From 1f355d2d2b824a6b3bad00b9790c8230127bb6c9 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Wed, 2 Feb 2022 11:26:26 -0300
Subject: Feat: adds nodo::subsystem:apparmor

---
 files/etc/apparmor.d/tunables/home.d/site.local | 14 ++++++++++++++
 manifests/subsystem/apparmor.pp                 | 11 +++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 files/etc/apparmor.d/tunables/home.d/site.local
 create mode 100644 manifests/subsystem/apparmor.pp

diff --git a/files/etc/apparmor.d/tunables/home.d/site.local b/files/etc/apparmor.d/tunables/home.d/site.local
new file mode 100644
index 0000000..3bfbbb9
--- /dev/null
+++ b/files/etc/apparmor.d/tunables/home.d/site.local
@@ -0,0 +1,14 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2010 Canonical Ltd.
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following is a space-separated list of where additional user home
+# directories are stored, each must have a trailing '/'. Directories added
+# here are appended to @{HOMEDIRS}.  See tunables/home for details. Eg:
+#@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/
+@{HOMEDIRS}+=/mnt/crypt/home
diff --git a/manifests/subsystem/apparmor.pp b/manifests/subsystem/apparmor.pp
new file mode 100644
index 0000000..04de839
--- /dev/null
+++ b/manifests/subsystem/apparmor.pp
@@ -0,0 +1,11 @@
+class nodo::subsystem::apparmor {
+  include nodo::utils::security::apparmor
+
+  file { '/etc/apparmor.d/tunables/home.d/site.local':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => '0644',
+    source => 'puppet:///modules/nodo/etc/apparmor.d/tunables/home.d/site.local',
+  }
+}
-- 
cgit v1.2.3