apparmor

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2026 License: GPL-3.0 Imports: 1 Imported by: 0

Documentation

Overview

Package apparmor exposes the shipped AppArmor profile as an embedded byte slice so the `by admin install-apparmor` CLI subcommand can drop it on operators' disks without requiring network access.

The profile grants the `userns` permission narrowly to blockyard and its subprocesses so rootless bwrap can create its sandbox user namespace on hosts where `kernel.apparmor_restrict_unprivileged_userns=1` (Ubuntu 23.10+ default). Operators load it with `sudo apparmor_parser -r /etc/apparmor.d/blockyard`.

Index

Constants

View Source 
const DefaultInstallPath = "/etc/apparmor.d/blockyard"

DefaultInstallPath is where `apparmor_parser -r` expects the profile on Ubuntu/Debian systems.

Variables

View Source 
var Profile []byte

Profile is the shipped AppArmor profile source. Embedded as bytes so the CLI can write it to disk; operators load it with `apparmor_parser -r`.

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.