From 39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 Mon Sep 17 00:00:00 2001 From: Lukasz Kasprzak Date: Fri, 20 Mar 2026 19:16:32 +0100 Subject: feat: first fully successful run e2e on straper --- straper/db/public/apparmor/apparmor.d/local/README | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 straper/db/public/apparmor/apparmor.d/local/README (limited to 'straper/db/public/apparmor/apparmor.d/local/README') diff --git a/straper/db/public/apparmor/apparmor.d/local/README b/straper/db/public/apparmor/apparmor.d/local/README new file mode 100644 index 0000000..688ed42 --- /dev/null +++ b/straper/db/public/apparmor/apparmor.d/local/README @@ -0,0 +1,27 @@ +# This directory is intended to contain profile additions and overrides for +# inclusion by distributed profiles to aid in packaging AppArmor for +# distributions. +# +# The shipped profiles in /etc/apparmor.d can still be modified by an +# administrator and people should modify the shipped profile when making +# large policy changes, rather than trying to make those adjustments here. +# +# For simple access additions or the occasional deny override, adjusting them +# here can prevent the package manager of the distribution from interfering +# with local modifications. As always, new policy should be reviewed to ensure +# it is appropriate for your site. +# +# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has: +# include +# or +# include if exists +# +# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd +# (create the file if it doesn't exist yet) to contain any additional paths +# to be allowed, such as: +# +# /var/exports/** lrwk, +# +# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't +# be able to allow access to files that are explicitly denied by the shipped +# profile using this mechanism. -- cgit v1.3