fix

- rc.apparmor.functions were not correctly removing profiles on replace and reload, also convert to using the module interface directly bypassing the parser. - fix cx -> named transitions - fix apparmor_parser -N so that it emits hats as profiles under new kernel modules. This is the correct behavior as hats are promoted to profiles.
2025-08-31 06:16:03 +00:00 · 2008-06-04 07:24:38 +00:00
parent 3897c52414
commit be495f2125
4 changed files with 32 additions and 21 deletions
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@@ -426,7 +426,7 @@ __apparmor_restart() {
 	MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
 	sed  -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST"
 	sort "$PNAMES_LIST" | comm -2 -3 "$MODULE_PLIST" - | while read profile ; do
-		echo "\"$profile\" {}" | $PARSER -R >/dev/null
+		echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
 	done
 	rm "$MODULE_PLIST"
 	rm "$PNAMES_LIST"