apparmor/apparmor-scripts

---

 parser/rc.aaeventd.suse      |    2 +-
 parser/rc.apparmor.functions |   16 ++++++++--------
 parser/rc.apparmor.suse      |   23 ++++++++++++++++++++++-
 3 files changed, 31 insertions(+), 10 deletions(-)

--- a/parser/rc.aaeventd.suse
+++ b/parser/rc.aaeventd.suse
@@ -30,7 +30,7 @@
 ### BEGIN INIT INFO
 # Provides: aaeventd
 # Required-Start: apparmor
-# Required-Stop:
+# Required-Stop: $null
 # Default-Start: 2 3 5
 # Default-Stop:
 # Short-Description: AppArmor Notification and Reporting
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@@ -111,9 +111,7 @@ is_apparmor_present() {
 	# check for subdomainfs version of module
 	grep -qE "^($modules)[[:space:]]" /proc/modules
 
-	if [ $? -ne 0 ] ; then
-		ls /sys/module/apparmor 2>/dev/null | grep -qE "^($modules)"
-	fi
+	[ $? -ne 0 -a -d /sys/module/apparmor ]
 
 	return $?
 }
@@ -380,10 +378,11 @@ apparmor_start() {
 	configure_owlsm
 
 	# if there is anything in the profiles file don't load
-	cat "$SFS_MOUNTPOINT/profiles" | if ! read line ; then
+	if ! read line < "$SFS_MOUNTPOINT/profiles"; then
 		parse_profiles load
 	else
-		aa_log_skipped_msg "AppArmor already loaded with profiles."
+		aa_log_skipped_msg ": already loaded with profiles."
+		return 0
 	fi
 	aa_log_end_msg 0
 	return 0
@@ -415,7 +414,8 @@ remove_profiles() {
 	#them so stor to tmp first
 	MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
 	sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST"
-	cat "$MODULE_PLIST" | while read profile ; do
+	# Skip subprofiles, they'll be removed with the owning profile
+	grep -v // "$MODULE_PLIST" | while IFS= read profile ; do
 		echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
 		rc=$?
 		if [ ${rc} -ne 0 ] ; then 
@@ -430,7 +430,7 @@ apparmor_stop() {
 	aa_log_daemon_msg "Unloading AppArmor profiles "
 	remove_profiles
 	rc=$?
-	log_end_msg $rc
+	aa_log_end_msg $rc
 	return $rc
 }
 
@@ -468,7 +468,7 @@ __apparmor_restart() {
 	profiles_names_list ${PNAMES_LIST}
 	MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
 	sed  -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST"
-	sort "$PNAMES_LIST" | comm -2 -3 "$MODULE_PLIST" - | while read profile ; do
+	sort "$PNAMES_LIST" | comm -2 -3 "$MODULE_PLIST" - | while IFS= read profile ; do
 		echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
 	done
 	rm "$MODULE_PLIST"
--- a/parser/rc.apparmor.suse
+++ b/parser/rc.apparmor.suse
@@ -34,6 +34,7 @@
 # Required-Start: boot.cleanup
 # Required-Stop: $null
 # Should-Start: $local_fs
+# Should-Stop: $null
 # Default-Start: B
 # Default-Stop:
 # Short-Description: AppArmor initialization
@@ -76,7 +77,19 @@ aa_log_warning_msg() {
 }
 
 aa_log_failure_msg() {
-	log_failure_msg $*
+	log_failure_msg '\n'$*
+}
+
+aa_log_action_begin() {
+	echo -n
+}
+
+aa_log_action_end() {
+	echo -n
+}
+
+aa_log_daemon_msg() {
+	echo -en "$@ "
 }
 
 aa_log_skipped_msg() {
@@ -84,6 +97,14 @@ aa_log_skipped_msg() {
 	echo -e	"$rc_skipped"
 }
 
+aa_log_end_msg() {
+	v="-v"
+	if [ "$1" != '0' ]; then
+		rc="-v$1"
+	fi
+	rc_status $v
+}
+
 usage() {
     echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status|kill}"
 }
Accepting request 57745 from security:apparmor:factory Accepted submit request 57745 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/57745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=1 2011-01-17 17:43:05 +01:00			`---`

			`parser/rc.aaeventd.suse \| 2 +-`
			`parser/rc.apparmor.functions \| 16 ++++++++--------`
			`parser/rc.apparmor.suse \| 23 ++++++++++++++++++++++-`
			`3 files changed, 31 insertions(+), 10 deletions(-)`

			`--- a/parser/rc.aaeventd.suse`
			`+++ b/parser/rc.aaeventd.suse`
			`@@ -30,7 +30,7 @@`
			`### BEGIN INIT INFO`
			`# Provides: aaeventd`
			`# Required-Start: apparmor`
			`-# Required-Stop:`
			`+# Required-Stop: $null`
			`# Default-Start: 2 3 5`
			`# Default-Stop:`
			`# Short-Description: AppArmor Notification and Reporting`
			`--- a/parser/rc.apparmor.functions`
			`+++ b/parser/rc.apparmor.functions`
			`@@ -111,9 +111,7 @@ is_apparmor_present() {`
			`# check for subdomainfs version of module`
			`grep -qE "^($modules)[[:space:]]" /proc/modules`

			`- if [ $? -ne 0 ] ; then`
			`- ls /sys/module/apparmor 2>/dev/null \| grep -qE "^($modules)"`
			`- fi`
			`+ [ $? -ne 0 -a -d /sys/module/apparmor ]`

			`return $?`
			`}`
			`@@ -380,10 +378,11 @@ apparmor_start() {`
			`configure_owlsm`

			`# if there is anything in the profiles file don't load`
			`- cat "$SFS_MOUNTPOINT/profiles" \| if ! read line ; then`
			`+ if ! read line < "$SFS_MOUNTPOINT/profiles"; then`
			`parse_profiles load`
			`else`
			`- aa_log_skipped_msg "AppArmor already loaded with profiles."`
			`+ aa_log_skipped_msg ": already loaded with profiles."`
			`+ return 0`
			`fi`
			`aa_log_end_msg 0`
			`return 0`
			`@@ -415,7 +414,8 @@ remove_profiles() {`
			`#them so stor to tmp first`
			`MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)`
			`sed -e "s/ (\(enforce\\|complain\))$//" "$SFS_MOUNTPOINT/profiles" \| sort >"$MODULE_PLIST"`
			`- cat "$MODULE_PLIST" \| while read profile ; do`
			`+ # Skip subprofiles, they'll be removed with the owning profile`
			`+ grep -v // "$MODULE_PLIST" \| while IFS= read profile ; do`
			`echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"`
			`rc=$?`
			`if [ ${rc} -ne 0 ] ; then`
			`@@ -430,7 +430,7 @@ apparmor_stop() {`
			`aa_log_daemon_msg "Unloading AppArmor profiles "`
			`remove_profiles`
			`rc=$?`
			`- log_end_msg $rc`
			`+ aa_log_end_msg $rc`
			`return $rc`
			`}`

			`@@ -468,7 +468,7 @@ __apparmor_restart() {`
			`profiles_names_list ${PNAMES_LIST}`
			`MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)`
			`sed -e "s/ (\(enforce\\|complain\))$//" "$SFS_MOUNTPOINT/profiles" \| sort >"$MODULE_PLIST"`
			`- sort "$PNAMES_LIST" \| comm -2 -3 "$MODULE_PLIST" - \| while read profile ; do`
			`+ sort "$PNAMES_LIST" \| comm -2 -3 "$MODULE_PLIST" - \| while IFS= read profile ; do`
			`echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"`
			`done`
			`rm "$MODULE_PLIST"`
			`--- a/parser/rc.apparmor.suse`
			`+++ b/parser/rc.apparmor.suse`
			`@@ -34,6 +34,7 @@`
			`# Required-Start: boot.cleanup`
			`# Required-Stop: $null`
			`# Should-Start: $local_fs`
			`+# Should-Stop: $null`
			`# Default-Start: B`
			`# Default-Stop:`
			`# Short-Description: AppArmor initialization`
			`@@ -76,7 +77,19 @@ aa_log_warning_msg() {`
			`}`

			`aa_log_failure_msg() {`
			`- log_failure_msg $*`
			`+ log_failure_msg '\n'$*`
			`+}`
			`+`
			`+aa_log_action_begin() {`
			`+ echo -n`
			`+}`
			`+`
			`+aa_log_action_end() {`
			`+ echo -n`
			`+}`
			`+`
			`+aa_log_daemon_msg() {`
			`+ echo -en "$@ "`
			`}`

			`aa_log_skipped_msg() {`
			`@@ -84,6 +97,14 @@ aa_log_skipped_msg() {`
			`echo -e "$rc_skipped"`
			`}`

			`+aa_log_end_msg() {`
			`+ v="-v"`
			`+ if [ "$1" != '0' ]; then`
			`+ rc="-v$1"`
			`+ fi`
			`+ rc_status $v`
			`+}`
			`+`
			`usage() {`
			`echo "Usage: $0 {start\|stop\|restart\|try-restart\|reload\|force-reload\|status\|kill}"`
			`}`