diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-10-01 17:41:06 +0200 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-10-01 17:41:06 +0200 |
| commit | f0514b62bcf6c8551b29f65fa6fb5be6b4bba7d5 (patch) | |
| tree | 3c2161c82709fbbd4eaedca726400c153e4abbe3 | |
| parent | 411165eaa0a8f278797f68ef9063ff3ccfd17385 (diff) | |
| parent | 44145e621d363ae4f50705ecf0976612e4ad70cd (diff) | |
| download | mullvadvpn-f0514b62bcf6c8551b29f65fa6fb5be6b4bba7d5.tar.xz mullvadvpn-f0514b62bcf6c8551b29f65fa6fb5be6b4bba7d5.zip | |
Merge branch 'add-apparmor-profile-for-all-ubuntu-based-distros-des-1606'
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | dist-assets/linux/after-install.sh | 17 |
2 files changed, 11 insertions, 10 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 080b3899ef..1310f3249d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,10 @@ Line wrap the file at 100 chars. Th - Add validation for API access methods to only allow unique names. Access methods with duplicated names will be renamed. +#### Linux +- Install AppArmor profile on all Linux distributions that support AppArmor abi 4.0. + + ## [2025.10-beta1] - 2025-09-16 ### Added - Add helpful warnings when clearing account history. This helps users not lose their account diff --git a/dist-assets/linux/after-install.sh b/dist-assets/linux/after-install.sh index 7701202b46..280c215a7d 100644 --- a/dist-assets/linux/after-install.sh +++ b/dist-assets/linux/after-install.sh @@ -7,18 +7,15 @@ systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service" systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service" systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service" -# return 0 if version $1 is greater than or equal to $2 -function version_is_ge { - [ "$1" = "$2" ] && return 0 - printf '%s\n' "$2" "$1" | sort -C -V +# Check if the system supports a new-enough AppArmor version. +function supported_apparmor() { + [[ -e /etc/apparmor.d/abi/4.0 ]] } -# Ubuntu 24.04 or newer: Install apparmor profile to allow Electron sandbox to work -# This disables user namespace restrictions -os=$(grep -oP '^ID=\K.+' /etc/os-release | tr -d '"') -version=$(grep -oP '^VERSION_ID=\K.+' /etc/os-release | tr -d '"') - -if [[ "$os" == "ubuntu" ]] && version_is_ge "$version" "24.04"; then +if supported_apparmor; then + # Install our AppArmor profile and try to reload AppArmor. + # The AppArmor profile allow Electron sandbox to work. + # This disables user namespace restrictions. echo "Creating apparmor profile" cp /opt/Mullvad\ VPN/resources/apparmor_mullvad /etc/apparmor.d/mullvad apparmor_parser -r /etc/apparmor.d/mullvad || echo "Failed to reload apparmor profile" |