paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated apparmor state

Browse Source
This commit is contained in:
Paul 2021-09-25 16:03:23 +02:00
parent 32dd635a3c
commit 18300a1b1d
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
states/apparmor/defaults.yaml
View File

@ -1,4 +1,8 @@
---
apparmor:
enabled: true
config:
configs:
- 'usr.bin.skype'
- 'opt.kingsoft'
- 'usr.bin.spotify'
- 'opt.sublime_text.sublime_text'

8
states/apparmor/init.sls
View File

@ -1,11 +1,11 @@
---
{%- from "apparmor/map.jinja" import apparmor with context %}
{%- if apparmor.enabled is defined and apparmor.enabled %}
{%- for apparmor_config in ['usr.bin.skype','opt.kingsoft','usr.bin.spotify','opt.sublime_text_3.sublime_text'] %}
apparmor-{{ apparmor_config }}:
{%- for cfg in apparmor.configs %}
apparmor-{{ cfg }}:
file.managed:
- name: "/etc/apparmor.d/{{ apparmor_config }}"
- source: "salt://apparmor/{{ apparmor_config }}.j2"
- name: "/etc/apparmor.d/{{ cfg }}"
- source: "salt://apparmor/{{ cfg }}.j2"
- user: root
- group: root
- mode: 0644

8
states/apparmor/opt.sublime_text_3.sublime_text.j2 → states/apparmor/opt.sublime_text.sublime_text.j2
View File

@ -1,6 +1,6 @@
#include <tunables/global>
/opt/sublime_text_3/sublime_text {
/opt/sublime_text*/sublime_text {
#include <abstractions/base>
#include <abstractions/X>
#include <abstractions/ibus>
@ -16,8 +16,8 @@
/dev/null r,
/{dev,run}/{,shm/}** rwmkl,
/opt/sublime_text_3/ rwixmkl,
/opt/sublime_text_3/** rwixmkl,
/opt/sublime_text*/ rwixmkl,
/opt/sublime_text*/** rwixmkl,
owner @{HOME}/.config/sublime-text-3/ rwmkl,
owner @{HOME}/.config/sublime-text-3/** rwmkl,
@ -29,7 +29,7 @@
deny network raw,
}
/opt/sublime_text_3/plugin_host {
/opt/sublime_text*/plugin_host* {
#include <abstractions/base>
deny network inet,
deny network inet6,