]>
Commit | Line | Data |
---|---|---|
8a7820e6 AM |
1 | diff -urN apparmor-parser-2.0.org/rc.apparmor.functions apparmor-parser-2.0/rc.apparmor.functions |
2 | --- apparmor-parser-2.0.org/rc.apparmor.functions 2006-10-12 18:56:46.000000000 +0200 | |
230474ae | 3 | +++ apparmor-parser-2.0/rc.apparmor.functions 2006-12-18 14:47:44.113527250 +0100 |
8a7820e6 AM |
4 | @@ -53,7 +53,7 @@ |
5 | ||
6 | if [ -f "${APPARMOR_CONF}" ] ; then | |
7 | #parse the conf file to see what we should do | |
8 | - source "${APPARMOR_CONF}" | |
9 | + . "${APPARMOR_CONF}" | |
10 | fi | |
11 | ||
12 | if [ -f /sbin/apparmor_parser ] ; then | |
13 | @@ -102,7 +102,7 @@ | |
14 | # keep exit status from parser during profile load. 0 is good, 1 is bad | |
15 | STATUS=0 | |
16 | ||
17 | -function parse_profiles() { | |
18 | +parse_profiles() { | |
19 | # get parser arg | |
20 | case "$1" in | |
21 | load) | |
22 | @@ -160,7 +160,7 @@ | |
23 | fi | |
24 | } | |
25 | ||
26 | -function profiles_names_list() { | |
27 | +profiles_names_list() { | |
28 | # run the parser on all of the apparmor profiles | |
29 | TMPFILE=$1 | |
30 | if [ ! -f "$PARSER" ]; then | |
31 | @@ -188,7 +188,7 @@ | |
32 | done | |
33 | } | |
34 | ||
35 | -function is_subdomainfs_mounted() { | |
36 | +is_subdomainfs_mounted() { | |
37 | if grep -q subdomainfs /proc/filesystems ; then | |
38 | if grep -q subdomainfs /proc/mounts && \ | |
39 | [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then | |
40 | @@ -211,7 +211,7 @@ | |
41 | return 1 | |
42 | } | |
43 | ||
44 | -function mount_subdomainfs() { | |
45 | +mount_subdomainfs() { | |
46 | # for backwords compatibility | |
47 | if grep -q subdomainfs /proc/filesystems ; then | |
48 | if [ "X" != "X${SUBDOMAINFS_MOUNTPOINT}" ]; then | |
49 | @@ -239,14 +239,14 @@ | |
50 | return 0 | |
51 | } | |
52 | ||
53 | -function unmount_subdomainfs() { | |
54 | +unmount_subdomainfs() { | |
55 | SUBDOMAINFS=$(grep subdomainfs /proc/mounts | cut -d" " -f2 2> /dev/null) | |
56 | if [ "X" != "X${SUBDOMAINFS}" ]; then | |
57 | sd_action "Unmounting subdomainfs" umount ${SUBDOMAINFS} | |
58 | fi | |
59 | } | |
60 | ||
61 | -function rebuild_subdomain() { | |
62 | +rebuild_subdomain() { | |
63 | if [ -d "$SUBDOMAIN_SRC" ] ; then | |
64 | # only try to rebuild for the running kernel | |
65 | cd "$SUBDOMAIN_SRC" | |
66 | @@ -280,7 +280,7 @@ | |
67 | fi | |
68 | } | |
69 | ||
70 | -function failstop_system() { | |
71 | +failstop_system() { | |
72 | level=$(runlevel | cut -d" " -f2) | |
73 | if [ $level -ne "1" ] ; then | |
74 | sd_log_failure_msg "- could not start AppArmor. Changing to runlevel 1" | |
75 | @@ -291,7 +291,7 @@ | |
76 | return -1 | |
77 | } | |
78 | ||
79 | -function module_panic() { | |
80 | +module_panic() { | |
81 | # the module failed to load, determine what action should be taken | |
82 | ||
83 | case "$SUBDOMAIN_MODULE_PANIC" in | |
84 | @@ -315,7 +315,7 @@ | |
85 | esac | |
86 | } | |
87 | ||
88 | -function load_module() { | |
89 | +load_module() { | |
90 | if modinfo -F filename apparmor > /dev/null 2>&1 ; then | |
91 | MODULE=apparmor | |
92 | elif modinfo -F filename subdomain > /dev/null 2>&1 ; then | |
93 | @@ -335,7 +335,7 @@ | |
94 | fi | |
95 | } | |
96 | ||
97 | -function start_sd_event() { | |
98 | +start_sd_event() { | |
99 | if [ -x "$AA_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then | |
100 | sd_action "Starting AppArmor Event daemon" startproc -f -p $AA_EV_PIDFILE $AA_EV_BIN -p $AA_EV_PIDFILE | |
101 | elif [ -x "$SD_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then | |
102 | @@ -343,7 +343,7 @@ | |
103 | fi | |
104 | } | |
105 | ||
106 | -function stop_sd_event() { | |
107 | +stop_sd_event() { | |
108 | if [ -x "$AA_EV_BIN" -a -f "$AA_EV_PIDFILE" ] ; then | |
109 | sd_action "Shutting down AppArmor Event daemon" /sbin/killproc -G -p $AA_EV_PIDFILE -INT $AA_EV_BIN | |
110 | fi | |
111 | @@ -352,7 +352,7 @@ | |
112 | fi | |
113 | } | |
114 | ||
115 | -function subdomain_start() { | |
116 | +subdomain_start() { | |
117 | if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then | |
118 | load_module | |
119 | rc=$? | |
120 | @@ -383,7 +383,8 @@ | |
121 | fi | |
122 | } | |
123 | ||
124 | -function remove_profiles() { | |
125 | +remove_profiles() { | |
ffb16500 | 126 | + |
8a7820e6 AM |
127 | # removing profiles as we directly read from subdomainfs |
128 | # doesn't work, since we are removing entries which screws up | |
129 | # our position. Lets hope there are never enough profiles to | |
130 | @@ -404,7 +405,8 @@ | |
131 | fi | |
132 | ||
133 | retval=0 | |
134 | - IFS=$'\n' && for profile in $(sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles") ; do | |
135 | + cat "$SFS_MOUNTPOINT/profiles" | while read line; do | |
136 | + profile=$(echo "$line" | sed -e "s/ (\(enforce\|complain\))$//") | |
137 | echo "\"$profile\" { }" | $PARSER -R >/dev/null | |
138 | rc=$? | |
139 | if [ ${rc} -ne 0 ] ; then | |
140 | @@ -418,13 +420,13 @@ | |
141 | fi | |
142 | } | |
143 | ||
144 | -function subdomain_stop() { | |
145 | +subdomain_stop() { | |
146 | stop_sd_event | |
147 | echo -n "Unloading AppArmor profiles " | |
148 | remove_profiles | |
149 | } | |
150 | ||
151 | -function subdomain_kill() { | |
152 | +subdomain_kill() { | |
153 | stop_sd_event | |
154 | unmount_subdomainfs | |
155 | if grep -qE "^apparmor[[:space:]]" /proc/modules ; then | |
156 | @@ -437,7 +439,7 @@ | |
157 | sd_action "Unloading AppArmor modules" /sbin/modprobe -r $MODULE | |
158 | } | |
159 | ||
160 | -function __subdomain_restart() { | |
161 | +__subdomain_restart() { | |
162 | if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then | |
163 | sd_log_failure_msg "Loading AppArmor profiles - failed, Do you have the correct privileges?" | |
164 | return 4 | |
230474ae AM |
165 | @@ -449,17 +451,15 @@ |
166 | profiles_names_list ${PNAMES_LIST} | |
167 | MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX) | |
168 | sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST" | |
169 | - #profiles=$(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) | |
170 | - #for profile in $profiles ; do | |
171 | - IFS=$'\n' && for profile in $(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) ; do | |
172 | - echo "\"$profile\" {}" | $PARSER -R >/dev/null | |
173 | + cat "$PNAMES_LIST" | sort | comm -2 -3 "$MODULE_PLIST" - | while read profile; do | |
174 | + echo "\"$profile\" {}" | $PARSER -R > /dev/null | |
175 | done | |
176 | rm "$MODULE_PLIST" | |
177 | rm "$PNAMES_LIST" | |
8a7820e6 AM |
178 | return 0 |
179 | } | |
180 | ||
181 | -function subdomain_restart() { | |
182 | +subdomain_restart() { | |
183 | if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then | |
184 | subdomain_start | |
185 | rc=$? | |
230474ae | 186 | @@ -479,7 +479,7 @@ |
8a7820e6 AM |
187 | return $rc |
188 | } | |
189 | ||
190 | -function subdomain_try_restart() { | |
191 | +subdomain_try_restart() { | |
192 | if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then | |
193 | return 1 | |
194 | fi | |
230474ae | 195 | @@ -493,7 +493,7 @@ |
8a7820e6 AM |
196 | return $rc |
197 | } | |
198 | ||
199 | -function subdomain_debug() { | |
200 | +subdomain_debug() { | |
201 | subdomain_kill | |
202 | load_module "subdomain_debug=1" | |
203 | mount_subdomainfs | |
230474ae | 204 | @@ -501,7 +501,7 @@ |
8a7820e6 AM |
205 | parse_profiles load |
206 | } | |
207 | ||
208 | -function configure_owlsm () { | |
209 | +configure_owlsm () { | |
210 | if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then | |
211 | # Sigh, the "sh -c" is necessary for the SuSE sd_action | |
212 | # and it can't be abstracted out as a seperate function, as | |
230474ae | 213 | @@ -513,7 +513,7 @@ |
8a7820e6 AM |
214 | fi |
215 | } | |
216 | ||
217 | -function subdomain_status () { | |
218 | +subdomain_status () { | |
219 | if test -x ${AA_STATUS} ; then | |
220 | ${AA_STATUS} --verbose | |
221 | return $? |