[game-data-packager] 05/09: Add an experimental AppArmor profile for the non-free Unreal binaries
Simon McVittie
smcv at debian.org
Sun Jan 17 17:36:41 UTC 2016
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch master
in repository game-data-packager.
commit bd98627f1788694044efe25fcec0de3c39f34e34
Author: Simon McVittie <smcv at debian.org>
Date: Sun Jan 17 16:57:26 2016 +0000
Add an experimental AppArmor profile for the non-free Unreal binaries
---
Makefile | 2 ++
debian/changelog | 1 +
debian/control | 1 +
debian/rules | 1 +
etc/apparmor.d/usr.lib.unreal | 46 +++++++++++++++++++++++++++++++++++++++++++
5 files changed, 51 insertions(+)
diff --git a/Makefile b/Makefile
index 65a6dd7..707b25e 100644
--- a/Makefile
+++ b/Makefile
@@ -145,6 +145,8 @@ install:
install -m0644 runtime/confirm-binary-only.txt $(DESTDIR)$(datadir)/game-data-packager/
install -m0644 runtime/missing-data.txt $(DESTDIR)$(datadir)/game-data-packager/
install -m0644 out/launch-*.json $(DESTDIR)$(datadir)/game-data-packager/
+ install -d $(DESTDIR)/etc/apparmor.d/
+ install -m0644 etc/apparmor.d/* $(DESTDIR)/etc/apparmor.d/
mkdir -p $(DESTDIR)/usr/share/bash-completion/completions
install -m0644 data/bash-completion/game-data-packager $(DESTDIR)/usr/share/bash-completion/completions/
diff --git a/debian/changelog b/debian/changelog
index 24c6c4d..f4398cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -109,6 +109,7 @@ game-data-packager (44) UNRELEASED; urgency=medium
* Accept $GDP_DEBUG as a synonym for $DEBUG
* runtime: add a generic Gtk launcher, initially for Unreal
* Add work-in-progress packaging for Unreal (not yet enabled)
+ * Add an experimental AppArmor profile for the non-free Unreal binaries
[ Stephen Kitt ]
* Update the GOG installer for The Dig (English).
diff --git a/debian/control b/debian/control
index f1b2c19..43223fc 100644
--- a/debian/control
+++ b/debian/control
@@ -7,6 +7,7 @@ Uploaders: Simon McVittie <smcv at debian.org>, Jonathan Dowland <jmtd at debian.org>,
Build-Depends:
bash-completion,
debhelper (>= 9),
+ dh-apparmor,
dh-python,
imagemagick,
inkscape,
diff --git a/debian/rules b/debian/rules
index ba84e35..0b3cb8c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,7 @@ override_dh_install:
if dpkg-vendor --derives-from Ubuntu; then \
touch debian/game-data-packager/usr/share/games/game-data-packager/is-ubuntu-derived; \
fi
+ dh_apparmor -pgame-data-packager --profile-name=usr.lib.unreal
override_dh_installdocs:
dh_installdocs -XTODO
diff --git a/etc/apparmor.d/usr.lib.unreal b/etc/apparmor.d/usr.lib.unreal
new file mode 100644
index 0000000..ca24c6a
--- /dev/null
+++ b/etc/apparmor.d/usr.lib.unreal
@@ -0,0 +1,46 @@
+# Unreal (Classic/Gold) AppArmor profile
+# Copyright © 2016 Simon McVittie
+# SPDX-License-Identifier: GPL-2.0+
+
+#include <tunables/global>
+
+/usr/lib/unreal-*/System/*.bin flags=(complain) {
+ #include <abstractions/X>
+ #include <abstractions/audio>
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/nvidia>
+
+ network inet dgram,
+ network inet stream,
+ network inet6 dgram,
+ network inet6 stream,
+
+ /etc/libnl-*/classid r,
+ /etc/machine-id r,
+ @{PROC}/@{pid}/net/psched r,
+ /sys/devices/system/cpu/{,**} r,
+
+ # udev device enumeration
+ /etc/udev/udev.conf r,
+ /run/udev/data/+pci:* r,
+ /sys/devices/pci[0-9]*/**/uevent r,
+
+ /usr/lib/unreal-classic/System/*.bin mrix,
+ /usr/lib/unreal-gold/System/*.bin mrix,
+
+ /usr/lib/unreal/System/lib*.so* mr,
+ /usr/lib/unreal-classic/System/*.so mr,
+ /usr/lib/unreal-gold/System/*.so mr,
+
+ /usr/lib/unreal-classic/** r,
+ /usr/lib/unreal-gold/** r,
+ /usr/share/{games/,}unreal/** r,
+ /usr/share/{games/,}unreal-gold/** r,
+ /usr/share/{games/,}unreal-fusion-map-pack/** r,
+ /usr/share/{games/,}unreal-ut99-shared/** r,
+
+ owner @{HOME}/.local/share/unreal{,-gold}/** rwk,
+}
+
+# vim:syntax=apparmor
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/game-data-packager.git
More information about the Pkg-games-commits
mailing list