rc.apparmor.functions: drop module loading support

The apparmor kernel "module" has not been a loadable module for more than a decade, it must be built into the kernel and due configuration requirements it will never go back to being a loadable module. Remove the long unfunctioning load_module support from the init script. PR: https://gitlab.com/apparmor/apparmor/merge_requests/257 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: seth.arnold@canonical.com
2025-09-03 15:55:46 +00:00 · 2018-11-03 07:15:16 -07:00
parent e657ca67d7
commit 0d5ab43d59
1 changed files with 8 additions and 34 deletions
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@@ -325,42 +325,16 @@ unmount_subdomainfs() {
 	fi
 }
 load_module() {
 	local rc=0
 	if modinfo -F filename apparmor > /dev/null 2>&1 ; then
 		MODULE=apparmor
 	elif modinfo -F filename ${OLD_MODULE} > /dev/null 2>&1 ; then
 		MODULE=${OLD_MODULE}
 	fi
 	if ! is_apparmor_present apparmor subdomain ; then
 		aa_action "Loading AppArmor module" /sbin/modprobe -q $MODULE $1
 		rc=$?
 		if [ $rc -ne 0 ] ; then
 			module_panic
 			rc=$?
 			if [ $rc -ne 0 ] ; then
 				exit $rc
 			fi
 		fi
 	fi
 	if ! is_apparmor_loaded ; then
 		return 1
 	fi
 	return $rc
 }
 apparmor_start() {
 	aa_log_daemon_msg "Starting AppArmor"
-	if ! is_apparmor_loaded ; then
+	if ! is_apparmor_present ; then
-		load_module
+		aa_log_failure_msg "Starting AppArmor - failed, To enable AppArmor, ensure your kernel is configured with CONFIG_SECURITY_APPARMOR=y then add 'security=apparmor apparmor=1' to the kernel command line"
-		rc=$?
+		aa_log_end_msg 1
-		if [ $rc -ne 0 ] ; then
+		return 1
-			aa_log_end_msg $rc
+	elif ! is_apparmor_loaded ; then
-			return $rc
+		aa_log_failure_msg "Starting AppArmor - AppArmor control files aren't available under /sys/kernel/security/, please make sure securityfs is mounted."
-		fi
+		aa_log_end_msg 1
 		return 1
 	fi
 	if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then