Giter Site home page Giter Site logo

sous-chefs / apparmor Goto Github PK

View Code? Open in Web Editor NEW
14.0 44.0 12.0 167 KB

Development repository for the apparmor cookbook

Home Page: https://supermarket.chef.io/cookbooks/apparmor

License: Apache License 2.0

Ruby 100.00%
apparmor chef hacktoberfest chef-cookbook chef-resource managed-by-terraform

apparmor's Introduction

sous-chefs.org website

Netlify Status OpenCollective OpenCollective License

The website is created using the static site generator, Hugo.

The live website is hosted on GitHub pages on the gh-pages branch. Netlify is used to preview changes on branches.

Development

  1. Install Hugo for your platform according to the instructions

  2. Create a feature branch to work on based off of main

  3. Clone the website code and start the development server. This will run a local hugo server that watches for changes to the source files. There will be a section in the output showing which port the site is served on (typically http://localhost:1313):

    git clone [email protected]:sous-chefs/website
cd website
git checkout -b my-feature-branch
hugo server -ws .

  4. Commit your changes, push the branch to the remote and open a Pull Request.

    git push --set-upstream origin my-feature-branch

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website https://opencollective.com/sous-chefs/sponsor/1/website https://opencollective.com/sous-chefs/sponsor/2/website https://opencollective.com/sous-chefs/sponsor/3/website https://opencollective.com/sous-chefs/sponsor/4/website https://opencollective.com/sous-chefs/sponsor/5/website https://opencollective.com/sous-chefs/sponsor/6/website https://opencollective.com/sous-chefs/sponsor/7/website https://opencollective.com/sous-chefs/sponsor/8/website https://opencollective.com/sous-chefs/sponsor/9/website

apparmor's People

Contributors

btm avatar damacus avatar kitchen-porter avatar mattjalexander avatar nathenharvey avatar ramereth avatar renovate[bot] avatar sethvargo avatar stevendanna avatar tas50 avatar xorimabot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hosh kotiri atomic-penguin mattjalexander jkyoung0 jordant arr-dev protec-cookbooks r00twayne aniket-kumar404 isabella232 seanpm2001

apparmor's Issues

template instead of cookbook_file

So ehm... wouldn't it be more flexible if the resource apparmor_policy would be a template and not a static cookbook_file ?

I would simply use an .erb template to dynamically create apparmor_policies...

Cookbook version

2.0.3

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions
.github/workflows/ci.yml
  • sous-chefs/.github 3.1.1
  • actions/checkout v4
  • actionshub/chef-install 3.0.0
  • actionshub/test-kitchen 3.0.0
.github/workflows/stale.yml
  • actions/stale v9
  • Check this box to trigger a request for Renovate to run again on this repository

Cookbook should not disable apparmor out of the box

This goes along with the LWRP to manage apparmor profiles. The default recipe should be empty so that users can include it just for the LWRP. There should be a manage recipe that either enables or disables apparmor and the default should probably be enable.

Default recipe throws error on ubuntu 15.04

its invoking wrong systemd command to enable apparmor service. Instead of

 /bin/systemctl enable apparmor

the recipe needs to execute:

 /bin/systemctl enable apparmor.service

stacktrace:

Recipe: apparmor::default
  * apt_package[apparmor] action install (up to date)
  * service[apparmor] action start (up to date)
  * service[apparmor] action enable

    ================================================================================
    Error executing action `enable` on resource 'service[apparmor]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of /bin/systemctl enable apparmor ----
    STDOUT: 
    STDERR: Synchronizing state for apparmor.service with sysvinit using update-rc.d...
    Executing /usr/sbin/update-rc.d apparmor defaults
    Executing /usr/sbin/update-rc.d apparmor enable
    Failed to execute operation: No such file or directory
    ---- End output of /bin/systemctl enable apparmor ----
    Ran /bin/systemctl enable apparmor returned 1

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/apparmor/recipes/default.rb

     30:   service 'apparmor' do
     31:     action       actions
     32:     supports     [:restart, :reload, :status]
     33:     stop_command '/usr/sbin/service apparmor teardown'
     34:   end
     35: end

    Compiled Resource:
    ------------------
    # Declared in /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'

    service("apparmor") do
      action [:start, :enable]
      supports {:restart=>true, :reload=>true, :status=>true}
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      service_name "apparmor"
      running true
      pattern "apparmor"
      stop_command "/usr/sbin/service apparmor teardown"
      declared_type :service
      cookbook_name "apparmor"
      recipe_name "default"
    end


Running handlers:
[2015-07-13T00:32:08-07:00] ERROR: Running exception handlers
Running handlers complete

Not compatible with chef 13 and the ntp cookbook

We want to go to chef 13, but we can't use this cookbook along side the ntp cookbook since they have resources with the same name


Deprecated features used!
  Cloning resource attributes for service[apparmor] from prior resource
Previous service[apparmor]: /var/chef/cache/cookbooks/ntp/recipes/apparmor.rb:20:in `from_file'
Current  service[apparmor]: /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file' at 1 location:
    - /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
   See https://docs.chef.io/deprecations_resource_cloning.html for further details.

