← Back to branch summary

~upstart-devel/upstart/upstart-jobs

« back to all changes in this revision

Viewing changes to utopic/etc/init/apparmor.conf

  • Committer: Dimitri John Ledkov
  • Date: 2014-11-19 12:58:41 UTC
  • Revision ID: dimitri.j.ledkov@intel.com-20141119125841-98dr37roy8dvcv3b
auto update

Show diffs side-by-side

added added

removed removed

Lines of Context:
utopic/etc/init/apparmor.conf
1
 
description "Pre-cache and pre-load apparmor profiles"
2
 
author "Dimitri John Ledkov <xnox@ubuntu.com> and Jamie Strandboge <jamie@ubuntu.com>"
3
 
 
4
 
task
5
 
 
6
 
start on starting rc-sysinit
7
 
 
8
 
script
9
 
    [ -d /rofs/etc/apparmor.d ]  && exit 0 # do not load on liveCD
10
 
    [ -d /sys/module/apparmor ]  || exit 0 # do not load without AppArmor
11
 
    [ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
12
 
    [ -x /bin/running-in-container ] && /bin/running-in-container && exit 0
13
 
 
14
 
    # Need securityfs for any mode
15
 
    if [ ! -d /sys/kernel/security/apparmor ]; then
16
 
        if cut -d" " -f2,3 /proc/mounts | grep -q "^/sys/kernel/security securityfs"'$' ; then
17
 
            exit 0
18
 
        else
19
 
            mount -t securityfs none /sys/kernel/security || exit 0
20
 
        fi
21
 
    fi
22
 
 
23
 
    [ -w /sys/kernel/security/apparmor/.load ] || exit 0
24
 
 
25
 
    [ -x /usr/bin/aa-clickhook ] && {
26
 
        run=
27
 
 
28
 
        # If packages for system policy that affect click packages have been
29
 
        # updated since the last time we ran, run aa-clickhook -f
30
 
        for pkg in apparmor-easyprof-ubuntu apparmor ; do
31
 
            [ -f "/var/lib/dpkg/info/${pkg}.md5sums" ] || continue
32
 
 
33
 
            if ! diff -q "/var/lib/dpkg/info/${pkg}.md5sums" "/var/lib/apparmor/profiles/.${pkg}.md5sums" 2>/dev/null ; then
34
 
                # store md5sums in /var/lib/apparmor/profiles since
35
 
                # /var/cache/apparmor might be cleared by apparmor
36
 
                cp -f "/var/lib/dpkg/info/${pkg}.md5sums" "/var/lib/apparmor/profiles/.${pkg}.md5sums"
37
 
                run='yes'
38
 
            fi
39
 
        done
40
 
 
41
 
        if [ -n "$run" ]; then
42
 
            aa-clickhook -f
43
 
        fi
44
 
    }
45
 
 
46
 
    . /lib/apparmor/functions
47
 
 
48
 
    if [ "$ACTION" = "teardown" ]; then
49
 
        running_profile_names | while read profile; do
50
 
            unload_profile "$profile"
51
 
        done
52
 
        exit 0
53
 
    fi
54
 
 
55
 
    if [ "$ACTION" = "clear" ]; then
56
 
        clear_cache
57
 
        exit 0
58
 
    fi
59
 
 
60
 
    if [ "$ACTION" = "reload" ] || [ "$ACTION" = "force-reload" ]; then
61
 
        clear_cache
62
 
        load_configured_profiles
63
 
        unload_obsolete_profiles
64
 
        exit 0
65
 
    fi
66
 
 
67
 
    load_configured_profiles
68
 
end script