diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2019-02-05 17:03:46 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-02-05 17:03:46 +0000 |
| commit | 6b5a5a8b3d56b5566cee123a540aebf1ee847801 (patch) | |
| tree | c2d72f536bf3f76d9fea70705f13d8d4383fe2a3 | |
| parent | firejail.config fixes (diff) | |
| parent | Update firejail-local (diff) | |
| download | firejail-6b5a5a8b3d56b5566cee123a540aebf1ee847801.tar.gz firejail-6b5a5a8b3d56b5566cee123a540aebf1ee847801.tar.zst firejail-6b5a5a8b3d56b5566cee123a540aebf1ee847801.zip | |
Merge pull request #2390 from glitsj16/apparmor
Retain local apparmor customizations
| -rw-r--r-- | Makefile.in | 3 | ||||
| -rw-r--r-- | etc/firejail-local | 3 | ||||
| -rw-r--r-- | src/man/firejail.txt | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index 4e87d4ae0..0cbbb374c 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -134,7 +134,8 @@ ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) | |||
| 134 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" | 134 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" |
| 135 | install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/. | 135 | install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/. |
| 136 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" | 136 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" |
| 137 | install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/. | 137 | # install apparmor profile customization file |
| 138 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-local ]; then install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/.; fi;" | ||
| 138 | endif | 139 | endif |
| 139 | # man pages | 140 | # man pages |
| 140 | install -m 0755 -d $(DESTDIR)/$(mandir)/man1 | 141 | install -m 0755 -d $(DESTDIR)/$(mandir)/man1 |
diff --git a/etc/firejail-local b/etc/firejail-local index cddf44f13..f086653f8 100644 --- a/etc/firejail-local +++ b/etc/firejail-local | |||
| @@ -1 +1,2 @@ | |||
| 1 | # Site-specific additions and overrides for 'firejail-default' | 1 | # Site-specific additions and overrides for 'firejail-default'. |
| 2 | # For more details, please see /etc/apparmor.d/local/README. | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 16004193d..052aeb56b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -2527,7 +2527,7 @@ AppArmor support is disabled by default at compile time. Use --enable-apparmor c | |||
| 2527 | .br | 2527 | .br |
| 2528 | $ ./configure --prefix=/usr --enable-apparmor | 2528 | $ ./configure --prefix=/usr --enable-apparmor |
| 2529 | .TP | 2529 | .TP |
| 2530 | During software install, a generic AppArmor profile file, firejail-default, is placed in /etc/apparmor.d directory. The local customizations can be placed in /etc/apparmor.d/local/firejail-local. The profile needs to be loaded into the kernel by reloading apparmor.service, rebooting the system or running the following command as root: | 2530 | During software install, a generic AppArmor profile file, firejail-default, is placed in /etc/apparmor.d directory. The local customizations must be placed in /etc/apparmor.d/local/firejail-local. The profile needs to be loaded into the kernel by reloading apparmor.service, rebooting the system or running the following command as root: |
| 2531 | .br | 2531 | .br |
| 2532 | 2532 | ||
| 2533 | .br | 2533 | .br |