Description: fix compile on build
Patch from Gentoo community:
- fix up a couple of missing semicolons in syntax (bison compensates
by emitting it's own)
- Fix yet another variable tyop in rc.apparmor.functions
- dump stderr of ls in rc.apparmor.functions to /dev/null
- add an install-unknown make target
removing profiles, as the list is unstable after additions or removals.
- Add the ability to loaded precompiled policy by specifying the -B
option, which can be combined with --add or --replace
- rc.apparmor.functions were not correctly removing profiles on replace and
reload, also convert to using the module interface directly bypassing the
parser.
- fix cx -> named transitions
- fix apparmor_parser -N so that it emits hats as profiles under new kernel
modules. This is the correct behavior as hats are promoted to profiles.
<mathiaz@ubuntu.com> [Message-ID: <20070813201254.GD11381@mathias.mathiaz.net>]
Added comments to both file-skipping locations referencing the other
location that needs to be modified.
(The ideal solution would be for this information to be stored in one
commonly referenced location, configurable by distributors and
administratrors.)
This patch converts some of the internal references from subdomain to
apparmor (and s/sd/aa/ as well). Variables referenced in
/etc/apparmor/subdomain.conf (which also needs to be renamed) are not
renamed.
[This is a slight update to a patch originally by jjohansen@suse.de]
The ability of the rcapparmor initscript to rebuild the apparmor module
if attmepts to load the module failed had been broken for a while; this
patch rips out the option altogether. The ability to drop to runlevel
1 if the apparmor module can't be loaded is still available, if not
recently tested.
This patch, based on prior versions by jjohansen@suse.de, reworks the
rcapparmor initscript to support apparmor as a kernel builtin, instead
of just a module.
In the recent fixups for Ubuntu/Debian, .dpkg-new files got added to the
set of profile names that get ignored. Alas, that only got added in one
of two locations in the initscript; this patch fixes that by making a
common test function that both locations use.
file that prevented it from working correctly on systems where /bin/sh
isn't bash, and is probably more readable to boot. It still will parse
things properly when confined binaries or thier corresponding profiles
contain spaces in their names.
Fix based on feedback and patches from Arkadiusz Miskiewicz
<arekm@maven.pl>/PLD and Kees Cook/Ubuntu.
