Puppet Class: apparmor
- Defined in:
- puppet/modules/apparmor/manifests/init.pp
Overview
Class: apparmor
AppArmor is a Mandatory Access Control (MAC) system which is a kernel (LSM) enhancement to confine programs to a limited set of resources. AppArmor's security model is to bind access control attributes to programs rather than to users. AppArmor confinement is provided via profiles loaded into the kernel, typically on boot. wiki.ubuntu.com/AppArmor
Examples
class { '::apparmor': }
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'puppet/modules/apparmor/manifests/init.pp', line 14
class apparmor {
include ::redis
package { 'apparmor':
ensure => 'present',
}
file { '/usr/bin/isitapparmor':
source => 'puppet:///modules/apparmor/isitapparmor',
owner => 'root',
group => 'root',
mode => '0555',
require => Package['apparmor'],
}
file { '/etc/apparmor.d/usr.bin.redis-server':
content => template('apparmor/usr.bin.redis-server.erb'),
owner => 'root',
group => 'root',
mode => '0444',
require => Package['apparmor'],
notify => Exec['confine_redis'],
}
exec { 'confine_redis':
command => '/sbin/apparmor_parser -r /etc/apparmor.d/usr.bin.redis-server',
refreshonly => true,
notify => Service['redis-server'],
}
}
|