xserver sandbox apparmor

daa711d3 · Fred Smith · c603d80f · daa711d3 · daa711d3
Commit daa711d3 authored Jul 11, 2018 by Fred Smith
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

playbooks/roles/xserver/tasks/main.yml
+2 -2

playbooks/roles/xserver/templates/xserver-sandbox.j2
+5 -3

No files found.
--- a/playbooks/roles/xserver/tasks/main.yml
+++ b/playbooks/roles/xserver/tasks/main.yml
@@ -57,8 +57,8 @@
 - name: Load python-sandbox apparmor profile
  template:
-    src: "usr.bin.python-sandbox.j2"
+    src: "xserver-sandbox.j2"
-    dest: "/etc/apparmor.d/edx_apparmor_sandbox"
+    dest: "/etc/apparmor.d/xserver-sandbox"
 - include: deploy.yml
  tags:

--- a/playbooks/roles/xserver/templates/usr.bin.python-sandbox.j2
+++ b/playbooks/roles/xserver/templates/usr.bin.python-sandbox.j2
 #include <tunables/global>
-/usr/bin/python-sandbox {
+{{ xserver_venv_sandbox_dir }}/bin/python {
  #include <abstractions/base>
+ {{ xserver_venv_sandbox_dir }}/bin/python  mr,
-  /usr/bin/python-sandbox mr,
+ {{ xserver_venv_sandbox_dir }}/** r,
+ {{ xserver_code_dir }}/sandbox/** r,
+  /tmp/grader-* wrix,
  /usr/include/python2.7/** r,
  /usr/local/lib/python2.7/** r,
  /usr/lib/python2.7** rix,