2
# apparmor-profile-load
4
# Helper for loading an AppArmor profile in pre-start scripts.
6
[ -z "$1" ] && exit 1 # require a profile name
8
# do not load in a container
9
[ -x /bin/running-in-container ] && /bin/running-in-container >/dev/null 2>&1 && exit 0
11
[ -d /rofs/etc/apparmor.d ] && exit 0 # do not load if running liveCD
13
profile=/etc/apparmor.d/"$1"
14
[ -e "$profile" ] || exit 0 # skip when missing profile
16
module=/sys/module/apparmor
17
[ -d $module ] || exit 0 # do not load without AppArmor in kernel
19
[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
21
aafs=/sys/kernel/security/apparmor
22
[ -d $aafs ] || exit 0 # do not load if unmounted
23
[ -w $aafs/.load ] || exit 1 # fail if cannot load profiles
25
params=$module/parameters
26
[ -r $params/enabled ] || exit 0 # do not load if missing
27
read enabled < $params/enabled || exit 1 # if this fails, something went wrong
28
[ "$enabled" = "Y" ] || exit 0 # do not load if disabled
30
/sbin/apparmor_parser -r -W "$profile" || exit 0 # LP: #1058356
added
removed
debian/apparmor-profile-load
