[prev in list] [next in list] [prev in thread] [next in thread]
List: apparmor-dev
Subject: Re: [apparmor] [patch] utils: make aa-status(8) function without python3-apparmor
From: John Johansen <john.johansen () canonical ! com>
Date: 2015-11-24 9:34:47
Message-ID: 56542F37.7070405 () canonical ! com
[Download RAW message or body]
On 11/22/2015 07:18 AM, Christian Boltz wrote:
> Hello,
>
> any comments on this?
>
It is interesting but I am not fond of it. It also should have another test
> Am Mittwoch, 5. August 2015 schrieb Christian Boltz:
>> Am Dienstag, 4. August 2015 schrieb Steve Beattie:
>>> However, I *do* think we could
>>> have a separate aa-is-enabled compiled tool that answers the
>>> question
>>> dh_apparmor needs to know,
>>
>> So dh_apparmor only needs/uses aa-status --enabled?
>>
>> The only thing I can say about that is:
>>
>> Go away or I will replace you with a very small shell script!
>>
>> ;-)
>>
>>
>> #!/bin/bash
>> test -e /sys/module/apparmor || exit 1
if [ `cat /sys/module/apparmor/parameters/enabled` != 'Y' ] ; then exit 5 ; fi
>> mountpoint=
>> while read device mountpoint fstype trash ; do
>> test "$fstype" == "securityfs" && break
>> done < /proc/mounts
>> test -n "$mountpoint" || exit 3
>> test -d "$mountpoint/apparmor" || exit 4
>> test -n "$(<$mountpoint/apparmor/profiles)" || exit 2
>> exit 0
>>
>> This script should work, however I gave it only a quick test and
>> didn't test on a system without AppArmor (but tested by modifying the
>> script to cause negative answers in various conditions).
>>
>> I know I'm using quite some bashisms here, but IMHO that's cheaper
>> than calling some external helpers (the first version of the script
>> had a grep with an interesting regex, and a cat for testing if
>> $mountpoint/apparmor/profiles isn't empty - well, "grep .." would also
>> work ;-)
>>
>> Oh, and the exitcodes don't always match aa-status exactly, but that
>> could be fixed by an additional test if needed.
>
>
> Regards,
>
> Christian Boltz
>
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic