From 5adf8c68420d326d90c71a60a9bf8454014ea7a172c3598a00cdc75e42dbd7f6 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Tue, 20 Feb 2024 12:39:50 +0000
Subject: [PATCH] Accepting request 1147928 from
 home:fcrozat:branches:security:apparmor

- Update macro to detect when installing in chroot
  (transactional-update) and avoid calling apparmor_parser.

OBS-URL: https://build.opensuse.org/request/show/1147928
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor-rpm-macros?expand=0&rev=15
---
 apparmor-rpm-macros.changes |  6 ++++++
 apparmor-rpm-macros.spec    |  2 +-
 macros.apparmor             | 12 ++++++++----
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/apparmor-rpm-macros.changes b/apparmor-rpm-macros.changes
index 2b66e16..af5fd06 100644
--- a/apparmor-rpm-macros.changes
+++ b/apparmor-rpm-macros.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb 20 12:15:28 UTC 2024 - Frederic Crozat <fcrozat@suse.com>
+
+- Update macro to detect when installing in chroot
+  (transactional-update) and avoid calling apparmor_parser.
+
 -------------------------------------------------------------------
 Sat Jun  3 14:30:51 UTC 2023 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
 
diff --git a/apparmor-rpm-macros.spec b/apparmor-rpm-macros.spec
index fce9e22..f2acd26 100644
--- a/apparmor-rpm-macros.spec
+++ b/apparmor-rpm-macros.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package apparmor-rpm-macros
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
diff --git a/macros.apparmor b/macros.apparmor
index 343dce7..0f2f080 100644
--- a/macros.apparmor
+++ b/macros.apparmor
@@ -1,7 +1,11 @@
 %apparmor_reload()\
-	if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then\
-		if /usr/bin/systemctl is-active --quiet apparmor.service; then\
-			/sbin/apparmor_parser -r -T -W %{?*} > /dev/null || :\
-		fi\
+	if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemd-detect-virt -a -x /usr/bin/systemctl ]; then\
+                systemd-detect-virt --chroot --quiet \
+                NOT_IN_CHROOT=$? \
+                if [ $NOT_IN_CHROOT -gt 0 ]; then \
+			if /usr/bin/systemctl is-active --quiet apparmor.service; then\
+				/sbin/apparmor_parser -r -T -W %{?*} > /dev/null || :\
+			fi\
+		fi \
 	fi\
 %{nil}