://github.com/roddhjav/apparmor.d/issues/132 BuildRequires: distribution-release BuildRequires: golang-packaging BuildRequires: rsync # for /etc/apparmor.d/disable symlink targets BuildRequires: apparmor-profiles Requires: apparmor-profiles %description AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes. For now, all profiles are packaged in complain mode. %prep %autosetup -p1 -a1 %build # complain mode is default - use "make enforce" for enforce mode. # Note: some profiles not considered stable yet will still be packaged in complain mode. %make_build build %if %{with aa4} echo "=== building with abi/4.0 ===" ./.build/prebuild --complain --abi4 %else echo "=== building with abi/3.0 ===" ./.build/prebuild --complain %endif %install %make_install # AppArmor 4.0 contains several profiles that allow userns and are otherwise unconfined. # Rename their (better) apparmor.d counterpart, and disable those from AppArmor. mkdir %{buildroot}/etc/apparmor.d/disable/ rpm -q apparmor-profiles | grep apparmor-profiles-3 || \ for profile in brave chrome element-desktop epiphany firefox flatpak loupe msedge nautilus opera plasmashell slirp4netns systemd-coredump thunderbird virtiofsd ; do mv -vi %{buildroot}/etc/apparmor.d/$profile %{buildroot}/etc/apparmor.d/${profile}-apparmor.d ( cd %{buildroot}/etc/apparmor.d/disable/ && ln -sv ../$profile ) done %posttrans # workaround for bnc#904620#c8 / lp#1392042 # cache location starting with 2.13 rm -f /var/cache/apparmor/* 2>/dev/null #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||: %files %license LICENSE %doc README.md # libvirtd and virt-aa-helper conflict with the profiles shipped in libvirt-daemon-common %exclude /etc/apparmor.d/libvirtd %exclude /etc/apparmor.d/virt-aa-helper # unix-chkpwd (based on, but not idendical to the apparmor.d profile) is now part of the apparmor-profiles package %exclude /etc/apparmor.d/unix-chkpwd # hostapd is part of the hostapd package %exclude /etc/apparmor.d/hostapd %config(noreplace) /etc/apparmor.d/ /usr/bin/aa-log %dir /usr/lib/systemd/system/*.service.d /usr/lib/systemd/system/*.service.d/apparmor.conf %dir /usr/lib/systemd/user/*.service.d /usr/lib/systemd/user/*.service.d/apparmor.conf /usr/share/bash-completion/completions/aa-log %dir /usr/share/zsh %dir /usr/share/zsh/site-functions /usr/share/zsh/site-functions/_aa-log.zsh %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor