Skip to content

docs: Pare down and document AppArmor file; simplify some CI elements #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

docs: Pare down and document AppArmor file; simplify some CI elements #248

wants to merge 1 commit into from

Conversation

timmc-edx
Copy link
Contributor

  • Remove all unnecessary AppArmor rules, document all directives.
  • In testing, use a sandbox dir name that doesn't depend on the Python version. There's only ever one at a time in the container. This also simplifies the AppArmor profile and allows us to just have one sudoers file.
  • Remove example AppArmor profile from README; just point to the one in the apparmor-profiles dir so that we can have a single copy that is maintained with best practices.
  • Document a more general apparmor_parser directive (--replace is usable on both the first and subsequent runs) that surfaces and enforces warnings. This would e.g. fail the load if the ABI mismatches.
  • Add some breadcrumbs on what the testing files are used for.

@timmc-edx timmc-edx mentioned this pull request Apr 28, 2025
Closed
@timmc-edx timmc-edx requested a review from MoisesGSalas May 15, 2025 22:05
@timmc-edx timmc-edx force-pushed the timmc/update-apparmor branch from 537900e to 10cdbb3 Compare May 15, 2025 23:24
@timmc-edx
docs: Pare down and document AppArmor file; simplify some CI elements
029ef45 
- Remove all unnecessary AppArmor rules, document all directives.
- Rename AppArmor profile to `openedx_codejail_sandbox` rather than
  something generic.
- In testing, use a sandbox dir name that doesn't depend on the Python
  version. There's only ever one at a time in the container. This also
  simplifies the AppArmor profile and allows us to just have one sudoers
  file.
- Remove example AppArmor profile from README; just point to the one in
  the apparmor-profiles dir so that we can have a single copy that is
  maintained with best practices.
- Document a more general apparmor_parser directive (`--replace` is usable
  on both the first and subsequent runs) that surfaces and enforces
  warnings. This would e.g. fail the load if the ABI mismatches.
- Add some breadcrumbs on what the testing files are used for.
@timmc-edx timmc-edx force-pushed the timmc/update-apparmor branch from 10cdbb3 to 029ef45 Compare May 15, 2025 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MoisesGSalas MoisesGSalas Awaiting requested review from MoisesGSalas

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@timmc-edx