[packages/apparmor-parser.git] / apparmor-parser-bzr.patch

=== modified file 'parser/rc.apparmor.functions'
--- parser/rc.apparmor.functions	2011-08-13 12:15:58 +0000
+++ parser/rc.apparmor.functions	2011-08-26 22:55:43 +0000
@@ -83,15 +83,6 @@
 SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab  | \
 	sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
 
-if [ -d "/var/lib/${MODULE}" ] ; then
-	APPARMOR_TMPDIR="/var/lib/${MODULE}"
-elif [ -d "/var/lib/${OLD_MODULE}" ] ; then
-	APPARMOR_TMPDIR="/var/lib/${OLD_MODULE}"
-else
-	APPARMOR_TMPDIR="/tmp"
-fi
-
-
 # keep exit status from parser during profile load.  0 is good, 1 is bad
 STATUS=0
 
@@ -221,7 +212,6 @@
 
 profiles_names_list() {
 	# run the parser on all of the apparmor profiles
-	TMPFILE=$1
 	if [ ! -f "$PARSER" ]; then
 		aa_log_failure_msg "- AppArmor parser not found"
 		exit 1
@@ -234,9 +224,9 @@
 
 	for profile in $PROFILE_DIR/*; do
 	        if skip_profile "${profile}" && [ -f "${profile}" ] ; then
-			LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" | grep -v '\^')
+			LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" )
 			if [ $? -eq 0 ]; then
-				echo "$LIST_ADD" >>$TMPFILE
+				echo "$LIST_ADD"
 			fi
 		fi
 	done
@@ -408,18 +398,16 @@
 	fi
 
 	retval=0
-	#the list of profiles isn't stable once we start adding or removing
-	#them so store to tmp first (in reverse order so hat profiles are removed first)
-	MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
-	sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort -r > "$MODULE_PLIST"
-	cat "$MODULE_PLIST" | while read profile ; do
+	# We filter child profiles as removing the parent will remove
+	# the children
+	sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | \
+	LC_COLLATE=C sort | grep -v // | while read profile ; do
 		echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
 		rc=$?
 		if [ ${rc} -ne 0 ] ; then 
 			retval=${rc}
 		fi
 	done
-	rm "$MODULE_PLIST"
 	return ${retval}
 }
 
@@ -461,17 +449,33 @@
 
 	configure_owlsm
 	parse_profiles reload
-	PNAMES_LIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
-	profiles_names_list ${PNAMES_LIST}
-	MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
 	# Clean out running profiles not associated with the current profile
 	# set, excluding the libvirt dynamically generated profiles.
-	sed  -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | egrep -v '^libvirt-[0-9a-f\-]+$' | sort >"$MODULE_PLIST"
-	sort "$PNAMES_LIST" | comm -2 -3 "$MODULE_PLIST" - | while IFS= read profile ; do
+	# Note that we reverse sort the list of profiles to remove to
+	# ensure that child profiles (e.g. hats) are removed before the
+	# parent. We *do* need to remove the child profile and not rely
+	# on removing the parent profile when the profile has had its
+	# child profile names changed.
+	profiles_names_list | awk '
+BEGIN {
+  while (getline < "'${SFS_MOUNTPOINT}'/profiles" ) {
+    str = sub(/ \((enforce|complain)\)$/, "", $0);
+    if (match($0, /^libvirt-[0-9a-f\-]+$/) == 0)
+      arr[$str] = $str
+  }
+}
+
+{ if (length(arr[$0]) > 0) { delete arr[$0] } }
+
+END {
+  for (key in arr)
+    if (length(arr[key]) > 0) {
+      printf("%s\n", arr[key])
+    }
+}
+' | LC_COLLATE=C sort -r | while IFS= read profile ; do
 		echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
 	done
-	rm "$MODULE_PLIST"
-	rm "$PNAMES_LIST"
 	return 0
 }
Commit	Line	Data
99a319bc AM	1	=== modified file 'parser/rc.apparmor.functions'
	2	--- parser/rc.apparmor.functions 2011-08-13 12:15:58 +0000
	3	+++ parser/rc.apparmor.functions 2011-08-26 22:55:43 +0000
	4	@@ -83,15 +83,6 @@
	5	SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab \| \
	6	sed -e 's\|^[[:space:]][^[:space:]]\+[[:space:]]\+\(/[^[:space:]]\)[[:space:]]\+subdomainfs.*$\|\1\|' 2> /dev/null)
	7
	8	-if [ -d "/var/lib/${MODULE}" ] ; then
	9	- APPARMOR_TMPDIR="/var/lib/${MODULE}"
	10	-elif [ -d "/var/lib/${OLD_MODULE}" ] ; then
	11	- APPARMOR_TMPDIR="/var/lib/${OLD_MODULE}"
e853d4f8	12	-else
99a319bc	13	- APPARMOR_TMPDIR="/tmp"
e853d4f8 AM	14	-fi
e853d4f8 AM	15	-
f8e12536	16	-
99a319bc AM	17	# keep exit status from parser during profile load. 0 is good, 1 is bad
	18	STATUS=0
	19
	20	@@ -221,7 +212,6 @@
	21
	22	profiles_names_list() {
	23	# run the parser on all of the apparmor profiles
	24	- TMPFILE=$1
	25	if [ ! -f "$PARSER" ]; then
	26	aa_log_failure_msg "- AppArmor parser not found"
	27	exit 1
	28	@@ -234,9 +224,9 @@
	29
	30	for profile in $PROFILE_DIR/*; do
	31	if skip_profile "${profile}" && [ -f "${profile}" ] ; then
	32	- LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" \| grep -v '\^')
	33	+ LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" )
	34	if [ $? -eq 0 ]; then
	35	- echo "$LIST_ADD" >>$TMPFILE
	36	+ echo "$LIST_ADD"
	37	fi
	38	fi
	39	done
	40	@@ -408,18 +398,16 @@
	41	fi
f8e12536	42
99a319bc AM	43	retval=0
	44	- #the list of profiles isn't stable once we start adding or removing
	45	- #them so store to tmp first (in reverse order so hat profiles are removed first)
	46	- MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
	47	- sed -e "s/ (\(enforce\\|complain\))$//" "$SFS_MOUNTPOINT/profiles" \| sort -r > "$MODULE_PLIST"
	48	- cat "$MODULE_PLIST" \| while read profile ; do
	49	+ # We filter child profiles as removing the parent will remove
	50	+ # the children
816628cf	51	+ sed -e "s/ (\(enforce\\|complain\))$//" "$SFS_MOUNTPOINT/profiles" \| \
99a319bc AM	52	+ LC_COLLATE=C sort \| grep -v // \| while read profile ; do
	53	echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
	54	rc=$?
	55	if [ ${rc} -ne 0 ] ; then
	56	retval=${rc}
	57	fi
	58	done
	59	- rm "$MODULE_PLIST"
	60	return ${retval}
	61	}
	62
	63	@@ -461,17 +449,33 @@
	64
	65	configure_owlsm
	66	parse_profiles reload
	67	- PNAMES_LIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
	68	- profiles_names_list ${PNAMES_LIST}
	69	- MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
	70	# Clean out running profiles not associated with the current profile
	71	# set, excluding the libvirt dynamically generated profiles.
	72	- sed -e "s/ (\(enforce\\|complain\))$//" "$SFS_MOUNTPOINT/profiles" \| egrep -v '^libvirt-[0-9a-f\-]+$' \| sort >"$MODULE_PLIST"
	73	- sort "$PNAMES_LIST" \| comm -2 -3 "$MODULE_PLIST" - \| while IFS= read profile ; do
	74	+ # Note that we reverse sort the list of profiles to remove to
	75	+ # ensure that child profiles (e.g. hats) are removed before the
	76	+ # parent. We do need to remove the child profile and not rely
	77	+ # on removing the parent profile when the profile has had its
	78	+ # child profile names changed.
	79	+ profiles_names_list \| awk '
	80	+BEGIN {
	81	+ while (getline < "'${SFS_MOUNTPOINT}'/profiles" ) {
	82	+ str = sub(/ \((enforce\|complain)\)$/, "", $0);
	83	+ if (match($0, /^libvirt-[0-9a-f\-]+$/) == 0)
	84	+ arr[$str] = $str
	85	+ }
f8e12536 AM	86	+}
f8e12536 AM	87	+
99a319bc	88	+{ if (length(arr[$0]) > 0) { delete arr[$0] } }
f8e12536	89	+
99a319bc AM	90	+END {
	91	+ for (key in arr)
	92	+ if (length(arr[key]) > 0) {
	93	+ printf("%s\n", arr[key])
f8e12536	94	+ }
f8e12536	95	+}
99a319bc AM	96	+' \| LC_COLLATE=C sort -r \| while IFS= read profile ; do
	97	echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
	98	done
	99	- rm "$MODULE_PLIST"
	100	- rm "$PNAMES_LIST"
	101	return 0
f8e12536 AM	102	}
f8e12536 AM	103
f8e12536	104