From 79e6a4fec589e50d8e18770b8b45f4c37a7d45d2 Mon Sep 17 00:00:00 2001 From: Steve Beattie Date: Tue, 27 Mar 2007 18:38:28 +0000 Subject: [PATCH] This patch fixes up a couple of bashisms in the rc.apparmor.functions file that prevented it from working correctly on systems where /bin/sh isn't bash, and is probably more readable to boot. It still will parse things properly when confined binaries or thier corresponding profiles contain spaces in their names. Fix based on feedback and patches from Arkadiusz Miskiewicz /PLD and Kees Cook/Ubuntu. --- parser/apparmor-parser.spec.in | 2 ++ parser/rc.apparmor.functions | 8 +++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/parser/apparmor-parser.spec.in b/parser/apparmor-parser.spec.in index 40104d400..33ff4ea4a 100644 --- a/parser/apparmor-parser.spec.in +++ b/parser/apparmor-parser.spec.in @@ -149,6 +149,8 @@ fi %endif %changelog +* Tue Mar 27 2007 - sbeattie@suse.de +- Removed a couple of bashisms from initscripts * Fri Mar 23 2007 - sbeattie@suse.de - Added dfa matching code - add build dep on c++ compiler diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions index df8737e14..57cec7145 100644 --- a/parser/rc.apparmor.functions +++ b/parser/rc.apparmor.functions @@ -129,7 +129,7 @@ parse_profiles() { return 1 fi - if [ "X" == "X$(ls $PROFILE_DIR/)" ]; then + if [ -z "$(ls $PROFILE_DIR/)" ]; then sd_log_skipped_msg "- No profiles found\nNo AppArmor policy loaded." return 1 fi @@ -388,7 +388,7 @@ remove_profiles() { fi retval=0 - IFS=$'\n' && for profile in $(sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles") ; do + sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | while read profile ; do echo "\"$profile\" { }" | $PARSER -R >/dev/null rc=$? if [ ${rc} -ne 0 ] ; then @@ -431,9 +431,7 @@ __subdomain_restart() { profiles_names_list ${PNAMES_LIST} MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX) sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST" - #profiles=$(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) - #for profile in $profiles ; do - IFS=$'\n' && for profile in $(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) ; do + sort "$PNAMES_LIST" | comm -2 -3 "$MODULE_PLIST" - | while read profile ; do echo "\"$profile\" {}" | $PARSER -R >/dev/null done rm "$MODULE_PLIST"