Skip to content

C
configuration
Unverified Commit 5fa7a6cb by Fred Smith Committed by GitHub
Options

Merge pull request #4681 from edx/derf/xserver_sandbox_apparmor 

xserver sandbox apparmor
parents 3fed8dd3 daa711d3
Showing with 7 additions and 5 deletions
playbooks/roles/xserver/tasks/main.yml
...@@ -57,8 +57,8 @@ ...@@ -57,8 +57,8 @@
- name: Load python-sandbox apparmor profile - name: Load python-sandbox apparmor profile
template: template:
src: "usr.bin.python-sandbox.j2" src: "xserver-sandbox.j2"
dest: "/etc/apparmor.d/edx_apparmor_sandbox" dest: "/etc/apparmor.d/xserver-sandbox"
- include: deploy.yml - include: deploy.yml
tags: tags:
......
playbooks/roles/xserver/templates/usr.bin.python-sandbox.j2 playbooks/roles/xserver/templates/xserver-sandbox.j2
#include <tunables/global> #include <tunables/global>
/usr/bin/python-sandbox { {{ xserver_venv_sandbox_dir }}/bin/python {
#include <abstractions/base> #include <abstractions/base>
{{ xserver_venv_sandbox_dir }}/bin/python mr,
/usr/bin/python-sandbox mr, {{ xserver_venv_sandbox_dir }}/** r,
{{ xserver_code_dir }}/sandbox/** r,
/tmp/grader-* wrix,
/usr/include/python2.7/** r, /usr/include/python2.7/** r,
/usr/local/lib/python2.7/** r, /usr/local/lib/python2.7/** r,
/usr/lib/python2.7** rix, /usr/lib/python2.7** rix,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment