Accepting request 1147946 from security:apparmor

- Update macro to detect when installing in chroot
  (transactional-update) and avoid calling apparmor_parser. (forwarded request 1147928 from fcrozat)

OBS-URL: https://build.opensuse.org/request/show/1147946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor-rpm-macros?expand=0&rev=8

apparmor-rpm-macros.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb 20 12:15:28 UTC 2024 - Frederic Crozat <fcrozat@suse.com>
+
+- Update macro to detect when installing in chroot
+  (transactional-update) and avoid calling apparmor_parser.
+
 -------------------------------------------------------------------
 Sat Jun  3 14:30:51 UTC 2023 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
 

apparmor-rpm-macros.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package apparmor-rpm-macros
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

macros.apparmor

@@ -1,7 +1,11 @@
 %apparmor_reload()\
-	if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then\
-		if /usr/bin/systemctl is-active --quiet apparmor.service; then\
-			/sbin/apparmor_parser -r -T -W %{?*} > /dev/null || :\
-		fi\
+	if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemd-detect-virt -a -x /usr/bin/systemctl ]; then\
+                systemd-detect-virt --chroot --quiet \
+                NOT_IN_CHROOT=$? \
+                if [ $NOT_IN_CHROOT -gt 0 ]; then \
+			if /usr/bin/systemctl is-active --quiet apparmor.service; then\
+				/sbin/apparmor_parser -r -T -W %{?*} > /dev/null || :\
+			fi\
+		fi \
 	fi\
 %{nil}