Add apparmor profile for pgAdmin when installing on Debian based OS

2025-02-25 18:55:31 -06:00 · 2024-07-25 11:40:19 +05:30 · 2024-07-25 11:40:19 +05:30 · 9544ce1d18
commit 9544ce1d18
parent 8cf15ea17c
2 changed files with 27 additions and 0 deletions
--- a/pkg/debian/build.sh
+++ b/pkg/debian/build.sh
@ -68,6 +68,10 @@ fakeroot dpkg-deb --build "${SERVERROOT}" "${DISTROOT}/${APP_NAME}-server_${APP_
 echo "Creating the desktop package..."
 mkdir "${DESKTOPROOT}/DEBIAN"

+cat << EOF > "${DESKTOPROOT}/DEBIAN/conffiles"
+/etc/apparmor.d/pgadmin4
+EOF
+
 cat << EOF > "${DESKTOPROOT}/DEBIAN/control"
 Package: ${APP_NAME}-desktop
 Version: ${APP_LONG_VERSION}
@ -79,6 +83,17 @@ Maintainer: pgAdmin Development Team <pgadmin-hackers@postgresql.org>
 Description: The desktop user interface for pgAdmin. pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.
 EOF

+cat << EOF > "${DESKTOPROOT}/DEBIAN/postinst"
+#!/bin/sh
+
+systemctl restart apparmor.service
+EOF
+
+chmod 755 "${DESKTOPROOT}/DEBIAN/postinst"
+
+mkdir -p "${DESKTOPROOT}/etc/apparmor.d"
+cp "${SOURCEDIR}/pkg/debian/pgadmin4-aa-profile" "${DESKTOPROOT}/etc/apparmor.d/pgadmin4"
+
 # Build the Debian package for the desktop
 chmod -R u+rwX,go+rX,go-w "${DESKTOPROOT}"
 fakeroot dpkg-deb --build "${DESKTOPROOT}" "${DISTROOT}/${APP_NAME}-desktop_${APP_LONG_VERSION}_${OS_ARCH}.deb"
--- a/pkg/debian/pgadmin4-aa-profile
+++ b/pkg/debian/pgadmin4-aa-profile
@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile pgadmin4 /usr/pgadmin4/bin/pgadmin4 flags=(unconfined) {
+  userns,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/pgadmin4>
+}