From 726ad7f1de941d212f7931159cdd8b029264c4478e64e6609d3777917fa22c82 Mon Sep 17 00:00:00 2001
From: Goldwyn Rodrigues <rgoldwyn@suse.com>
Date: Wed, 28 Feb 2018 14:30:47 +0000
Subject: [PATCH] Accepting request 580869 from
 home:tbechtold:branches:security:apparmor

- Check if apparmor is active before reloading a profile (bsc#1083226)
  Otherwise a package using the %apparmor_reload macro in %post
  automatically enables the profile even if apparmor itself is
  not active.

OBS-URL: https://build.opensuse.org/request/show/580869
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor-rpm-macros?expand=0&rev=7
---
 apparmor-rpm-macros.changes | 8 ++++++++
 apparmor-rpm-macros.spec    | 4 ++--
 macros.apparmor             | 4 +++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/apparmor-rpm-macros.changes b/apparmor-rpm-macros.changes
index 980327f..910f0ca 100644
--- a/apparmor-rpm-macros.changes
+++ b/apparmor-rpm-macros.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Feb 28 06:37:37 UTC 2018 - tbechtold@suse.com
+
+- Check if apparmor is active before reloading a profile (bsc#1083226)
+  Otherwise a package using the %apparmor_reload macro in %post
+  automatically enables the profile even if apparmor itself is
+  not active.
+
 -------------------------------------------------------------------
 Sat Aug 26 19:08:14 UTC 2017 - suse-beta@cboltz.de
 
diff --git a/apparmor-rpm-macros.spec b/apparmor-rpm-macros.spec
index e9f67ef..9399a4c 100644
--- a/apparmor-rpm-macros.spec
+++ b/apparmor-rpm-macros.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package apparmor-rpm-macros
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@ Name:           apparmor-rpm-macros
 Version:        1.0
 Release:        0
 Summary:        RPM macros used to setup apparmor profiles
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Tools/Other
 Url:            https://bugs.launchpad.net/apparmor
 Source:         macros.apparmor
diff --git a/macros.apparmor b/macros.apparmor
index cab6ae9..4916e0d 100644
--- a/macros.apparmor
+++ b/macros.apparmor
@@ -1,5 +1,7 @@
 %apparmor_reload()\
 	if [ "$YAST_IS_RUNNING" != "instsys" ]; then\
-		/sbin/apparmor_parser -r -T -W %{?*} &> /dev/null || :\
+		if /usr/bin/systemctl is-active --quiet apparmor.service; then\
+			/sbin/apparmor_parser -r -T -W %{?*} &> /dev/null || :\
+		fi\
 	fi\
 %{nil}