Draft: apparmor: First shot at MAC profile
This MR sets up an AppArmor profile for the environment that is running during installation of click packages.
It focuses on /usr/bin/click
specifically and all the subprocesses' requirements for successfully installing packages, updating and deleting them, whether through the OpenStore, clickable or through the File Manager app.
Among the processes spotted spawned as part of the whole installation process:
- debsign-verify
- dpkg
- various click hooks
Due to this setup we have to give access to a few directories we might otherwise give no access to. It still enhances security greatly though as most directories are set into a read-only permission mode, and might even deny read-permission altogether.
Edited by Alfred Neumayer