[apparmor] Question about defining a profile name via @{exec_path} variable
Vincas Dargis
vindrg at gmail.com
Thu Jan 10 17:13:22 UTC 2019
On 2019-01-10 15:58, Christian Boltz wrote:
> The proper solution / fix is to expand variables and to work on their
> content, but I'm afraind that isn't something I can do quickly.
Right, it is unfortunate that we can't really use variables. If we could, I would start (and
suggest) using @{foo_prefix} all other the place, to make local build software attached to the same
"upstream" profile, by, for example, creating `/etc/apparmor.d/tunables/usr.bin.foo.d/local` file
with contents:
```
# it's only /usr by default
@{foo_prefix} += /usr/local @{HOME}/opt/foo_from_github
```
And profile would just work:
```
profile foo @{foo_prefix}/bin/foo {
...
@{foo_prefix}/share/foo/resource r,
...
}
```
More information about the AppArmor
mailing list