Skip to content

docs: Pare down and document AppArmor file; simplify some CI elements #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
timmc-edx merged 2 commits into from
Jun 12, 2025
Merged

docs: Pare down and document AppArmor file; simplify some CI elements #248

timmc-edx merged 2 commits into from
Jun 12, 2025

Conversation

@timmc-edx
Copy link
Contributor

@timmc-edx timmc-edx commented May 15, 2025

  • Remove all unnecessary AppArmor rules, document all directives.
  • In testing, use a sandbox dir name that doesn't depend on the Python version. There's only ever one at a time in the container. This also simplifies the AppArmor profile and allows us to just have one sudoers file.
  • Remove example AppArmor profile from README; just point to the one in the apparmor-profiles dir so that we can have a single copy that is maintained with best practices.
  • Document a more general apparmor_parser directive (--replace is usable on both the first and subsequent runs) that surfaces and enforces warnings. This would e.g. fail the load if the ABI mismatches.
  • Add some breadcrumbs on what the testing files are used for.

@timmc-edx timmc-edx mentioned this pull request Apr 28, 2025
Closed
@timmc-edx timmc-edx requested a review from MoisesGSalas May 15, 2025 22:05
@timmc-edx timmc-edx force-pushed the timmc/update-apparmor branch from 537900e to 10cdbb3 Compare May 15, 2025 23:24
@timmc-edx
docs: Pare down and document AppArmor file; simplify some CI elements
029ef45 
- Remove all unnecessary AppArmor rules, document all directives.
- Rename AppArmor profile to `openedx_codejail_sandbox` rather than
  something generic.
- In testing, use a sandbox dir name that doesn't depend on the Python
  version. There's only ever one at a time in the container. This also
  simplifies the AppArmor profile and allows us to just have one sudoers
  file.
- Remove example AppArmor profile from README; just point to the one in
  the apparmor-profiles dir so that we can have a single copy that is
  maintained with best practices.
- Document a more general apparmor_parser directive (`--replace` is usable
  on both the first and subsequent runs) that surfaces and enforces
  warnings. This would e.g. fail the load if the ABI mismatches.
- Add some breadcrumbs on what the testing files are used for.
@timmc-edx timmc-edx force-pushed the timmc/update-apparmor branch from 10cdbb3 to 029ef45 Compare May 15, 2025 23:32
@timmc-edx timmc-edx merged commit 766be1d into master Jun 12, 2025
7 checks passed
@timmc-edx timmc-edx deleted the timmc/update-apparmor branch June 12, 2025 23:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MoisesGSalas MoisesGSalas MoisesGSalas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@timmc-edx @MoisesGSalas