/apparmor/functions
Shell | 82 lines | 48 code | 11 blank | 23 comment | 7 complexity | bf1e4af791814a179a468687cb43b3f2 MD5 | raw file
1#!/bin/sh 2# ---------------------------------------------------------------------- 3# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 4# NOVELL (All rights reserved) 5# Copyright (c) 2008-2010 Canonical, Ltd. 6# 7# This program is free software; you can redistribute it and/or 8# modify it under the terms of version 2 of the GNU General Public 9# License published by the Free Software Foundation. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, contact Novell, Inc. 18# ---------------------------------------------------------------------- 19# Authors: 20# Kees Cook <kees@ubuntu.com> 21# 22# /etc/apparmor/functions 23 24PROFILES="/etc/apparmor.d" 25PARSER="/sbin/apparmor_parser" 26SECURITYFS="/sys/kernel/security" 27export AA_SFS="$SECURITYFS/apparmor" 28 29# Suppress warnings when booting in quiet mode 30quiet_arg="" 31[ "${QUIET:-no}" = yes ] && quiet_arg="-q" 32[ "${quiet:-n}" = y ] && quiet_arg="-q" 33 34foreach_configured_profile() { 35 (ls -1 "$PROFILES" | egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \ 36 while read profile; do 37 if [ -f "$PROFILES"/"$profile" ]; then 38 echo "$PROFILES"/"$profile" 39 fi 40 done) | \ 41 xargs -n1 "$PARSER" "$@" -- 42} 43 44load_configured_profiles() { 45 clear_cache_if_outdated 46 foreach_configured_profile $quiet_arg --write-cache --replace 47} 48 49load_configured_profiles_without_caching() { 50 foreach_configured_profile $quiet_arg --replace 51} 52 53recache_profiles() { 54 clear_cache 55 foreach_configured_profile $quiet_arg --write-cache --skip-kernel-load 56} 57 58configured_profile_names() { 59 foreach_configured_profile $quiet_arg -N 2>/dev/null | sort | grep -v '\^' 60} 61 62running_profile_names() { 63 cat "$AA_SFS"/profiles | sed -e "s/ (\(enforce\|complain\))$//" | sort 64} 65 66unload_profile() { 67 echo -n "$1" > "$AA_SFS"/.remove 68} 69 70clear_cache() { 71 find "$PROFILES"/cache -maxdepth 1 -type f -print0 | xargs -0 rm -f -- 72} 73 74clear_cache_if_outdated() { 75 if [ -r "$PROFILES"/cache/.features ]; then 76 read CACHE_FEATURES < "$PROFILES"/cache/.features 77 read KERN_FEATURES < "$AA_SFS"/features 78 if [ "$KERN_FEATURES" != "$CACHE_FEATURES" ]; then 79 clear_cache 80 fi 81 fi 82}