diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-03-20 19:16:32 +0100 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-03-20 19:16:32 +0100 |
| commit | 39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 (patch) | |
| tree | 9221704f413398cfb5d5759083b1e7032566820e /straper/db/public/apparmor/apparmor.d/local/README | |
| parent | 6b59b75c3a294060dea66bdee16ffaf95ae92889 (diff) | |
| download | bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.tar.gz bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.zip | |
feat: first fully successful run e2e on straper
Diffstat (limited to 'straper/db/public/apparmor/apparmor.d/local/README')
| -rw-r--r-- | straper/db/public/apparmor/apparmor.d/local/README | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/straper/db/public/apparmor/apparmor.d/local/README b/straper/db/public/apparmor/apparmor.d/local/README new file mode 100644 index 0000000..688ed42 --- /dev/null +++ b/straper/db/public/apparmor/apparmor.d/local/README @@ -0,0 +1,27 @@ +# This directory is intended to contain profile additions and overrides for +# inclusion by distributed profiles to aid in packaging AppArmor for +# distributions. +# +# The shipped profiles in /etc/apparmor.d can still be modified by an +# administrator and people should modify the shipped profile when making +# large policy changes, rather than trying to make those adjustments here. +# +# For simple access additions or the occasional deny override, adjusting them +# here can prevent the package manager of the distribution from interfering +# with local modifications. As always, new policy should be reviewed to ensure +# it is appropriate for your site. +# +# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has: +# include <local/usr.sbin.smbd> +# or +# include if exists <local/usr.sbin.smbd> +# +# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd +# (create the file if it doesn't exist yet) to contain any additional paths +# to be allowed, such as: +# +# /var/exports/** lrwk, +# +# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't +# be able to allow access to files that are explicitly denied by the shipped +# profile using this mechanism. |
