casper: new method to enable abrowser apparmor profile

2025-05-14 15:35:12 -04:00 · 2025-05-14 15:35:12 -04:00 · 2461092a1a
commit 2461092a1a
parent ff879f1520
2 changed files with 9 additions and 4 deletions
--- a/helpers/DATA/casper/35-apparmor-abrowser
+++ b/helpers/DATA/casper/35-apparmor-abrowser
@ -20,6 +20,11 @@ esac

 log_begin_msg "$DESCRIPTION"

-chroot /root /sbin/apparmor_parser -r /etc/apparmor.d/abrowser
+cat << EOF > /root/etc/rc.local
+#!/bin/sh
+# Enable apparmor profile during live session to allow Abrowser to create user namespaces
+[ -d /rofs ] && apparmor_parser -a /etc/apparmor.d/abrowser
+EOF
+chmod 755 /root/etc/rc.local

 log_end_msg