apparmor/apparmor.spec

#
# spec file for package apparmor
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild

%bcond_without tomcat
%bcond_without pam
%bcond_without apache
%bcond_with python
%bcond_with ruby
%bcond_with gnome
%bcond_with dbus
%bcond_with editor

%define CATALINA_HOME /usr/share/tomcat6
%define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
%define JNI_SO libJNIChangeHat.so
%define JAR_FILE changeHatValve.jar
%define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR)

%define srcversion 2.5.1
%define bzr_commit r1445

Name:           apparmor
%if ! %{?distro:1}0
%if %{?suse_version:1}0
  %define distro suse
%endif
%if %{?fedora_version:1}0
  %define distro redhat
%endif
%endif
%if ! %{?distro:1}0
  %define distro suse
%endif
Summary:        AppArmor userlevel parser utility
Version:        %{srcversion}.%{bzr_commit}
Release:        1
Group:          Productivity/Networking/Security
Source0:        apparmor-%{srcversion}.tar.bz2
Source1:        %{name}-profile-editor.png
Source2:        %{name}-profile-editor.desktop
Source3:        update-trans.sh
Patch:          apparmor-2.5-%{bzr_commit}
Patch1:         pam-apparmor-include
Patch2:         mod_apparmor-includes
Patch3:         tomcat-build-fixes
Patch4:         apparmor-swig-build-fix
Patch5:         apparmor-scripts
Patch6:         apparmor-translation-fixes
Patch7:         apparmor-perl
Patch8:         apparmor-no-caching-test
Patch9:         apparmorapplet-gnome-build-fix
Patch10:        apparmor-utils-SubDomain
Patch11:        apparmor-utils-cleanup-on-abort
Patch12:        apparmor-utils-translation-unification
Patch13:        apparmor-utils-add-log-types
Patch14:        apparmor-utils-filenames-in-slash
Patch15:        apparmor-utils-null-path-fix
Patch16:        apparmor-utils-string-split
Patch17:        apparmor-profiles-cupsd-fix
Patch18:        apparmor-profiles-sshd-fix
Patch19:        apparmor-profiles-syslog-ng-fix
Patch20:        apparmor-docs-techdoc-grammar-fixes
Patch21:        apparmor-parser-string-fixes
Patch22:        apparmor-startproc.patch
Patch23:        apparmor-2.5.1-unified-build
Patch24:        apparmor-2.5.1-rpmlint-asprintf
Patch25:        apparmor-2.5.1-ntpd-proc-fixes
Patch26:        apparmor-2.5.1-edirectory-profile
Patch27:        apparmor-2.5.1-firefox-proc-fix
Patch28:        apparmor-2.5.1-unconfined-fixes
Patch29:        apparmor-utils-inherit-flags-during-profile-generation
Patch30:        apparmor-2.5.1-ldapclient-profile
#Patch31:
#Patch32:
Patch33:        apparmor-2.5.1-ntpd-sys_nice
Patch34:        apparmor-2.5.1-ssl-fix
Patch35:        apparmor-2.5.1-dnsmasq-libvirt-profile-fix
Patch36:        klog-needs-CAP_SYSLOG
Patch37:        apparmor-2.5.1-network-fixes
License:        GPLv2+
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Url:            https://launchpad.net/apparmor
PreReq:         sed
%if %{distro} == "suse"
PreReq:         %{insserv_prereq} aaa_base
%endif
BuildRequires:  gcc-c++
BuildRequires:  pkg-config
BuildRequires:  pcre-devel
%define apparmor_bin_prefix /lib/apparmor
BuildRequires:  bison flex latex2html w3m
BuildRequires:  texlive-latex

BuildRequires:  swig

%if %{with python}
BuildRequires:  python-devel swig
%endif

%if %{with ruby}
BuildRequires:  ruby-devel swig
%endif

%if %{with pam}
BuildRequires:  pam-devel
Requires:       pam pam-config
PreReq:         pam pam-config
%endif

%if %{with apache}
BuildRequires:  apache2-devel
%endif

%if %{with tomcat}
BuildRequires:  ant java-devel >= 1.6.0 tomcat6
%endif

%if %{with editor}
BuildRequires:  gcc-c++ update-desktop-files wxGTK-devel
%endif

