paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated apparmor state

Browse Source
This commit is contained in:
Paul 2021-09-25 16:03:23 +02:00
parent 32dd635a3c
commit 18300a1b1d
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
states/apparmor/defaults.yaml
View File

@ -1,4 +1,8 @@
--- ---
apparmor: apparmor:
enabled: true enabled: true
config: configs:
- 'usr.bin.skype'
- 'opt.kingsoft'
- 'usr.bin.spotify'
- 'opt.sublime_text.sublime_text'

8
states/apparmor/init.sls
View File

@ -1,11 +1,11 @@
--- ---
{%- from "apparmor/map.jinja" import apparmor with context %} {%- from "apparmor/map.jinja" import apparmor with context %}
{%- if apparmor.enabled is defined and apparmor.enabled %} {%- if apparmor.enabled is defined and apparmor.enabled %}
{%- for apparmor_config in ['usr.bin.skype','opt.kingsoft','usr.bin.spotify','opt.sublime_text_3.sublime_text'] %} {%- for cfg in apparmor.configs %}
apparmor-{{ apparmor_config }}: apparmor-{{ cfg }}:
file.managed: file.managed:
- name: "/etc/apparmor.d/{{ apparmor_config }}" - name: "/etc/apparmor.d/{{ cfg }}"
- source: "salt://apparmor/{{ apparmor_config }}.j2" - source: "salt://apparmor/{{ cfg }}.j2"
- user: root - user: root
- group: root - group: root
- mode: 0644 - mode: 0644

8
states/apparmor/opt.sublime_text_3.sublime_text.j2 → states/apparmor/opt.sublime_text.sublime_text.j2
View File

@ -1,6 +1,6 @@
#include <tunables/global> #include <tunables/global>
/opt/sublime_text_3/sublime_text { /opt/sublime_text*/sublime_text {
#include <abstractions/base> #include <abstractions/base>
#include <abstractions/X> #include <abstractions/X>
#include <abstractions/ibus> #include <abstractions/ibus>
@ -16,8 +16,8 @@
/dev/null r, /dev/null r,
/{dev,run}/{,shm/}** rwmkl, /{dev,run}/{,shm/}** rwmkl,
/opt/sublime_text_3/ rwixmkl, /opt/sublime_text*/ rwixmkl,
/opt/sublime_text_3/** rwixmkl, /opt/sublime_text*/** rwixmkl,
owner @{HOME}/.config/sublime-text-3/ rwmkl, owner @{HOME}/.config/sublime-text-3/ rwmkl,
owner @{HOME}/.config/sublime-text-3/** rwmkl, owner @{HOME}/.config/sublime-text-3/** rwmkl,
@ -29,7 +29,7 @@
deny network raw, deny network raw,
} }
/opt/sublime_text_3/plugin_host { /opt/sublime_text*/plugin_host* {
#include <abstractions/base> #include <abstractions/base>
deny network inet, deny network inet,
deny network inet6, deny network inet6,