Пример #1
0
// InstallDefault generates a default profile and installs it in the
// ProfileDirectory with `apparmor_parser`.
func InstallDefault(name string) error {
	// Make sure the path where they want to save the profile exists
	if err := os.MkdirAll(profileDirectory, 0755); err != nil {
		return err
	}

	p := profileData{
		Name: name,
	}

	f, err := os.OpenFile(defaultProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
	if err != nil {
		return err
	}
	if err := p.generateDefault(f); err != nil {
		f.Close()
		return err
	}
	f.Close()

	if err := aaparser.LoadProfile(defaultProfilePath); err != nil {
		return err
	}

	return nil
}
Пример #2
0
func installAppArmorProfile() error {
	if !apparmor.IsEnabled() {
		return nil
	}

	// Make sure /etc/apparmor.d exists
	if err := os.MkdirAll(path.Dir(apparmorProfilePath), 0755); err != nil {
		return err
	}

	f, err := os.OpenFile(apparmorProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
	if err != nil {
		return err
	}
	if err := generateProfile(f); err != nil {
		f.Close()
		return err
	}
	f.Close()

	if err := aaparser.LoadProfile(apparmorProfilePath); err != nil {
		return err
	}

	return nil
}
Пример #3
0
// InstallDefault generates a default profile in a temp directory determined by
// os.TempDir(), then loads the profile into the kernel using 'apparmor_parser'.
func InstallDefault(name string) error {
	p := profileData{
		Name: name,
	}

	// Install to a temporary directory.
	f, err := ioutil.TempFile("", name)
	if err != nil {
		return err
	}
	profilePath := f.Name()

	defer f.Close()
	defer os.Remove(profilePath)

	if err := p.generateDefault(f); err != nil {
		return err
	}

	if err := aaparser.LoadProfile(profilePath); err != nil {
		return err
	}

	return nil
}