Default recipe installs and manages AppArmor service, or disables and removes AppArmor depending on default['apparmor']['disable']
attribute. Also includes a custom resource (LWRP) for managing AppArmor policies.
- Ubuntu
- Debian
- Chef 12.5+
- none
default['apparmor']['disable']
: Controls installing or removing apparmor service in thedefault.rb
recipe. Defaults to false which installs apparmor, starts the service, and enables the service.
This recipe either installs or removes the apparmor package and starts / enables the service depending on the state of default['apparmor']['disable']
.
Adds or removes Apparmor policies
- :add: Adds a new Apparmor policy using a provided policy file
- :remove: Removes a specified Apparmor policy
- :name: Name attribute. The name of the policy as stored in /etc/apparmor.d/.
- :source_cookbook: Cookbook to source the policy file from if the provider is not in the same cookbook.
- :source_filename: Name of the source file in the cookbook if it doesn't match the name attribute.
Add the policy my_super_app where a cookbook file exists in the same cookbook and is named my_super_app
apparmor_policy 'my_super_app'
Add the policy my_super_app where a cookbook file exists in a different cookbook and the file is named my_super_app_am_policy
apparmor_policy 'my_super_app' do
source_cookbook 'acme_apparmor_profiles'
source_filename 'my_super_app_am_policy'
end
Remove the policy my_super_app
apparmor_policy 'my_super_app' do
action :remove
end
This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our team documentation. To learn more about contributing to cookbooks like this see our contributing documentation, or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the Chef Community Slack
Copyright: 2009-2017, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.