Coder Social home page Coder Social logo

sous-chefs / apparmor Goto Github PK

View Code? Open in Web Editor NEW
14.0 44.0 12.0 167 KB

Development repository for the apparmor cookbook

Home Page: https://supermarket.chef.io/cookbooks/apparmor

License: Apache License 2.0

Ruby 100.00%
apparmor chef hacktoberfest chef-cookbook chef-resource managed-by-terraform

apparmor's Introduction

apparmor Cookbook

Cookbook Version CI State OpenCollective OpenCollective License

Default recipe installs and manages AppArmor service, or disables and removes AppArmor depending on default['apparmor']['disable'] attribute. Also includes a custom resource (LWRP) for managing AppArmor policies.

Requirements

Platforms

  • Ubuntu 18.04+
  • Debian 10+

Chef

  • Chef 12.7+

Cookbooks

  • none

Attributes

  • default['apparmor']['disable']: Controls installing or removing apparmor service in the default.rb recipe. Defaults to false which installs apparmor, starts the service, and enables the service.

Recipes

default.rb

This recipe either installs or removes the apparmor package and starts / enables the service depending on the state of default['apparmor']['disable'].

Custom Resources

The following resources are provided:

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website https://opencollective.com/sous-chefs/sponsor/1/website https://opencollective.com/sous-chefs/sponsor/2/website https://opencollective.com/sous-chefs/sponsor/3/website https://opencollective.com/sous-chefs/sponsor/4/website https://opencollective.com/sous-chefs/sponsor/5/website https://opencollective.com/sous-chefs/sponsor/6/website https://opencollective.com/sous-chefs/sponsor/7/website https://opencollective.com/sous-chefs/sponsor/8/website https://opencollective.com/sous-chefs/sponsor/9/website

apparmor's People

Contributors

btm avatar damacus avatar kitchen-porter avatar mattjalexander avatar nathenharvey avatar ramereth avatar renovate[bot] avatar sethvargo avatar stevendanna avatar tas50 avatar xorimabot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hosh kotiri atomic-penguin mattjalexander jkyoung0 jordant arr-dev protec-cookbooks r00twayne aniket-kumar404 isabella232 seanpm2001

apparmor's Issues

Disable apparmor fails on Ubuntu 18.04

Cookbook version

3.0.2

Chef-client version

14.7.17

Platform Details

Ubuntu 18.04 LTS on Azure VM, and same version on vagrant/test-kitchen using 'bento/ubuntu-18.04'

Scenario:

Trying to disable apparmor by including the cookbook attribute: override['apparmor']['disable'] = true
And then running include_recipe 'apparmor' in a recipe. However, this results in an error on the platform.

Steps to Reproduce:

This happens when running the default recipe with node['apparmor']['disable'] == true

Expected Result:

The apparmor service should be disabled and removed as described in the cookbook documentation.

Actual Result:

Recipe: apparmor::default
         * apt_package[apparmor] action remove[2018-11-27T09:11:11-07:00] INFO: Processing apt_package[apparmor] action remove (apparmor::default line 25)
       [2018-11-27T09:11:40-07:00] INFO: apt_package[apparmor] removed
       
           - remove package apparmor
         * service[apparmor] action stop[2018-11-27T09:11:40-07:00] INFO: Processing service[apparmor] action stop (apparmor::default line 30)
       
           
           ================================================================================
           Error executing action `stop` on resource 'service[apparmor]'
           ================================================================================
           
           Mixlib::ShellOut::ShellCommandFailed
           ------------------------------------
           Expected process to exit with [0], but received '2'
           ---- Begin output of /usr/sbin/service apparmor teardown ----
           STDOUT: 
           STDERR: /etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions
           ---- End output of /usr/sbin/service apparmor teardown ----
           Ran /usr/sbin/service apparmor teardown returned 2
           
           Resource Declaration:
           ---------------------
           # In /tmp/kitchen/cache/cookbooks/apparmor/recipes/default.rb
           
            30:   service 'apparmor' do
            31:     action actions
            32:     supports [:restart, :reload, :status]
            33:     stop_command '/usr/sbin/service apparmor teardown'
            34:   end
            35: end
           
           Compiled Resource:
           ------------------
           # Declared in /tmp/kitchen/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
           
           service("apparmor") do
             action [:stop, :disable]
             default_guard_interpreter :default
             service_name "apparmor"
             enabled nil
             running nil
             masked nil
             pattern "apparmor"
             stop_command "/usr/sbin/service apparmor teardown"
             declared_type :service
             cookbook_name "apparmor"
             recipe_name "default"
             supports {:restart=>true, :reload=>true, :status=>true}
           end
           
