1
description "Pre-cache and pre-load apparmor profiles"
2
author "Dimitri John Ledkov <xnox@ubuntu.com> and Jamie Strandboge <jamie@ubuntu.com>"
6
start on starting rc-sysinit
9
[ -d /rofs/etc/apparmor.d ] && exit 0 # do not load on liveCD
10
[ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor
11
[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
12
[ -x /bin/running-in-container ] && /bin/running-in-container && exit 0
14
# Need securityfs for any mode
15
if [ ! -d /sys/kernel/security/apparmor ]; then
16
if cut -d" " -f2,3 /proc/mounts | grep -q "^/sys/kernel/security securityfs"'$' ; then
19
mount -t securityfs none /sys/kernel/security || exit 0
23
[ -w /sys/kernel/security/apparmor/.load ] || exit 0
25
[ -x /usr/bin/aa-clickhook ] && {
28
# If packages for system policy that affect click packages have been
29
# updated since the last time we ran, run aa-clickhook -f
30
for pkg in apparmor-easyprof-ubuntu apparmor ; do
31
[ -f "/var/lib/dpkg/info/${pkg}.md5sums" ] || continue
33
if ! diff -q "/var/lib/dpkg/info/${pkg}.md5sums" "/var/lib/apparmor/profiles/.${pkg}.md5sums" 2>/dev/null ; then
34
# store md5sums in /var/lib/apparmor/profiles since
35
# /var/cache/apparmor might be cleared by apparmor
36
cp -f "/var/lib/dpkg/info/${pkg}.md5sums" "/var/lib/apparmor/profiles/.${pkg}.md5sums"
41
if [ -n "$run" ]; then
46
. /lib/apparmor/functions
48
if [ "$ACTION" = "teardown" ]; then
49
running_profile_names | while read profile; do
50
unload_profile "$profile"
55
if [ "$ACTION" = "clear" ]; then
60
if [ "$ACTION" = "reload" ] || [ "$ACTION" = "force-reload" ]; then
62
load_configured_profiles
63
unload_obsolete_profiles
67
load_configured_profiles