[apparmor] [PATCH] Convert aa-status to Python

Jamie Strandboge jamie at canonical.com
Thu May 26 20:23:06 UTC 2011


On Thu, 2011-05-26 at 13:13 -0700, Seth Arnold wrote:
> On Thu, May 26, 2011 at 1:07 PM, Marc Deslauriers
> <marc.deslauriers at canonical.com> wrote:
> > Hmm..I'm not quite sure where this is used during boot. Is it in
> > SUSE-specific init scripts?
> 
> Check out /etc/init/mysql.conf on an Ubuntu 10.10 system. Not sure if
> this has survived to 11.04 or not, I like to let others test large
> upgrades for me. :)
> 
> pre-start script
>     #Sanity checks
>     [ -r $HOME/my.cnf ]
>     [ -d /var/run/mysqld ] || install -m 755 -o mysql -g root -d /var/run/mysqld
>     # Load AppArmor profile
>     if aa-status --enabled 2>/dev/null; then
>         apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld || true
>     fi
>     LC_ALL=C BLOCKSIZE= df --portability /var/lib/mysql/. | tail -n 1
> | awk '{ exit ($4<4096) }'
> end script

These days, these should all be moved over to
upstart's /lib/init/apparmor-profile-load, like with avahi:

pre-start script
    /lib/init/apparmor-profile-load usr.sbin.avahi-daemon
end script

/lib/init/apparmor-profile-load does not use aa-status, so going forward
we should be ok here. If packages in oneiric are still using the old
method, then that is a bug that we need to fix.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110526/c9521dec/attachment.pgp>


More information about the AppArmor mailing list