{ "name": "debian-atomic-with-apparmor", "description": "Debian Atomic System with AppArmor Security", "version": "1.0.0", "distro": "debian-bookworm", "arch": "amd64", "packages": [ { "name": "libsystemd0" }, { "name": "systemd" }, { "name": "libostree-1-1" }, { "name": "ostree" }, { "name": "apparmor-utils" }, { "name": "apparmor-profiles" }, { "name": "linux-image-amd64" } ], "stages": [ { "name": "org.osbuild.debootstrap", "options": { "suite": "bookworm", "mirror": "http://deb.debian.org/debian" } }, { "name": "org.osbuild.apt", "options": { "packages": [ "libsystemd0", "systemd", "libostree-1-1", "ostree", "apparmor-utils", "apparmor-profiles", "linux-image-amd64" ] } }, { "name": "org.osbuild.apparmor", "options": { "profiles": [ { "name": "usr.bin.ssh", "path": "/etc/apparmor.d/usr.bin.ssh", "mode": "enforce" }, { "name": "usr.sbin.sshd", "path": "/etc/apparmor.d/usr.sbin.sshd", "mode": "enforce" } ], "default_mode": "enforce", "enable_boot_loading": true } }, { "name": "org.osbuild.ostree.commit", "options": { "branch": "debian/atomic", "subject": "Debian atomic commit with AppArmor security" } } ], "customizations": { "user": [ { "name": "debian", "description": "Debian atomic user", "password": "$6$rounds=656000$debian$atomic.system.user", "home": "/home/debian", "shell": "/bin/bash", "groups": [ "wheel", "sudo" ], "uid": 1000, "gid": 1000 } ], "services": { "enabled": [ "sshd", "systemd-networkd", "systemd-resolved", "apparmor" ] }, "kernel": { "append": "ostree=/ostree/boot.1/debian/bookworm/0 apparmor=1 security=apparmor" } } }