Add an apparmor_profile sudo setting

Define a new sudo setting, `apparmor_profile`, that can be used to pass in an AppArmor profile that should be used to confine commands. If apparmor_profile is specified, sudo will execute the command using the new `apparmor_execve` function, which confines the command under the provided profile before exec'ing it.
2022-05-23 13:41:42 -06:00
parent 0b541c2029
commit bd25b85a66
7 changed files with 150 additions and 0 deletions
--- a/src/parse_args.c
+++ b/src/parse_args.c
@@ -82,6 +82,7 @@ static struct sudo_settings sudo_settings[] = {
    { "cmnd_cwd" },
    { "askpass" },
    { "intercept_setid" },
+    { "apparmor_profile" },
    { NULL }
 };