diff --git a/states/apparmor/defaults.yaml b/states/apparmor/defaults.yaml index 568dd3e..7360d5c 100644 --- a/states/apparmor/defaults.yaml +++ b/states/apparmor/defaults.yaml @@ -1,4 +1,8 @@ --- apparmor: enabled: true - config: + configs: + - 'usr.bin.skype' + - 'opt.kingsoft' + - 'usr.bin.spotify' + - 'opt.sublime_text.sublime_text' diff --git a/states/apparmor/init.sls b/states/apparmor/init.sls index 11d7d66..0e38fa9 100644 --- a/states/apparmor/init.sls +++ b/states/apparmor/init.sls @@ -1,11 +1,11 @@ --- {%- from "apparmor/map.jinja" import apparmor with context %} {%- if apparmor.enabled is defined and apparmor.enabled %} -{%- for apparmor_config in ['usr.bin.skype','opt.kingsoft','usr.bin.spotify','opt.sublime_text_3.sublime_text'] %} -apparmor-{{ apparmor_config }}: +{%- for cfg in apparmor.configs %} +apparmor-{{ cfg }}: file.managed: - - name: "/etc/apparmor.d/{{ apparmor_config }}" - - source: "salt://apparmor/{{ apparmor_config }}.j2" + - name: "/etc/apparmor.d/{{ cfg }}" + - source: "salt://apparmor/{{ cfg }}.j2" - user: root - group: root - mode: 0644 diff --git a/states/apparmor/opt.sublime_text_3.sublime_text.j2 b/states/apparmor/opt.sublime_text.sublime_text.j2 similarity index 84% rename from states/apparmor/opt.sublime_text_3.sublime_text.j2 rename to states/apparmor/opt.sublime_text.sublime_text.j2 index 2cccf00..48298b2 100644 --- a/states/apparmor/opt.sublime_text_3.sublime_text.j2 +++ b/states/apparmor/opt.sublime_text.sublime_text.j2 @@ -1,6 +1,6 @@ #include -/opt/sublime_text_3/sublime_text { +/opt/sublime_text*/sublime_text { #include #include #include @@ -16,8 +16,8 @@ /dev/null r, /{dev,run}/{,shm/}** rwmkl, - /opt/sublime_text_3/ rwixmkl, - /opt/sublime_text_3/** rwixmkl, + /opt/sublime_text*/ rwixmkl, + /opt/sublime_text*/** rwixmkl, owner @{HOME}/.config/sublime-text-3/ rwmkl, owner @{HOME}/.config/sublime-text-3/** rwmkl, @@ -29,7 +29,7 @@ deny network raw, } -/opt/sublime_text_3/plugin_host { +/opt/sublime_text*/plugin_host* { #include deny network inet, deny network inet6,