mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

Subject: initscript: kill rebuild option

Browse Source 
[This is a slight update to a patch originally by jjohansen@suse.de]

The ability of the rcapparmor initscript to rebuild the apparmor module
if attmepts to load the module failed had been broken for a while; this
patch rips out the option altogether. The ability to drop to runlevel
1 if the apparmor module can't be loaded is still available, if not
recently tested.
This commit is contained in:
Steve Beattie
2007-04-04 21:28:43 +00:00
parent 5cc6094944
commit f309bbd8e7
2 changed files with 1 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
parser/apparmor-parser.spec.in
View File

@@ -159,6 +159,7 @@ fi
* Wed Apr 4 2007 - sbeattie@suse.de * Wed Apr 4 2007 - sbeattie@suse.de
- rcapparmor: fix dpkg ignore check - rcapparmor: fix dpkg ignore check
- rcapparmor: support apparmor built into kernel - rcapparmor: support apparmor built into kernel
- rcapparmor: kill old cruft
* Tue Apr 3 2007 - sbeattie@suse.de * Tue Apr 3 2007 - sbeattie@suse.de
- Add manpages to package - Add manpages to package
* Thu Mar 29 2007 - coolo@suse.de * Thu Mar 29 2007 - coolo@suse.de

45
parser/rc.apparmor.functions
View File

@@ -86,7 +86,6 @@ SECURITYFS=/sys/kernel/security
SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab | \ SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab | \
sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null) sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
SUBDOMAIN_SRC="/usr/src/kernel-modules/SubDomain/module"
if [ -d "/var/lib/${MODULE}" ] ; then if [ -d "/var/lib/${MODULE}" ] ; then
APPARMOR_TMPDIR="/var/lib/${MODULE}" APPARMOR_TMPDIR="/var/lib/${MODULE}"
@@ -190,40 +189,6 @@ profiles_names_list() {
done done
} }
rebuild_subdomain() {
if [ -d "$SUBDOMAIN_SRC" ] ; then
# only try to rebuild for the running kernel
cd "$SUBDOMAIN_SRC"
kernelver=`uname -r`
kernelsrc=`readlink "/lib/modules/$kernelver/build"`
line="KERNELVER=$kernelver KERNELSRC=$kernelsrc"
/usr/bin/env $line ${SUBDOMAIN_SRC}/BUILD-SUBDOMAIN ;
rc=$?
if [ $rc -ne 0 ] ; then
sd_log_failure_msg "- could not rebuild AppArmor module"
return $rc
fi
depmod -a
rc=$?
if [ $rc -ne 0 ] ; then
sd_log_failure_msg "- could not set AppArmor module dependencies"
return $rc ;
fi
sd_action "Loading AppArmor module" /sbin/modprobe $MODULE $1
rc=$?
if [ $rc -ne 0 ] ; then
# we couldn't find the module
sd_log_failure_msg "- could not load rebuilt AppArmor module"
rc=$?
return $rc
fi
else
sd_log_failure_msg "- could not rebuild AppArmor, module source not found."
return -1
fi
}
failstop_system() { failstop_system() {
level=$(runlevel | cut -d" " -f2) level=$(runlevel | cut -d" " -f2)
if [ $level -ne "1" ] ; then if [ $level -ne "1" ] ; then
@@ -241,16 +206,6 @@ module_panic() {
case "$SUBDOMAIN_MODULE_PANIC" in case "$SUBDOMAIN_MODULE_PANIC" in
"warn"|"WARN") "warn"|"WARN")
return 1 ;; return 1 ;;
"build"|"BUILD") rebuild_subdomain
rc=$?
return $rc ;;
"build-panic"|"BUILD-PANIC") rebuild_subdomain
rc=$?
if [ $rc -ne 0 ] ; then
failstop_system
rc=$?
fi
return $rc ;;
"panic"|"PANIC") failstop_system "panic"|"PANIC") failstop_system
rc=$? rc=$?
return $rc ;; return $rc ;;