diff --git a/tools/multi_nodes_gate/airship_gate/lib/bootaction-runner.sh b/tools/multi_nodes_gate/airship_gate/lib/bootaction-runner.sh index 2a2e8fad..ef841d1a 100755 --- a/tools/multi_nodes_gate/airship_gate/lib/bootaction-runner.sh +++ b/tools/multi_nodes_gate/airship_gate/lib/bootaction-runner.sh @@ -107,6 +107,7 @@ echo "Using rendered manifests file '$rendered_file'" # env vars which can be set if you want to disable : ${DISABLE_SECCOMP_PROFILE:=} +: ${DISABLE_APPARMOR_PROFILES:=} ############################################################################### @@ -132,3 +133,39 @@ if [[ ! $DISABLE_SECCOMP_PROFILE ]]; then # seccomp_default install_file "$path" "$content" "$permissions" fi + +############################################################################### +# bootaction: apparmor-profiles +############################################################################### + +if [[ ! $DISABLE_APPARMOR_PROFILES ]]; then + + manifests_lookup "$rendered_file" "drydock/BootAction/v1" \ + "apparmor-profiles" "['data']['assets']" "get_size" + + if [[ -n "$RESULT" ]] && [[ $RESULT -gt 0 ]]; then + + # Fetch apparmor profile data + LAST=$(( $RESULT - 1 )) + for i in `seq 0 $LAST`; do + + manifests_lookup "$rendered_file" "drydock/BootAction/v1" \ + "apparmor-profiles" "['data']['assets'][$i]['path']" + path="$RESULT" + echo "apparmor profiles asset[$i] path located: '$path'" + manifests_lookup "$rendered_file" "drydock/BootAction/v1" \ + "apparmor-profiles" "['data']['assets'][$i]['permissions']" + permissions="$RESULT" + echo "apparmor profiles asset[$i] permissions located: '$permissions'" + manifests_lookup "$rendered_file" "drydock/BootAction/v1" \ + "apparmor-profiles" "['data']['assets'][$i]['data']" + content="$RESULT" + echo "apparmor profiles assets[$i] data located: '$content'" + + install_file "$path" "$content" "$permissions" + done + + # reload all apparmor profiles + systemctl reload apparmor.service + fi +fi