AppArmor

Merge lp:~serge-hallyn/apparmor/apparmor-ubuntu-citrain into lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain

  1. apparmor-ubuntu-citrain
  2. Merge into apparmor-ubuntu-citrain
Proposed by Serge Hallyn
Status: Merged
Merged at revision: 1551
Proposed branch: lp:~serge-hallyn/apparmor/apparmor-ubuntu-citrain
Merge into: lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain
Diff against target: 68 lines (+37/-0)
3 files modified
debian/apparmor.install (+1/-0)
debian/changelog (+6/-0)
debian/lib/apparmor/profile-load (+30/-0)
To merge this branch: bzr merge lp:~serge-hallyn/apparmor/apparmor-ubuntu-citrain
Reviewer Review Type Date Requested Status
AppArmor Developers Pending
Review via email: mp+254333@code.launchpad.net

Description of the change

This adds a 'profile-load' script which can be used by apparmor-profile-load which will be shipped by init-system-helpers. Once this is in vivid then we can move the existing script from cgroup-bin to init-system-helpers and fix the critical bug 1432683.

(See http://paste.ubuntu.com/10626570/ for the debdiffs we intend to use - except that cgroup-bin will also need to Depend on init-system-helpers, and init-system-helpers will break/replace cgroup-bin, not cgroup.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/apparmor.install'
2--- debian/apparmor.install 2014-08-07 00:57:21 +0000
3+++ debian/apparmor.install 2015-03-27 00:49:23 +0000
4@@ -1,5 +1,6 @@
5 debian/apport/source_apparmor.py /usr/share/apport/package-hooks/
6 debian/lib/apparmor/functions /lib/apparmor/
7+debian/lib/apparmor/profile-load /lib/apparmor/
8 etc/apparmor/parser.conf
9 etc/apparmor/subdomain.conf
10 sbin/apparmor_parser
11
12=== modified file 'debian/changelog'
13--- debian/changelog 2015-03-25 23:14:36 +0000
14+++ debian/changelog 2015-03-27 00:49:23 +0000
15@@ -1,5 +1,6 @@
16 apparmor (2.9.1-0ubuntu8) UNRELEASED; urgency=medium
17
18+ [ Steve Beattie ]
19 * debian/rules: run make check on the libapparmor library
20 * add-chromium-browser.patch: add support for chromium policies
21 (LP: #1419294)
22@@ -15,6 +16,11 @@
23 * GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
24 file to X abstraction (LP: #1432126)
25
26+ [ Robie Basak ]
27+ * Add /lib/apparmor/profile-load; moved from
28+ /lib/init/apparmor-profile-load from the upstart package. A wrapper at
29+ the original path is now provided by init-system-helpers. (LP: #1432683)
30+
31 -- Steve Beattie <sbeattie@ubuntu.com> Wed, 25 Mar 2015 16:08:08 -0700
32
33 apparmor (2.9.1-0ubuntu7) vivid; urgency=medium
34
35=== added file 'debian/lib/apparmor/profile-load'
36--- debian/lib/apparmor/profile-load 1970-01-01 00:00:00 +0000
37+++ debian/lib/apparmor/profile-load 2015-03-27 00:49:23 +0000
38@@ -0,0 +1,30 @@
39+!/bin/sh
40+# profile-load
41+#
42+# Helper for loading an AppArmor profile in pre-start scripts.
43+
44+[ -z "$1" ] && exit 1 # require a profile name
45+
46+# do not load in a container
47+[ -x /bin/running-in-container ] && /bin/running-in-container >/dev/null 2>&1 && exit 0
48+
49+[ -d /rofs/etc/apparmor.d ] && exit 0 # do not load if running liveCD
50+
51+profile=/etc/apparmor.d/"$1"
52+[ -e "$profile" ] || exit 0 # skip when missing profile
53+
54+module=/sys/module/apparmor
55+[ -d $module ] || exit 0 # do not load without AppArmor in kernel
56+
57+[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
58+
59+aafs=/sys/kernel/security/apparmor
60+[ -d $aafs ] || exit 0 # do not load if unmounted
61+[ -w $aafs/.load ] || exit 1 # fail if cannot load profiles
62+
63+params=$module/parameters
64+[ -r $params/enabled ] || exit 0 # do not load if missing
65+read enabled < $params/enabled || exit 1 # if this fails, something went wrong
66+[ "$enabled" = "Y" ] || exit 0 # do not load if disabled
67+
68+/sbin/apparmor_parser -r -W "$profile" || exit 0 # LP: #1058356

Subscribers

People subscribed via source and target branches