Commit db0c5409 authored by Marius Burkard's avatar Marius Burkard
Browse files

Merge branch '6071-secondary-zones-dir' into 'develop'

Add function to configure AppArmor (needed to allow use of /etc/bind for zone files) (#6701)

Closes #6071

See merge request !1582
parents cf9f51d0 c26713cc
Pipeline #10817 passed with stage
in 15 seconds
......@@ -232,4 +232,7 @@ $conf['xmpp']['installed'] = false;
$conf['xmpp']['init_script'] = 'metronome';
// AppArmor
$conf['apparmor']['installed'] = false;
?>
......@@ -500,6 +500,12 @@ if($force) {
swriteln('Configuring OpenVZ');
}
// Configure AppArmor
if($conf['apparmor']['installed']){
swriteln('Configuring AppArmor');
$inst->configure_apparmor();
}
if($install_mode == 'standard' || strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {
//* Check for Firewall
if(!$conf['ufw']['installed'] && !$conf['firewall']['installed']) {
......
......@@ -226,6 +226,7 @@ class installer_base {
if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
if(is_installed('squid')) $conf['squid']['installed'] = true;
if(is_installed('nginx')) $conf['nginx']['installed'] = true;
if(is_installed('apparmor_status')) $conf['apparmor']['installed'] = true;
if(is_installed('iptables') && is_installed('ufw')) {
$conf['ufw']['installed'] = true;
} elseif(is_installed('iptables')) {
......@@ -2478,6 +2479,13 @@ class installer_base {
exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
}
public function configure_apparmor() {
$configfile = 'apparmor_usr.sbin.named';
if(is_file('/etc/apparmor.d/local/usr.sbin.named')) copy('/etc/apparmor.d/local/usr.sbin.named', '/etc/apparmor.d/local/usr.sbin.named~');
$content = rf("tpl/".$configfile.".master");
wf('/etc/apparmor.d/local/usr.sbin.named', $content);
}
public function configure_ufw_firewall()
{
if($this->is_update == false) {
......
/etc/bind/slave/** lrw,
/etc/bind/slave/ rw,
......@@ -512,6 +512,12 @@ if($reconfigure_services_answer == 'yes' || $reconfigure_services_answer == 'sel
$inst->configure_xmpp('dont-create-certs');
}
// Configure AppArmor
if($conf['apparmor']['installed']){
swriteln('Configuring AppArmor');
$inst->configure_apparmor();
}
if($conf['services']['firewall'] && $inst->reconfigure_app('Firewall', $reconfigure_services_answer)) {
if($conf['ufw']['installed'] == true) {
//* Configure Ubuntu Firewall
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment