You want to contribute to
apparmor.d, thanks a lot for this. Feedbacks, contributors, pull requests are all very welcome. You will find in this page all the useful information needed to contribute.
How to contribute
- If you don't have git on your machine, install it.
- Fork this repo by clicking on the fork button on the top of the project Github page.
- Clone the repository and go to the directory:
- Create a branch:
- Make the changes and commit:
- Push changes to GitHub:
- Submit your changes for review: If you go to your repository on GitHub, you'll see a Compare & pull request button, fill and submit the pull request.
Rule 1: Mandatory Access Control
As these are mandatory access control policies only what is explicitly required should be authorized. Meaning, you should not allow everything (or a large area) and blacklist some sub areas.
Rule 2: Do not break a program
A profile should not break a normal usage of the confined software. It can be complex as simply running the program for your own use case is not always exhaustive of the program features and required permissions.
Rule 3: Do not confine everything
Some programs should not be confined by a MAC policy.
Rule 4: Distribution and devices agnostic
A profile should be compatible with all distributions, software and devices in the Linux world. You cannot deny access to resources you do not use on your devices or for your use case.
Add a profile¶
Following the profile guidelines is mandatory for all new profiles.
Write the profile content, the rules depend on the confined program, Here is the bare minimum for the program
You can automatically set the
complainflag on your profile by editing the file
dists/flags/main.flagsand add a new line with:
Build & install for your distribution.