132cbef123
- Add debian-forge-apparmor package with AppArmor stage support - Create example AppArmor stage (org.osbuild.apparmor) - Update workflow to build 9 packages total - Add AppArmor manifest example for Debian Atomic - Update todo with complete package structure
107 lines
2.2 KiB
JSON
107 lines
2.2 KiB
JSON
{
|
|
"name": "debian-atomic-with-apparmor",
|
|
"description": "Debian Atomic System with AppArmor Security",
|
|
"version": "1.0.0",
|
|
"distro": "debian-bookworm",
|
|
"arch": "amd64",
|
|
"packages": [
|
|
{
|
|
"name": "libsystemd0"
|
|
},
|
|
{
|
|
"name": "systemd"
|
|
},
|
|
{
|
|
"name": "libostree-1-1"
|
|
},
|
|
{
|
|
"name": "ostree"
|
|
},
|
|
{
|
|
"name": "apparmor-utils"
|
|
},
|
|
{
|
|
"name": "apparmor-profiles"
|
|
},
|
|
{
|
|
"name": "linux-image-amd64"
|
|
}
|
|
],
|
|
"stages": [
|
|
{
|
|
"name": "org.osbuild.debootstrap",
|
|
"options": {
|
|
"suite": "bookworm",
|
|
"mirror": "http://deb.debian.org/debian"
|
|
}
|
|
},
|
|
{
|
|
"name": "org.osbuild.apt",
|
|
"options": {
|
|
"packages": [
|
|
"libsystemd0",
|
|
"systemd",
|
|
"libostree-1-1",
|
|
"ostree",
|
|
"apparmor-utils",
|
|
"apparmor-profiles",
|
|
"linux-image-amd64"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "org.osbuild.apparmor",
|
|
"options": {
|
|
"profiles": [
|
|
{
|
|
"name": "usr.bin.ssh",
|
|
"path": "/etc/apparmor.d/usr.bin.ssh",
|
|
"mode": "enforce"
|
|
},
|
|
{
|
|
"name": "usr.sbin.sshd",
|
|
"path": "/etc/apparmor.d/usr.sbin.sshd",
|
|
"mode": "enforce"
|
|
}
|
|
],
|
|
"default_mode": "enforce",
|
|
"enable_boot_loading": true
|
|
}
|
|
},
|
|
{
|
|
"name": "org.osbuild.ostree.commit",
|
|
"options": {
|
|
"branch": "debian/atomic",
|
|
"subject": "Debian atomic commit with AppArmor security"
|
|
}
|
|
}
|
|
],
|
|
"customizations": {
|
|
"user": [
|
|
{
|
|
"name": "debian",
|
|
"description": "Debian atomic user",
|
|
"password": "$6$rounds=656000$debian$atomic.system.user",
|
|
"home": "/home/debian",
|
|
"shell": "/bin/bash",
|
|
"groups": [
|
|
"wheel",
|
|
"sudo"
|
|
],
|
|
"uid": 1000,
|
|
"gid": 1000
|
|
}
|
|
],
|
|
"services": {
|
|
"enabled": [
|
|
"sshd",
|
|
"systemd-networkd",
|
|
"systemd-resolved",
|
|
"apparmor"
|
|
]
|
|
},
|
|
"kernel": {
|
|
"append": "ostree=/ostree/boot.1/debian/bookworm/0 apparmor=1 security=apparmor"
|
|
}
|
|
}
|
|
}
|