%if %{with gnome}
BuildRequires:  gnome-common
BuildRequires:  pkgconfig(dbus-1)
BuildRequires:  pkgconfig(gtk+-2.0)
BuildRequires:  pkgconfig(libgnome-2.0)
BuildRequires:  pkgconfig(libpanelapplet-2.0)
%endif

%if %{with dbus}
BuildRequires:  audit-devel dbus-1-devel libapparmor-devel pkg-config
%endif

%package parser
License:        GPLv2+
Summary:        AppArmor userlevel parser utility
Group:          Productivity/Networking/Security
Obsoletes:      subdomain_parser < %{version}
Obsoletes:      subdomain-parser < %{version}
Obsoletes:      subdomain-parser-demo < %{version}
Obsoletes:      subdomain-parser-common < %{version}
Obsoletes:      subdomain-leaf-cert < %{version}
Obsoletes:      libimnxcert < %{version}
Provides:       subdomain_parser = %{version}
Provides:       subdomain-parser = %{version}
Provides:       subdomain-parser-demo = %{version}
Provides:       subdomain-parser-common = %{version}
Provides:       subdomain-leaf-cert = %{version}
Provides:       libimnxcert = %{version}
Provides:       apparmor-parser(CAP_SYSLOG)

%description parser
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.

This package is part of a suite of tools that used to be named
SubDomain.

%package docs
License:        GPLv2+
Summary:        AppArmor Documentation package
Group:          Documentation/Other

%description docs
This package contains documentation for AppArmor.

This package is part of a suite of tools that used to be named
SubDomain.



Authors:
--------
    lcambell@novell.com
    Seth Arnold <seth.arnold@novell.com>

%if %{with apache}

%package -n apache2-mod_apparmor
License:        GPLv2+
Summary:        AppArmor module for apache2
Group:          Productivity/Security

%description -n apache2-mod_apparmor
apache2-modapparmor adds support to apache2 to provide AppArmor
confinement to individual cgi scripts handled by apache modules like
mod_php and mod_perl.

This package is part of a suite of tools that used to be named
SubDomain.

The documentation is in the apparmor-admin_en package.

Authors:
--------
    sbeattie@suse.de
%endif

%package -n libapparmor1
Summary:        Utility library for AppArmor
Group:          Development/Libraries/C and C++
License:        LGPLv2.1+
%ifarch ppc64
Obsoletes:      libapparmor-64bit < %{version}
Provides:       libapparmor-64bit = ${version}
%endif
Provides:       libapparmor = %{version}
Provides:       libimmunix = %{version}
Obsoletes:      libapparmor < %{version}
Obsoletes:      libimmunix < %{version}

%description -n libapparmor1
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.

Authors:
--------
    Steve Beattie <sbeattie@suse.de>
    Matt Barringer <mbarringer@suse.de>

%package -n libapparmor-devel
License:        LGPLv2.1+
Requires:       libapparmor1 = %{version}-%{release}
Group:          Development/Libraries/C and C++
Provides:       libapparmor:/usr/include/sys/apparmor.h
Summary:        Development headers and libraries for libapparmor

%description -n libapparmor-devel
These libraries are needed for developing software that makes use of the
AppArmor API.

Authors:
--------
    Steve Beattie <sbeattie@suse.de>
    Matt Barringer <mbarringer@suse.de>

%package -n perl-apparmor
License:        GPLv2 ; LGPLv2.1+
Requires:       libapparmor1 = %{version}
Requires:       perl = %{perl_version}
Group:          Development/Libraries/Perl
Summary:        Perl interface for libapparmor functions
Provides:       perl-libapparmor
Obsoletes:      perl-libapparmor < 2.5

%description -n perl-apparmor
This package provides the perl interface to AppArmor. It is used for perl
applications interfacing with AppArmor, including the AppArmor utiltities.

Authors:
--------
    Steve Beattie <sbeattie@suse.de>
    Matt Barringer <mbarringer@suse.de>

%if %{with python}

%package -n python-apparmor
License:        GPLv2 ; LGPLv2.1+
Requires:       libapparmor1 = %{version}
BuildRequires:  python
Requires:       python = %{python_version}
Group:          Development/Libraries/Python
Summary:        Python interface for libapparmor functions
Provides:       python-libapparmor
Obsoletes:      python-libapparmor < 2.5

%description -n python-apparmor
This package provides the python interface to AppArmor. It is used for python
applications interfacing with AppArmor.

