Jason Thistlethwaite
25 lines
535 B
Bash
Executable File
25 lines
535 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
echo "== AppArmor namespace sysctls =="
|
|
sysctl kernel.apparmor_restrict_unprivileged_userns kernel.unprivileged_userns_clone
|
|
|
|
echo
|
|
echo "== Profile files =="
|
|
profile="/etc/apparmor.d/usr.bin.bwrap"
|
|
if [[ -f "${profile}" ]]; then
|
|
echo "present: ${profile}"
|
|
else
|
|
echo "missing: ${profile}"
|
|
fi
|
|
|
|
echo
|
|
echo "== bubblewrap smoke test =="
|
|
/usr/bin/bwrap \
|
|
--ro-bind /usr /usr \
|
|
--ro-bind /bin /bin \
|
|
--ro-bind /lib /lib \
|
|
--ro-bind /lib64 /lib64 \
|
|
/bin/true
|
|
echo "bwrap smoke test passed"
|