Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • abuild abuild
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 56
    • Issues 56
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 32
    • Merge requests 32
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • abuildabuild
  • Merge requests
  • !154

Draft: abuild.in: add default function for apparmor profiles

  • Review changes

  • Download
  • Email patches
  • Plain diff
Open Dhruvin Gandhi requested to merge dhruvin/abuild:apparmor into master Jul 28, 2022
  • Overview 0
  • Commits 1
  • Pipelines 1
  • Changes 1

Proposal

This will allow package maintainers to automatically create $pkgname-apparmor-profile sub-package, with apparmor profiles for their package (put in /etc/apparmor.d).

Context

TSC has declined the request for alpine specific apparmor profiles due to increased burden of maintenance for now (tsc#26). I believe supporting it is still on table, but is not planned for foreseeable future. This MR is in spirit of adding apparmor support incrementally. It will allow package maintainers to provide apparmor profiles, while keeping the burden of maintenance distributed among them. The apparmor-profiles package needs some maintenance (which I'm offering to commit to), hence this MR is in Draft state.

Request for comments

  1. Is this the right direction to support AppArmor in Alpine?
  2. Should we allow package maintainers to start packaging apparmor profiles (while working with upstream)?
  3. Are $pkgname-apparmor-profile and aaprof appropriate names for subpackage and split function respectively?

Future work

Once this is accepted we need to add a trigger for apparmor-profiles that (un)loads policies that are (de)installed or upgraded by individual packages.

Note: This is my first MR to abuild (and alpine infrastructure in general). Let me know if I got anything wrong.

Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: apparmor