Authors:
--------
    Steve Beattie <sbeattie@suse.de>
    Matt Barringer <mbarringer@suse.de>
%endif

%if %{with ruby}

%package -n ruby-apparmor
License:        GPLv2 ; LGPLv2.1+
Requires:       libapparmor1 = %{version}
Requires:       ruby = %{ruby_version}
Group:          Development/Libraries/Ruby
Summary:        Ruby interface for libapparmor functions
Provides:       ruby-libapparmor
Obsoletes:      ruby-libapparmor < 2.5

%description -n ruby-apparmor
This package provides the ruby interface to AppArmor. It is used for ruby
applications interfacing with AppArmor.

Authors:
--------
    Steve Beattie <sbeattie@suse.de>
    Matt Barringer <mbarringer@suse.de>
%endif

%package profiles
License:        GPLv2 ; LGPLv2.1+
Summary:        AppArmor profiles that are loaded into the apparmor kernel module
Group:          Productivity/Security
Obsoletes:      subdomain-profiles < %{version}
Provides:       subdomain-profiles = %{version}
Requires:       apparmor-parser(CAP_SYSLOG)

%description profiles
Base profiles. AppArmor is a file and network mandatory access control
mechanism. AppArmor confines processes to the resources allowed by the
systems administrator and can constrain the scope of potential security
vulnerabilities.

This package is part of a suite of tools that used to be named
SubDomain.

Authors:
--------
    seth.arnold@suse.de
    sbeattie@suse.de
    jjohansen@suse.de

%package utils
License:        GPLv2 ; LGPLv2.1+
Summary:        AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
Group:          Productivity/Security
Requires:       perl = %{perl_version}
Requires:       libapparmor1 = %{version}
Requires:       perl-apparmor = %{version}
BuildArch:      noarch

%description utils
This package provides the aa-logprof, aa-genprof, aa-autodep,
aa-enforce, and aa-complain tools to assist with profile authoring.
Besides it provides the aa-unconfined server information tool and the
aa-eventd event reporting system. It is part of a suite of tools that
used to be named SubDomain.

Authors:
--------
    jmichael@suse.de
    seth.arnold@suse.de

%if %{with tomcat}

%package -n tomcat_apparmor
License:        GPLv2 ; LGPLv2.1+
Summary:        Tomcat 6 plugin for AppArmor change_hat
Group:          System/Libraries
Requires:       libapparmor1 = %{version} tomcat6

%description -n tomcat_apparmor
tomcat_apparmor - is a plugin for Apache Tomcat version 6 that
provides support for AppArmor change_hat for creating AppArmor
containers that are bound to discrete elements of processing within the
Tomcat servlet container. The AppArmor containers, or "hats", can be
created for individual URL processing or per servlet.

Authors:
--------
    dreynolds@suse.de
%endif

%if %{with pam}

%package -n pam_apparmor
License:        GPLv2 ; LGPLv2.1+
Summary:        PAM module to for AppArmor change_hat
Group:          Productivity/Security

%description -n pam_apparmor
The pam_apparmor module provides the means for any PAM applications
that call pam_open_session() to automatically perform an AppArmor
change_hat operation in order to switch to a user-specific security
policy.

Authors:
--------
    jmichael@suse.de
    sbeattie@suse.de

%endif

%if %{with dbus}

%package dbus
License:        GPLv2 ; LGPLv2.1+
Summary:        Audit dispatcher for sending AppArmor events over DBUS
Group:          System/Monitoring

%description dbus
An audit dispatcher for sending AppArmor events over the DBUS system
bus.

Authors:
--------
    Matt Barringer <mbarringer@suse.de>

%endif

%if %{with editor}

%package profile-editor
License:        GPLv2 ; LGPLv2.1+
Summary:        AppArmor profile editor
Group:          Productivity/Editors/Other

%description profile-editor
A syntax highlighting editor for AppArmor profiles.

