Initial commit
This commit is contained in:
Jason Thistlethwaite
@@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
echo "== AppArmor namespace sysctls =="
|
||||
sysctl kernel.apparmor_restrict_unprivileged_userns kernel.unprivileged_userns_clone
|
||||
|
||||
echo
|
||||
echo "== Profile files =="
|
||||
profile="/etc/apparmor.d/usr.bin.bwrap"
|
||||
if [[ -f "${profile}" ]]; then
|
||||
echo "present: ${profile}"
|
||||
else
|
||||
echo "missing: ${profile}"
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "== bubblewrap smoke test =="
|
||||
/usr/bin/bwrap \
|
||||
--ro-bind /usr /usr \
|
||||
--ro-bind /bin /bin \
|
||||
--ro-bind /lib /lib \
|
||||
--ro-bind /lib64 /lib64 \
|
||||
/bin/true
|
||||
echo "bwrap smoke test passed"
|
||||
Reference in New Issue
Block a user