-
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathinstall-apparmor-profile.sh
More file actions
19 lines (15 loc) · 999 Bytes
/
install-apparmor-profile.sh
File metadata and controls
19 lines (15 loc) · 999 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#! /usr/bin/env bash
# This script creates an AppArmor profile for Stellar to grant the ability to use unprivileged user namespaces, which is required for Electron applications on Ubuntu 24+.
# See the Ubuntu blog for more information: https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
profile_path=/etc/apparmor.d/stellar-mod-loader
executable_dir=$( dirname "$(realpath "$0")" )
# Create AppArmor profile
echo "# AppArmor profile generated by stellar-mod-loader" | tee $profile_path > /dev/null
echo "abi <abi/4.0>," | tee -a $profile_path > /dev/null
echo "include <tunables/global>" | tee -a $profile_path > /dev/null
echo "$executable_dir/stellar-mod-loader flags=(default_allow) {" | tee -a $profile_path > /dev/null
echo " userns," | tee -a $profile_path > /dev/null
echo " include if exists <local/stellar-mod-loader>" | tee -a $profile_path > /dev/null
echo "}" | tee -a $profile_path > /dev/null
# Reload AppArmor service
systemctl reload apparmor.service