Authors:
--------
    Matt Barringer <mbarringer@suse.de>

%endif

%if %{with gnome}

%package -n apparmorapplet-gnome
License:        GPLv2 ; LGPLv2.1+
Summary:        An AppArmor event notification applet for GNOME
Group:          System/GUI/GNOME

%description -n apparmorapplet-gnome
This taskbar applet recieves AppArmor events over DBUS, and notifies
the user when AppArmor prevents an application from functioning.


Authors:
--------
    Matt Barringer <mbarringer@suse.de>

%endif

%description
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.

This package is part of a suite of tools that used to be named
SubDomain.

%lang_package -n apparmor-utils
%lang_package -n apparmor-parser
%if %{with gnome}
%lang_package -n apparmorapplet-gnome
%endif

%prep
%setup -q -n %{name}-%{srcversion}
%patch -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1

%build
export SUSE_ASNEEDED=0
autoreconf -fiv
%define _libdir /%{_lib}
%configure --disable-static --with-pic \
--with-perl \
%if %{with python}
--with-python \
%else
--without-python \
%endif
%if %{with ruby}
--with-ruby \
%else
--without-ruby \
%endif
%if %{with tomcat}
--with-tomcat \
%else
--without-tomcat \
%endif
%if %{with pam}
--with-pam \
%else
--without-pam \
%endif
%if %{with apache}
--with-apache \
%else
--without-apache \
%endif
%if %{with gnome}
--with-gnome \
%else
--without-gnome \
%endif
%if %{with dbus}
--with-dbus \
%else
--without-dbus \
%endif
%if %{with editor}
--with-profileeditor \
%else
--without-profileeditor \
%endif

%{__make} %{?jobs:-j%jobs}

%if %{with ruby}
#rm libraries/libapparmor/swig/ruby/Makefile.ruby
#make -C libraries/libapparmor/swig/ruby
%endif

%install
%{make_install}

find $RPM_BUILD_ROOT -name .packlist -exec rm -f {} \;
find $RPM_BUILD_ROOT -name perllocal.pod -exec rm -f {} \;

# create symlink for old change_hat(2) manpage
ln -s aa_change_hat.2 ${RPM_BUILD_ROOT}/%{_mandir}/man2/change_hat.2

mkdir ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d
install parser/rc.apparmor.suse ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/boot.apparmor
install parser/rc.aaeventd.suse ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/aaeventd
ln -s %{_sysconfdir}/init.d/aaeventd ${RPM_BUILD_ROOT}/sbin/rcaaeventd
ln -s %{_sysconfdir}/init.d/boot.apparmor ${RPM_BUILD_ROOT}/sbin/rcapparmor
ln -s %{_sysconfdir}/init.d/boot.apparmor ${RPM_BUILD_ROOT}/sbin/rcsubdomain

for script in ${RPM_BUILD_ROOT}/usr/sbin/*; do
	d=$(dirname $script)
	f=$(basename $script)
	if [ "${f#aa-}" = "$f" ]; then
		ln -s /usr/sbin/$f $d/aa-$f
	fi
done

for man in ${RPM_BUILD_ROOT}/usr/share/man/man[18]/*; do
	d=$(dirname $man)
	f=$(basename $man)
	if [ "${f#aa-}" = "$f" ]; then
		ln -s $f $d/aa-$f
	fi
done

%if %{with editor}
%suse_update_desktop_file -i %{name}-profile-editor Utility TextEditor
%endif

%if %{with gnome}
%find_lang apparmorapplet-gnome
%endif

for pkg in apparmor-utils apparmor-parser; do
	%find_lang $pkg
done

# Clean up profiles that are provided by other packages now
rm $RPM_BUILD_ROOT%{_sysconfdir}/apparmor.d/usr.sbin.nscd

%clean
rm -rf $RPM_BUILD_ROOT

%files docs
%defattr(-,root,root)
%doc parser/*.[1-9].html
%doc common/apparmor.css
%doc parser/techdoc.pdf parser/techdoc/techdoc.html parser/techdoc/techdoc.css parser/techdoc.txt

