tools: Add AppArmor profile for cockpit-desktop
Ubuntu 24.04 LTS restricts user name spaces by default. Add an AppArmor profile for cockpit-desktop to allow it. This is a no-op for older releases. See https://launchpad.net/bugs/2046477 for details.
This commit is contained in:
parent
d6e7812e17
commit
5659be3938
|
@ -22,4 +22,7 @@ coverage:
|
|||
@echo "file://$(abs_top_builddir)/tools/coverage/index.html"
|
||||
endif
|
||||
|
||||
EXTRA_DIST += pkg/apps/content-security-policy.override
|
||||
EXTRA_DIST += \
|
||||
pkg/apps/content-security-policy.override \
|
||||
tools/apparmor.d/cockpit-desktop \
|
||||
$(NULL)
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
abi <abi/4.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
profile cockpit-desktop /usr/lib/cockpit/cockpit-desktop flags=(unconfined) {
|
||||
userns,
|
||||
|
||||
# Site-specific additions and overrides. See local/README for details.
|
||||
include if exists <local/cockpit-desktop>
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
etc/cockpit/ws-certs.d
|
||||
etc/pam.d/cockpit
|
||||
tools/apparmor.d/cockpit-desktop etc/apparmor.d/
|
||||
${env:deb_systemdsystemunitdir}/cockpit.service
|
||||
${env:deb_systemdsystemunitdir}/cockpit-motd.service
|
||||
${env:deb_systemdsystemunitdir}/cockpit.socket
|
||||
|
|
|
@ -21,6 +21,11 @@ if [ -d /run/systemd/system ] && [ -n "$2" ]; then
|
|||
deb-systemd-invoke try-restart cockpit.service >/dev/null || true
|
||||
fi
|
||||
|
||||
# update AppArmor profile
|
||||
if [ "$1" = "configure" ] && aa-enabled --quiet 2>/dev/null; then
|
||||
apparmor_parser -r -T -W /etc/apparmor.d/cockpit-desktop || true
|
||||
fi
|
||||
|
||||
# set up dynamic motd/issue symlinks on first-time install or upgrades from < 244 (which moved them out of the .deb)
|
||||
if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt 244; then
|
||||
mkdir -p /etc/motd.d /etc/issue.d
|
||||
|
|
Loading…
Reference in New Issue