Initial commit
This commit is contained in:
Jason Thistlethwaite
Executable
+37
@@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if [[ ${EUID} -ne 0 ]]; then
|
||||
echo "Run as root: sudo ./install.sh" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command -v apparmor_parser >/dev/null 2>&1; then
|
||||
echo "apparmor_parser is required but was not found" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
repo_dir="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
||||
profile_dir="${repo_dir}/profiles"
|
||||
target_dir="/etc/apparmor.d"
|
||||
|
||||
profiles=(
|
||||
"usr.bin.bwrap"
|
||||
)
|
||||
|
||||
for profile in "${profiles[@]}"; do
|
||||
source="${profile_dir}/${profile}"
|
||||
target="${target_dir}/${profile}"
|
||||
|
||||
if [[ ! -f "${source}" ]]; then
|
||||
echo "Missing profile template: ${source}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
install -m 0644 -o root -g root "${source}" "${target}"
|
||||
apparmor_parser -r "${target}"
|
||||
echo "Loaded ${target}"
|
||||
done
|
||||
|
||||
echo "Targeted AppArmor user namespace profile installed."
|
||||
echo "No sysctl settings were changed."
|
||||
Reference in New Issue
Block a user