cp -f data/configs/apparmor_profiles/adbd $(INSTALL_APPARMOR_DIR)/adbd
cp -f data/configs/apparmor_profiles/android_app $(INSTALL_APPARMOR_DIR)/android_app
cp -f data/configs/apparmor_profiles/lxc-waydroid $(INSTALL_APPARMOR_DIR)/lxc/lxc-waydroid
- sed --sandbox -i "/lxc.aa_profile/ s/unconfined/lxc-waydroid/g" $(DESTDIR)$(WAYDROID_DIR)/data/configs/config_1
- sed --sandbox -i "/lxc.apparmor.profile/ s/unconfined/lxc-waydroid/g" $(DESTDIR)$(WAYDROID_DIR)/data/configs/config_2
# Load the profiles if not just packaging
if [ -z $(DESTDIR) ] && { aa-enabled --quiet || systemctl is-active -q apparmor; } 2>/dev/null; then \
apparmor_parser -r -T -W "$(INSTALL_APPARMOR_DIR)/adbd"; \
return nodes
+LXC_APPARMOR_PROFILE = "lxc-waydroid"
+def get_apparmor_status(args):
+ enabled = False
+ if shutil.which("aa-status"):
+ enabled = (tools.helpers.run.user(args, ["aa-status", "--quiet"], check=False) == 0)
+ if not enabled and shutil.which("systemctl"):
+ enabled = (tools.helpers.run.user(args, ["systemctl", "is-active", "-q", "apparmor"], check=False) == 0)
+ enabled &= os.path.exists(os.path.join("/etc/apparmor.d/lxc", LXC_APPARMOR_PROFILE))
+ return enabled
def set_lxc_config(args):
lxc_path = tools.config.defaults["lxc"] + "/waydroid"
tools.helpers.run.user(args, command)
command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
tools.helpers.run.user(args, command)
+ if get_apparmor_status(args):
+ command = ["sed", "-i", "-E", "/lxc.aa_profile|lxc.apparmor.profile/ s/unconfined/{}/g".format(LXC_APPARMOR_PROFILE), lxc_path + "/config"]
+ tools.helpers.run.user(args, command)
nodes = generate_nodes_lxc_config(args)
config_nodes_tmp_path = args.work + "/config_nodes"
projects / waydroid.git / commitdiff