Jason Thistlethwaite
38 lines
845 B
Bash
Executable File
38 lines
845 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
if [[ ${EUID} -ne 0 ]]; then
|
|
echo "Run as root: sudo ./install.sh" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v apparmor_parser >/dev/null 2>&1; then
|
|
echo "apparmor_parser is required but was not found" >&2
|
|
exit 1
|
|
fi
|
|
|
|
repo_dir="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
|
profile_dir="${repo_dir}/profiles"
|
|
target_dir="/etc/apparmor.d"
|
|
|
|
profiles=(
|
|
"usr.bin.bwrap"
|
|
)
|
|
|
|
for profile in "${profiles[@]}"; do
|
|
source="${profile_dir}/${profile}"
|
|
target="${target_dir}/${profile}"
|
|
|
|
if [[ ! -f "${source}" ]]; then
|
|
echo "Missing profile template: ${source}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
install -m 0644 -o root -g root "${source}" "${target}"
|
|
apparmor_parser -r "${target}"
|
|
echo "Loaded ${target}"
|
|
done
|
|
|
|
echo "Targeted AppArmor user namespace profile installed."
|
|
echo "No sysctl settings were changed."
|