Feat: adds nodo::subsystem:apparmor

2 files changed, 25 insertions, 0 deletions

diff --git a/files/etc/apparmor.d/tunables/home.d/site.local b/files/etc/apparmor.d/tunables/home.d/site.local
new file mode 100644
index 0000000..3bfbbb9
--- /dev/null
+++ b/files/etc/apparmor.d/tunables/home.d/site.local
@@ -0,0 +1,14 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2010 Canonical Ltd.
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following is a space-separated list of where additional user home
+# directories are stored, each must have a trailing '/'. Directories added
+# here are appended to @{HOMEDIRS}.  See tunables/home for details. Eg:
+#@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/
+@{HOMEDIRS}+=/mnt/crypt/home
diff --git a/manifests/subsystem/apparmor.pp b/manifests/subsystem/apparmor.pp
new file mode 100644
index 0000000..04de839
--- /dev/null
+++ b/manifests/subsystem/apparmor.pp
@@ -0,0 +1,11 @@
+class nodo::subsystem::apparmor {
+  include nodo::utils::security::apparmor
+
+  file { '/etc/apparmor.d/tunables/home.d/site.local':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => '0644',
+    source => 'puppet:///modules/nodo/etc/apparmor.d/tunables/home.d/site.local',
+  }
+}