Minimum Chef version?

The Readme says the minimum Chef version is 12.7 while the metadata.rb says 15.3.

Best

Christopher

Add a LWRP for managing apparmor profiles

It would be very helpful to have a LWRP to manage apparmor profiles. This could be used to add / remove apparmor profiles without creating multiple resources to first add the profile and then reload the profile. Cookbooks like the NTP cookbook could use this to solve their apparmor issues.

Disable apparmor fails on Ubuntu 18.04

Cookbook version

3.0.2

Chef-client version

14.7.17

Platform Details

Ubuntu 18.04 LTS on Azure VM, and same version on vagrant/test-kitchen using 'bento/ubuntu-18.04'

Scenario:

Trying to disable apparmor by including the cookbook attribute: override['apparmor']['disable'] = true
And then running include_recipe 'apparmor' in a recipe. However, this results in an error on the platform.

Steps to Reproduce:

This happens when running the default recipe with node['apparmor']['disable'] == true

Expected Result:

The apparmor service should be disabled and removed as described in the cookbook documentation.

Actual Result:

Recipe: apparmor::default
         * apt_package[apparmor] action remove[2018-11-27T09:11:11-07:00] INFO: Processing apt_package[apparmor] action remove (apparmor::default line 25)
       [2018-11-27T09:11:40-07:00] INFO: apt_package[apparmor] removed
       
           - remove package apparmor
         * service[apparmor] action stop[2018-11-27T09:11:40-07:00] INFO: Processing service[apparmor] action stop (apparmor::default line 30)
       
           
           ================================================================================
           Error executing action `stop` on resource 'service[apparmor]'
           ================================================================================
           
           Mixlib::ShellOut::ShellCommandFailed
           ------------------------------------
           Expected process to exit with [0], but received '2'
           ---- Begin output of /usr/sbin/service apparmor teardown ----
           STDOUT: 
           STDERR: /etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions
           ---- End output of /usr/sbin/service apparmor teardown ----
           Ran /usr/sbin/service apparmor teardown returned 2
           
           Resource Declaration:
           ---------------------
           # In /tmp/kitchen/cache/cookbooks/apparmor/recipes/default.rb
           
            30:   service 'apparmor' do
            31:     action actions
            32:     supports [:restart, :reload, :status]
            33:     stop_command '/usr/sbin/service apparmor teardown'
            34:   end
            35: end
           
           Compiled Resource:
           ------------------
           # Declared in /tmp/kitchen/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
           
           service("apparmor") do
             action [:stop, :disable]
             default_guard_interpreter :default
             service_name "apparmor"
             enabled nil
             running nil
             masked nil
             pattern "apparmor"
             stop_command "/usr/sbin/service apparmor teardown"
             declared_type :service
             cookbook_name "apparmor"
             recipe_name "default"
             supports {:restart=>true, :reload=>true, :status=>true}
           end
           
           System Info:
           ------------
           chef_version=14.7.17
           platform=ubuntu
           platform_version=18.04
           ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
           program_name=/opt/chef/bin/chef-client
           executable=/opt/chef/bin/chef-client
           
       [2018-11-27T09:11:40-07:00] INFO: Running queued delayed notifications before re-raising exception
       
       Running handlers:
       [2018-11-27T09:11:40-07:00] ERROR: Running exception handlers
       Running handlers complete
       [2018-11-27T09:11:40-07:00] ERROR: Exception handlers complete
       Chef Client failed. 3 resources updated in 42 seconds
       [2018-11-27T09:11:40-07:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
       [2018-11-27T09:11:40-07:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
       [2018-11-27T09:11:40-07:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: service[apparmor] (apparmor::default line 30) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '2'
       ---- Begin output of /usr/sbin/service apparmor teardown ----
       STDOUT: 
       STDERR: /etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions
       ---- End output of /usr/sbin/service apparmor teardown ----
       Ran /usr/sbin/service apparmor teardown returned 2

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.