[apparmor] [PATCH] fix rc.apparmor.functions
Steve Beattie
steve at nxnw.org
Tue Mar 15 22:09:37 UTC 2011
On Tue, Mar 15, 2011 at 02:49:14PM -0700, John Johansen wrote:
> On 03/15/2011 05:10 AM, John Johansen wrote:
> > The following patch from pld linux is missing from the AppArmor 2.6 release
> >
> Forgot to add nominated for 2.6.1
ACK'ed for both trunk and 2.6.1
Though I have to ask, is this chunk
> > --- rc.apparmor.functions.org 2010-03-17 21:06:13.768595265 +0100
> > +++ rc.apparmor.functions 2010-03-17 21:08:34.122087900 +0100
> >
> > retval=0
> > #the list of profiles isn't stable once we start adding or removing
> > - #them so stor to tmp first
> > + #them so store to tmp first (in reverse order so hat profiles are removed first)
> > MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
> > - sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST"
> > + sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort -r > "$MODULE_PLIST"
> > cat "$MODULE_PLIST" | while read profile ; do
> > echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
> > rc=$?
to cope for the fact that it used to be required to unload hats
separately (when they were moved in in-kernel structures from
being internal to a profile to external), and that now the kernel
no longer requires this as it unloads hats at the same time as the
parent profile?
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110315/6a794166/attachment.pgp>
More information about the AppArmor
mailing list