1 diff -urN apparmor-parser-2.0.org/rc.apparmor.functions apparmor-parser-2.0/rc.apparmor.functions
2 --- apparmor-parser-2.0.org/rc.apparmor.functions 2006-10-12 18:56:46.000000000 +0200
3 +++ apparmor-parser-2.0/rc.apparmor.functions 2006-12-12 17:38:38.000000000 +0100
6 if [ -f "${APPARMOR_CONF}" ] ; then
7 #parse the conf file to see what we should do
8 - source "${APPARMOR_CONF}"
12 if [ -f /sbin/apparmor_parser ] ; then
14 # keep exit status from parser during profile load. 0 is good, 1 is bad
17 -function parse_profiles() {
26 -function profiles_names_list() {
27 +profiles_names_list() {
28 # run the parser on all of the apparmor profiles
30 if [ ! -f "$PARSER" ]; then
35 -function is_subdomainfs_mounted() {
36 +is_subdomainfs_mounted() {
37 if grep -q subdomainfs /proc/filesystems ; then
38 if grep -q subdomainfs /proc/mounts && \
39 [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then
44 -function mount_subdomainfs() {
45 +mount_subdomainfs() {
46 # for backwords compatibility
47 if grep -q subdomainfs /proc/filesystems ; then
48 if [ "X" != "X${SUBDOMAINFS_MOUNTPOINT}" ]; then
53 -function unmount_subdomainfs() {
54 +unmount_subdomainfs() {
55 SUBDOMAINFS=$(grep subdomainfs /proc/mounts | cut -d" " -f2 2> /dev/null)
56 if [ "X" != "X${SUBDOMAINFS}" ]; then
57 sd_action "Unmounting subdomainfs" umount ${SUBDOMAINFS}
61 -function rebuild_subdomain() {
62 +rebuild_subdomain() {
63 if [ -d "$SUBDOMAIN_SRC" ] ; then
64 # only try to rebuild for the running kernel
70 -function failstop_system() {
72 level=$(runlevel | cut -d" " -f2)
73 if [ $level -ne "1" ] ; then
74 sd_log_failure_msg "- could not start AppArmor. Changing to runlevel 1"
79 -function module_panic() {
81 # the module failed to load, determine what action should be taken
83 case "$SUBDOMAIN_MODULE_PANIC" in
88 -function load_module() {
90 if modinfo -F filename apparmor > /dev/null 2>&1 ; then
92 elif modinfo -F filename subdomain > /dev/null 2>&1 ; then
97 -function start_sd_event() {
99 if [ -x "$AA_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
100 sd_action "Starting AppArmor Event daemon" startproc -f -p $AA_EV_PIDFILE $AA_EV_BIN -p $AA_EV_PIDFILE
101 elif [ -x "$SD_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
106 -function stop_sd_event() {
108 if [ -x "$AA_EV_BIN" -a -f "$AA_EV_PIDFILE" ] ; then
109 sd_action "Shutting down AppArmor Event daemon" /sbin/killproc -G -p $AA_EV_PIDFILE -INT $AA_EV_BIN
115 -function subdomain_start() {
117 if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
124 -function remove_profiles() {
127 # removing profiles as we directly read from subdomainfs
128 # doesn't work, since we are removing entries which screws up
129 # our position. Lets hope there are never enough profiles to
134 - IFS=$'\n' && for profile in $(sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles") ; do
135 + cat "$SFS_MOUNTPOINT/profiles" | while read line; do
136 + profile=$(echo "$line" | sed -e "s/ (\(enforce\|complain\))$//")
137 echo "\"$profile\" { }" | $PARSER -R >/dev/null
139 if [ ${rc} -ne 0 ] ; then
140 @@ -418,13 +420,13 @@
144 -function subdomain_stop() {
147 echo -n "Unloading AppArmor profiles "
151 -function subdomain_kill() {
155 if grep -qE "^apparmor[[:space:]]" /proc/modules ; then
157 sd_action "Unloading AppArmor modules" /sbin/modprobe -r $MODULE
160 -function __subdomain_restart() {
161 +__subdomain_restart() {
162 if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then
163 sd_log_failure_msg "Loading AppArmor profiles - failed, Do you have the correct privileges?"
169 -function subdomain_restart() {
170 +subdomain_restart() {
171 if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
178 -function subdomain_try_restart() {
179 +subdomain_try_restart() {
180 if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
187 -function subdomain_debug() {
190 load_module "subdomain_debug=1"
196 -function configure_owlsm () {
197 +configure_owlsm () {
198 if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then
199 # Sigh, the "sh -c" is necessary for the SuSE sd_action
200 # and it can't be abstracted out as a seperate function, as
205 -function subdomain_status () {
206 +subdomain_status () {
207 if test -x ${AA_STATUS} ; then
208 ${AA_STATUS} --verbose