diff --git a/apparmor.changes b/apparmor.changes index ca08551..0baf52a 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Mar 16 20:13:00 UTC 2017 - kukuk@suse.com + +- Cleanup spec file: + - don't use insserv if we afterwards call systemd, this can + have bad side effects + - remove dead code + - remove now obsolete 'distro' checks +- Replace init.d script with new wrapper working with systemd + ------------------------------------------------------------------- Thu Feb 16 14:08:55 UTC 2017 - jmatejek@suse.com diff --git a/apparmor.service b/apparmor.service index 9972c46..27911c1 100644 --- a/apparmor.service +++ b/apparmor.service @@ -8,9 +8,9 @@ ConditionSecurity=apparmor [Service] Type=oneshot -ExecStart=/etc/init.d/boot.apparmor start -ExecReload=/etc/init.d/boot.apparmor reload -ExecStop=/etc/init.d/boot.apparmor stop +ExecStart=/lib/apparmor/apparmor.systemd start +ExecReload=/lib/apparmor/apparmor.systemd reload +ExecStop=/lib/apparmor/apparmor.systemd stop RemainAfterExit=yes [Install] diff --git a/apparmor.spec b/apparmor.spec index 82b0446..ac2bc29 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -35,17 +35,6 @@ %define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR) Name: apparmor -%if ! %{?distro:1}0 -%if %{?suse_version:1}0 - %define distro suse -%endif -%if %{?fedora_version:1}0 - %define distro redhat -%endif -%endif -%if ! %{?distro:1}0 - %define distro suse -%endif Version: 2.11.0 Release: 0 Summary: AppArmor userlevel parser utility @@ -60,6 +49,7 @@ Source5: update-trans.sh Source6: baselibs.conf Source7: apparmor-rpmlintrc Source8: apparmor.service +Source9: apparmor.systemd # enable caching of profiles (= massive performance speedup when loading profiles) Patch1: apparmor-enable-profile-cache.diff @@ -90,10 +80,6 @@ Patch10: python3-drop-re-locale.patch PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if %{distro} == "suse" -PreReq: %{insserv_prereq} -PreReq: aaa_base -%endif %define apparmor_bin_prefix /lib/apparmor BuildRequires: bison BuildRequires: dejagnu @@ -149,10 +135,6 @@ Provides: subdomain-parser-common = %{version} Provides: subdomain-parser-demo = %{version} Provides: subdomain_parser = %{version} Provides: apparmor-parser(CAP_SYSLOG) - -# initscript needs /lib/lsb/init-functions from insserv/insserv-compat -Requires: insserv - BuildRequires: systemd-rpm-macros %{?systemd_requires} @@ -561,7 +543,12 @@ done # remove *.la files rm -fv %{buildroot}%{_libdir}/libapparmor.la +# Adjust for systemd install -D -m0644 %{S:8} %{buildroot}%{_unitdir}/apparmor.service +install -m0755 %{S:9} %{buildroot}%{apparmor_bin_prefix} +rm %{buildroot}%{_sysconfdir}/init.d/boot.apparmor +rm %{buildroot}/sbin/rcsubdomain +ln -sf service %{buildroot}/sbin/rcapparmor echo ------------------------------------------------------------------- #find -ls @@ -588,19 +575,14 @@ echo ------------------------------------------------------------------- %dir %attr(-, root, root) %{_sysconfdir}/apparmor %dir %{_sysconfdir}/apparmor.d %{_sysconfdir}/apparmor.d/cache -%if %{distro} == "suse" - /sbin/rcsubdomain - /sbin/rcapparmor - %{_sysconfdir}/init.d/boot.apparmor -%else - %{_sysconfdir}/init.d/apparmor -%endif +/sbin/rcapparmor %{_unitdir}/apparmor.service %config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf %config(noreplace) %{_sysconfdir}/apparmor/parser.conf %{_localstatedir}/lib/apparmor %dir %attr(-, root, root) %{apparmor_bin_prefix} %{apparmor_bin_prefix}/rc.apparmor.functions +%{apparmor_bin_prefix}/apparmor.systemd %doc %{_mandir}/man1/aa-enabled.1.gz %doc %{_mandir}/man1/aa-exec.1.gz %doc %{_mandir}/man1/exec.1.gz @@ -751,97 +733,25 @@ fi %endif %post parser -%if %{distro} == "suse" - # SUSE uses insserv - # For package renaming from subdomain -> apparmor - # we check the existence of the AppArmor 1.1 and - # AppArmor 1.2 based init script to help determine - # whether we are upgrading - SUBDOMAIN_PARSER_INSTALLED="no" - if test -e %{_sysconfdir}/init.d/boot.subdomain -o -e %{_sysconfdir}/init.d/subdomain; then - SUBDOMAIN_PARSER_INSTALLED="yes" - fi - if test "$1" = 1 -a $SUBDOMAIN_PARSER_INSTALLED = "no"; then - %{insserv_force_if_yast boot.apparmor} - elif test -e %{_sysconfdir}/rc.d/boot.d/S??boot.subdomain -o \ - -e %{_sysconfdir}/rc.d/boot.d/S??boot.apparmor -o \ - -e %{_sysconfdir}/rc.d/rc3.d/S??subdomain ; then - %{insserv_force_if_yast boot.apparmor} - else - %{fillup_and_insserv -f boot.apparmor} - fi -%endif -%if %{distro} == "redhat" || %{distro} == "rhel4" - chkconfig --add apparmor -%endif -%if %{distro} == "slackware" - if grep -qs "# BEGIN rc.subdomain INSERTION" %{_sysconfdir}/rc.d/rc.M ; then true ; else - %{apparmor_bin_prefix}/install/frob_slack_rc --init - fi - if grep -qs "# BEGIN rc.subdomain INSERTION" %{_sysconfdir}/rc.d/rc.K ; then true ; else - %{apparmor_bin_prefix}/install/frob_slack_rc --shutdown - fi -%endif - %service_add_post apparmor.service %preun parser -if [ "$1" = 0 ] ; then -%if %{distro} == "suse" - %{stop_on_removal boot.apparmor} -%endif -%if %{distro} == "redhat" || %{distro} == "rhel4" - chkconfig --del apparmor -%endif -fi - %service_del_preun apparmor.service %postun parser -%if %{distro} == "suse" - #restart_on_update boot.apparmor - but non-broken (bnc#853019) - test -n "$FIRST_ARG" || FIRST_ARG=$1 - if test "$FIRST_ARG" -ge 1 ; then - if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then - test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /etc/init.d/boot.apparmor status >/dev/null && /etc/init.d/boot.apparmor reload || : - fi - fi - - %{insserv_cleanup} || true -%endif - # don't call try-restart, see bnc#853019 export DISABLE_RESTART_ON_UPDATE="yes" %service_del_postun apparmor.service %post abstractions -%if %{distro} == "suse" - #restart_on_update boot.apparmor - but non-broken (bnc#853019) - # (copy&paste from parser postun script) - test -n "$FIRST_ARG" || FIRST_ARG=$1 - if test "$FIRST_ARG" -ge 1 ; then - if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then - test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /etc/init.d/boot.apparmor status >/dev/null && /etc/init.d/boot.apparmor reload || : - fi - fi -%endif +#restart_on_update boot.apparmor - but non-broken (bnc#853019) +systemctl is-active -q apparmor && /lib/apparmor/apparmor.systemd reload ||: %post profiles -%if %{distro} == "suse" - # workaround for bnc#904620#c8 / lp#1392042 - rm -f /var/lib/apparmor/cache/* 2>/dev/null - #restart_on_update boot.apparmor - but non-broken (bnc#853019) - # (copy&paste from parser postun script) - test -n "$FIRST_ARG" || FIRST_ARG=$1 - if test "$FIRST_ARG" -ge 1 ; then - if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then - test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /etc/init.d/boot.apparmor status >/dev/null && /etc/init.d/boot.apparmor reload || : - fi - fi -%endif +# workaround for bnc#904620#c8 / lp#1392042 +rm -f /var/lib/apparmor/cache/* 2>/dev/null +#restart_on_update boot.apparmor - but non-broken (bnc#853019) +systemctl is-active -q apparmor && /lib/apparmor/apparmor.systemd reload ||: %if %{with tomcat} diff --git a/apparmor.systemd b/apparmor.systemd new file mode 100644 index 0000000..dd35d80 --- /dev/null +++ b/apparmor.systemd @@ -0,0 +1,85 @@ +#!/bin/sh + +APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions + +aa_action() +{ + echo $1 + shift + "$@" + return $? +} + +aa_log_warning_msg() +{ + echo "Warning: $@" +} + +aa_log_failure_msg() +{ + echo "Error: $@" +} + +aa_log_action_start() +{ + echo "$@" +} + +aa_log_action_end() +{ + echo -n +} + +aa_log_daemon_msg() +{ + echo "$@" +} + +aa_log_skipped_msg() +{ + echo "Skipped: $@" +} + +aa_log_end_msg() +{ + echo -n +} + +# source apparmor function library +if [ -f "${APPARMOR_FUNCTIONS}" ]; then + . ${APPARMOR_FUNCTIONS} +else + aa_log_failure_msg "Unable to find AppArmor initscript functions" + exit 1 +fi + +case "$1" in + start) + apparmor_start + rc=$? + ;; + stop) + apparmor_stop + rc=$? + ;; + restart|reload|force-reload) + apparmor_restart + rc=$? + ;; + try-restart) + apparmor_try_restart + rc=$? + ;; + kill) + apparmor_kill + rc=$? + ;; + status) + apparmor_status + rc=$? + ;; + *) + exit 1 + ;; +esac +exit $rc