%files parser
%defattr(-,root,root)
%doc parser/README parser/COPYING.GPL
/sbin/apparmor_parser
%dir %attr(-, root, root) %{_sysconfdir}/apparmor
%if %{distro} == "suse"
  /sbin/rcsubdomain
  /sbin/rcapparmor
  %{_sysconfdir}/init.d/boot.apparmor
  /sbin/rcaaeventd
  %{_sysconfdir}/init.d/aaeventd
%else
  %{_sysconfdir}/init.d/apparmor
  %{_sysconfdir}/init.d/aaeventd
%endif
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
/var/lib/apparmor
%dir %attr(-, root, root) %{apparmor_bin_prefix}
%{apparmor_bin_prefix}/rc.apparmor.functions
%doc %{_mandir}/man5/apparmor.d.5.gz
%doc %{_mandir}/man5/apparmor.vim.5.gz
%doc %{_mandir}/man5/subdomain.conf.5.gz
%doc %{_mandir}/man7/apparmor.7.gz
%doc %{_mandir}/man8/apparmor_parser.8.gz
%if %{distro} == "redhat" || %{distro} == "rhel4"

%pre parser
if [ -f %{_sysconfdir}/init.d/subdomain ] ; then
  chkconfig --del subdomain
fi
%endif

%files parser-lang -f apparmor-parser.lang

%files -n libapparmor1
%defattr(-,root,root)
%{_libdir}/libapparmor.la
%{_libdir}/libimmunix.la
%{_libdir}/libapparmor.so*
%{_libdir}/libimmunix.so*

%files -n libapparmor-devel
%defattr(-,root,root)
%{_libdir}/libapparmor.so
%{_libdir}/libimmunix.so
%doc %{_mandir}/man2/aa_change_hat.2.gz
%doc %{_mandir}/man2/change_hat.2.gz
%dir %{_includedir}/aalogparse
%{_includedir}/sys/apparmor.h
%{_includedir}/aalogparse/*

# hrm, still need to enumerate each directory in these paths in files :(
%define extras_dir %{_sysconfdir}/apparmor/profiles/extras/
%define profiles_dir %{_sysconfdir}/apparmor.d/

%files profiles
%defattr(-,root,root)
%attr(644, root, root) %config(noreplace) %{profiles_dir}/*
%attr(644, root, root) %{extras_dir}/*
%dir %{_sysconfdir}/apparmor.d/
%dir %{_sysconfdir}/apparmor/
%dir %{_sysconfdir}/apparmor/profiles
%dir %{_sysconfdir}/apparmor/profiles/extras

%files utils
%defattr(-,root,root)
%dir %{_sysconfdir}/apparmor
%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
%config(noreplace) %{_sysconfdir}/apparmor/notify.conf
%config(noreplace) %{_sysconfdir}/apparmor/severity.db
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
%{_prefix}/sbin/*
%dir /var/log/apparmor
%doc %{_mandir}/man5/logprof.conf.5.gz
%doc %{_mandir}/man8/apparmor_notify.8.gz
%doc %{_mandir}/man8/aa-*.gz
%doc %{_mandir}/man8/apparmor_status.8.gz
%doc %{_mandir}/man8/audit.8.gz
%doc %{_mandir}/man8/autodep.8.gz
%doc %{_mandir}/man8/complain.8.gz
%doc %{_mandir}/man8/enforce.8.gz
%doc %{_mandir}/man8/genprof.8.gz
%doc %{_mandir}/man8/logprof.8.gz
%doc %{_mandir}/man8/unconfined.8.gz
%doc utils/*.[0-9].html
%doc common/apparmor.css

%files utils-lang -f apparmor-utils.lang

%files -n perl-apparmor
%defattr(-,root,root)
%{perl_vendorlib}/Immunix
%dir %{perl_vendorarch}/auto/LibAppArmor
%{perl_vendorarch}/auto/LibAppArmor/*
%{perl_vendorarch}/LibAppArmor.pm

%if %{with python}

%files -n python-apparmor
%defattr(-,root,root)
%{python_sitearch}/LibAppArmor-2.5.1-py2.7.egg-info
%{python_sitearch}/libapparmor1/*
%endif

%if %{with ruby}

%files -n ruby-apparmor
%defattr(-,root,root)
%{_prefix}/%{rb_sitearch}/*
%endif

%if %{with pam}

%files -n pam_apparmor
%defattr(444,root,root,755)
%attr(555,root,root) %{_libdir}/security/pam_apparmor.so
%attr(555,root,root) %{_libdir}/security/pam_apparmor.la
%endif