           System Info:
           ------------
           chef_version=14.7.17
           platform=ubuntu
           platform_version=18.04
           ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
           program_name=/opt/chef/bin/chef-client
           executable=/opt/chef/bin/chef-client
           
       [2018-11-27T09:11:40-07:00] INFO: Running queued delayed notifications before re-raising exception
       
       Running handlers:
       [2018-11-27T09:11:40-07:00] ERROR: Running exception handlers
       Running handlers complete
       [2018-11-27T09:11:40-07:00] ERROR: Exception handlers complete
       Chef Client failed. 3 resources updated in 42 seconds
       [2018-11-27T09:11:40-07:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
       [2018-11-27T09:11:40-07:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
       [2018-11-27T09:11:40-07:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: service[apparmor] (apparmor::default line 30) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '2'
       ---- Begin output of /usr/sbin/service apparmor teardown ----
       STDOUT: 
       STDERR: /etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions
       ---- End output of /usr/sbin/service apparmor teardown ----
       Ran /usr/sbin/service apparmor teardown returned 2

Cookbook should not disable apparmor out of the box

This goes along with the LWRP to manage apparmor profiles. The default recipe should be empty so that users can include it just for the LWRP. There should be a manage recipe that either enables or disables apparmor and the default should probably be enable.

Not compatible with chef 13 and the ntp cookbook

We want to go to chef 13, but we can't use this cookbook along side the ntp cookbook since they have resources with the same name


Deprecated features used!
  Cloning resource attributes for service[apparmor] from prior resource
Previous service[apparmor]: /var/chef/cache/cookbooks/ntp/recipes/apparmor.rb:20:in `from_file'
Current  service[apparmor]: /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file' at 1 location:
    - /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
   See https://docs.chef.io/deprecations_resource_cloning.html for further details.

Default recipe throws error on ubuntu 15.04

its invoking wrong systemd command to enable apparmor service. Instead of

 /bin/systemctl enable apparmor

the recipe needs to execute:

 /bin/systemctl enable apparmor.service

stacktrace:

Recipe: apparmor::default
  * apt_package[apparmor] action install (up to date)
  * service[apparmor] action start (up to date)
  * service[apparmor] action enable

    ================================================================================
    Error executing action `enable` on resource 'service[apparmor]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of /bin/systemctl enable apparmor ----
    STDOUT: 
    STDERR: Synchronizing state for apparmor.service with sysvinit using update-rc.d...
    Executing /usr/sbin/update-rc.d apparmor defaults
    Executing /usr/sbin/update-rc.d apparmor enable
    Failed to execute operation: No such file or directory
    ---- End output of /bin/systemctl enable apparmor ----
    Ran /bin/systemctl enable apparmor returned 1

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/apparmor/recipes/default.rb

     30:   service 'apparmor' do
     31:     action       actions
     32:     supports     [:restart, :reload, :status]
     33:     stop_command '/usr/sbin/service apparmor teardown'
     34:   end
     35: end

    Compiled Resource:
    ------------------
    # Declared in /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'

    service("apparmor") do
      action [:start, :enable]
      supports {:restart=>true, :reload=>true, :status=>true}
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      service_name "apparmor"
      running true
      pattern "apparmor"
      stop_command "/usr/sbin/service apparmor teardown"
      declared_type :service
      cookbook_name "apparmor"
      recipe_name "default"
    end


Running handlers:
[2015-07-13T00:32:08-07:00] ERROR: Running exception handlers
Running handlers complete

template instead of cookbook_file

So ehm... wouldn't it be more flexible if the resource apparmor_policy would be a template and not a static cookbook_file ?

I would simply use an .erb template to dynamically create apparmor_policies...

Cookbook version

2.0.3

Minimum Chef version?

The Readme says the minimum Chef version is 12.7 while the metadata.rb says 15.3.

Best

Christopher

Add a LWRP for managing apparmor profiles

It would be very helpful to have a LWRP to manage apparmor profiles. This could be used to add / remove apparmor profiles without creating multiple resources to first add the profile and then reload the profile. Cookbooks like the NTP cookbook could use this to solve their apparmor issues.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions
.github/workflows/ci.yml
  • sous-chefs/.github 3.1.1
  • actions/checkout v4
  • actionshub/chef-install 3.0.0
  • actionshub/test-kitchen 3.0.0
.github/workflows/stale.yml
  • actions/stale v9
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.