diff options
author | Michael Palimaka (kensington) <kensington@astralcloak.net> | 2011-11-24 19:08:35 +0000 |
---|---|---|
committer | Michael Palimaka (kensington) <kensington@astralcloak.net> | 2011-11-24 19:08:35 +0000 |
commit | bea451f1574b743d76b0fcd82960b475ee6261ec (patch) | |
tree | ac7ea2d80b18ecc5b816b9c1e60374ae2061993a /sys-apps/apparmor/files | |
parent | dev-python/bottle: Version bump (diff) | |
download | sunrise-bea451f1574b743d76b0fcd82960b475ee6261ec.tar.gz sunrise-bea451f1574b743d76b0fcd82960b475ee6261ec.tar.bz2 sunrise-bea451f1574b743d76b0fcd82960b475ee6261ec.zip |
sys-apps/apparmor: Avoid bashisms in initscript. Thanks to mgorny for the report, and Tommy[D] for the review.
svn path=/sunrise/; revision=12528
Diffstat (limited to 'sys-apps/apparmor/files')
-rw-r--r-- | sys-apps/apparmor/files/apparmor-confd | 5 | ||||
-rwxr-xr-x | sys-apps/apparmor/files/apparmor-init | 26 |
2 files changed, 17 insertions, 14 deletions
diff --git a/sys-apps/apparmor/files/apparmor-confd b/sys-apps/apparmor/files/apparmor-confd index 11058073c..1490ca728 100644 --- a/sys-apps/apparmor/files/apparmor-confd +++ b/sys-apps/apparmor/files/apparmor-confd @@ -4,11 +4,10 @@ PARSER=/sbin/apparmor_parser # Directory in which profiles are stored +# Note, subdirectories can be ignored by placing +# an empty ".ignore" file within PROFILE_DIR=/etc/apparmor.d/ -# Directories within PROFILE_DIR to be ignored -IGNORE_PROFILES=( "abstractions" "tunables" ) - # Where securityfs is/will be mounted SECURITYFS=/sys/kernel/security/apparmor diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init index 6fac7b1ac..f0e4cc5b2 100755 --- a/sys-apps/apparmor/files/apparmor-init +++ b/sys-apps/apparmor/files/apparmor-init @@ -76,18 +76,17 @@ check_config() { } get_profile_files() { - if [[ "$PROFILE_DIR" != */ ]]; then - PROFILE_DIR="${PROFILE_DIR}/" - fi - ARGS="" - LENGTH=${#IGNORE_PROFILES[@]} + IGNORES="$( find ${PROFILE_DIR} -name .ignore )" + LENGTH=$( echo "$IGNORES" | wc -l ) - for ((I=1; I <= $LENGTH; I++)); do - ARGS="${ARGS} -path ${PROFILE_DIR}${IGNORE_PROFILES[$(($I-1))]} -prune" + I=1; + for IGNORE in $IGNORES; do + ARGS="${ARGS} -path $( dirname ${IGNORE} ) -prune" if [ $LENGTH -gt 1 -a $I -lt $LENGTH ]; then ARGS="${ARGS} -o" fi + I=$(($I+1)) done if [ -z "$ARGS" ]; then @@ -132,10 +131,11 @@ load_profiles() { fi PROFILES="$(get_profile_files)" + for PROFILE in $PROFILES; do $PARSER $PARSER_ARGS $PROFILE if [ $? -ne 0 ]; then - if [ "${PARSER_ARGS}" == "replace" ]; then + if [ "${PARSER_ARGS}" = "replace" ]; then ewarn "Error loading '${PROFILE}', continuing" else eerror "Error loading '${PROFILE}', aborting" @@ -151,7 +151,8 @@ load_profiles() { remove_profiles() { PROFILES=$(get_active_profiles) for PROFILE in $PROFILES; do - echo -n "$PROFILE" > "${SECURITYFS}/.remove" + #use printf instead of echo -n for POSIX compatibility + printf "$PROFILE" > "${SECURITYFS}/.remove" done return 0 } @@ -201,8 +202,11 @@ unload_obsolete_profiles() { echo $(${PARSER} -N "$PROFILE") >> new done - for PROFILE in $(comm -2 -3 old new); do - echo -n "$PROFILE" > "${SECURITYFS}/.remove" + sort new > new_sorted + + for PROFILE in $(comm -2 -3 old new_sorted); do + #use printf instead of echo -n for POSIX compatibility + printf "$PROFILE" > "${SECURITYFS}/.remove" done rm -rf "${TEMPDIR}" |