%if %{with tomcat}

%files -n tomcat_apparmor
%defattr(-,root,root)
%{CATALINA_HOME}/lib/%{JAR_FILE}
%{_libdir}/libJNI*
%doc %attr(0644,root,root) changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
%endif

%if %{with apache}

%files -n apache2-mod_apparmor
%defattr(-,root,root)
%{apache_module_path}/mod_apparmor.so
%{apache_module_path}/mod_apparmor.la
%doc %{_mandir}/man8/mod_apparmor.8.gz
%endif

%if %{with dbus}

%files dbus
%defattr(0750, root, root)
%{_bindir}/apparmor-dbus
%endif

%if %{with editor}

%files profile-editor
%defattr(-, root, root)
%{_datadir}/applications/%{name}-profile-editor.desktop
%{_datadir}/pixmaps/%{name}-profile-editor.png
%{_bindir}/profileeditor
%{_docdir}/profileeditor/AppArmorProfileEditor.htb
%if 0
%{_prefix}/share/doc/profileeditor/AppArmorProfileEditor.htb
%endif
%dir %{_prefix}/share/doc/profileeditor
%endif

%if %{with gnome}

%files -n apparmorapplet-gnome
%defattr(-, root, root)
%{_libdir}/bonobo/servers/*.server
%{_prefix}/lib/apparmorapplet
%{_datadir}/pixmaps/*

%files -n apparmorapplet-gnome-lang -f apparmorapplet-gnome.lang
%endif

%post parser
%if %{distro} == "suse"
  # SUSE uses insserv
  # For package renaming from subdomain -> apparmor
  # we check the existence of the AppArmor 1.1 and
  # AppArmor 1.2 based init script to help determine
  # whether  we are upgrading
  SUBDOMAIN_PARSER_INSTALLED="no"
  if test -e %{_sysconfdir}/init.d/boot.subdomain -o -e %{_sysconfdir}/init.d/subdomain; then
    SUBDOMAIN_PARSER_INSTALLED="yes"
  fi
  if  test "$1" == 1  -a $SUBDOMAIN_PARSER_INSTALLED = "no"; then
    %{insserv_force_if_yast boot.apparmor}
  elif test -e %{_sysconfdir}/rc.d/boot.d/S??boot.subdomain  -o \
            -e %{_sysconfdir}/rc.d/boot.d/S??boot.apparmor  -o \
            -e %{_sysconfdir}/rc.d/rc3.d/S??subdomain ; then
    %{insserv_force_if_yast boot.apparmor}
  else
    %{fillup_and_insserv -f boot.apparmor}
  fi
%endif
%if %{distro} == "redhat" || %{distro} == "rhel4"
  chkconfig --add apparmor
%endif
%if %{distro} == "slackware"
  if grep -qs "# BEGIN rc.subdomain INSERTION" %{_sysconfdir}/rc.d/rc.M ; then true ; else
    %{apparmor_bin_prefix}/install/frob_slack_rc --init
  fi
  if grep -qs "# BEGIN rc.subdomain INSERTION" %{_sysconfdir}/rc.d/rc.K ; then true ; else
    %{apparmor_bin_prefix}/install/frob_slack_rc --shutdown
  fi
%endif

%preun parser
if [ "$1" = 0 ] ; then
%if %{distro} == "suse"
  %{stop_on_removal aaeventd}
  %{stop_on_removal boot.apparmor}
%endif
%if %{distro} == "redhat" || %{distro} == "rhel4"
  chkconfig --del aaeventd
  chkconfig --del apparmor
%endif
fi

%postun parser
%if %{distro} == "suse"
  %restart_on_update aaeventd boot.apparmor
  %{insserv_cleanup} || true
%endif

%post -n libapparmor1 -p /sbin/ldconfig

%postun -n libapparmor1 -p /sbin/ldconfig
%if %{with tomcat}

%post -n tomcat_apparmor -p /sbin/ldconfig

%postun -n tomcat_apparmor -p /sbin/ldconfig
%endif

%if %{with pam}

%post -n pam_apparmor
pam-config -a --apparmor
pam-config --update

%postun -n pam_apparmor
pam-config -d --apparmor
pam-config --update
%endif

%changelog