From 94ff870f78ad32053392b19b4600b4b5584e3bfb Mon Sep 17 00:00:00 2001 From: John Johansen Date: Sat, 3 Nov 2018 16:39:49 -0700 Subject: [PATCH] remove subdomainfs support It has been over 10 years since transition from subdomainfs to using securityfs. Lets drop this deprecated code. PR: https://gitlab.com/apparmor/apparmor/merge_requests/258 Signed-off-by: John Johansen Acked-by: seth.arnold@canonical.com --- changehat/mod_apparmor/mod_apparmor.pod | 2 +- parser/Makefile | 6 +- parser/apparmor.pod | 2 +- parser/apparmor_parser.pod | 4 +- parser/parser_include.c | 68 +----------- parser/rc.apparmor.functions | 98 +---------------- parser/subdomain.conf | 53 --------- parser/subdomain.conf.pod | 104 ------------------ tests/stress/{subdomain => apparmor}/Makefile | 0 .../{subdomain => apparmor}/change_hat.c | 0 .../change_hat.profile.pre | 0 tests/stress/{subdomain => apparmor}/child.c | 0 .../{subdomain => apparmor}/child.profile.pre | 0 tests/stress/{subdomain => apparmor}/kill.sh | 0 tests/stress/{subdomain => apparmor}/open.c | 0 .../{subdomain => apparmor}/open.profile.pre | 0 .../{subdomain => apparmor}/s-2.4.20.sh | 0 tests/stress/{subdomain => apparmor}/s.sh | 0 .../{subdomain => apparmor}/sh.profile.pre | 0 .../stress/{subdomain => apparmor}/stress.sh | 0 .../{subdomain => apparmor}/stress.sh-2.4.20 | 0 .../{subdomain => apparmor}/uservars.inc | 0 utils/apparmor/config.py | 2 +- 23 files changed, 14 insertions(+), 325 deletions(-) delete mode 100644 parser/subdomain.conf delete mode 100644 parser/subdomain.conf.pod rename tests/stress/{subdomain => apparmor}/Makefile (100%) rename tests/stress/{subdomain => apparmor}/change_hat.c (100%) rename tests/stress/{subdomain => apparmor}/change_hat.profile.pre (100%) rename tests/stress/{subdomain => apparmor}/child.c (100%) rename tests/stress/{subdomain => apparmor}/child.profile.pre (100%) rename tests/stress/{subdomain => apparmor}/kill.sh (100%) rename tests/stress/{subdomain => apparmor}/open.c (100%) rename tests/stress/{subdomain => apparmor}/open.profile.pre (100%) rename tests/stress/{subdomain => apparmor}/s-2.4.20.sh (100%) rename tests/stress/{subdomain => apparmor}/s.sh (100%) rename tests/stress/{subdomain => apparmor}/sh.profile.pre (100%) rename tests/stress/{subdomain => apparmor}/stress.sh (100%) rename tests/stress/{subdomain => apparmor}/stress.sh-2.4.20 (100%) rename tests/stress/{subdomain => apparmor}/uservars.inc (100%) diff --git a/changehat/mod_apparmor/mod_apparmor.pod b/changehat/mod_apparmor/mod_apparmor.pod index f9352ee78..54f9f36d6 100644 --- a/changehat/mod_apparmor/mod_apparmor.pod +++ b/changehat/mod_apparmor/mod_apparmor.pod @@ -139,7 +139,7 @@ them at L. =head1 SEE ALSO -apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and +apparmor(7), apparmor_parser(8), aa_change_hat(2) and L. =cut diff --git a/parser/Makefile b/parser/Makefile index 73e88f5c2..558d9616b 100644 --- a/parser/Makefile +++ b/parser/Makefile @@ -30,7 +30,7 @@ SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system CONFDIR=/etc/apparmor INSTALL_CONFDIR=${DESTDIR}${CONFDIR} LOCALEDIR=/usr/share/locale -MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 aa-teardown.8 +MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8 YACC := bison YFLAGS := -d @@ -72,9 +72,6 @@ endif # Internationalization support. Define a package and a LOCALEDIR EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\" -# Compile-time configuration of the location of the config file -EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\" - SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \ parser_main.c parser_misc.c parser_merge.c parser_symtab.c \ parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \ @@ -373,7 +370,6 @@ install-arch: $(INSTALLDEPS) .PHONY: install-indep install-indep: indep install -m 755 -d $(INSTALL_CONFDIR) - install -m 644 subdomain.conf $(INSTALL_CONFDIR) install -m 644 parser.conf $(INSTALL_CONFDIR) install -m 755 -d ${DESTDIR}/var/lib/apparmor install -m 755 -d $(APPARMOR_BIN_PREFIX) diff --git a/parser/apparmor.pod b/parser/apparmor.pod index 575200290..4d731f3cb 100644 --- a/parser/apparmor.pod +++ b/parser/apparmor.pod @@ -212,7 +212,7 @@ Else, if auditd is running, see auditd(8) and auditd.conf(5). =head1 SEE ALSO apparmor_parser(8), aa_change_hat(2), apparmor.d(5), -subdomain.conf(5), aa-autodep(1), clean(1), +aa-autodep(1), clean(1), auditd(8), aa-unconfined(8), aa-enforce(1), aa-complain(1), and L. diff --git a/parser/apparmor_parser.pod b/parser/apparmor_parser.pod index bcf25f983..ede3509c6 100644 --- a/parser/apparmor_parser.pod +++ b/parser/apparmor_parser.pod @@ -179,7 +179,7 @@ defined as relative paths. Add element n to the search path when resolving #include directives defined as an absolute paths. -=item -f n, --subdomainfs n +=item -f n, --apparmorfs n Set the location of the apparmor security filesystem (default is "/sys/kernel/security/apparmor"). @@ -408,7 +408,7 @@ L. =head1 SEE ALSO -apparmor(7), apparmor.d(5), subdomain.conf(5), aa_change_hat(2), and +apparmor(7), apparmor.d(5), aa_change_hat(2), and L. =cut diff --git a/parser/parser_include.c b/parser/parser_include.c index 9fc8b83b5..d31248816 100644 --- a/parser/parser_include.c +++ b/parser/parser_include.c @@ -17,21 +17,21 @@ * along with this program; if not, contact Canonical, Ltd. */ -/* Handle subdomain includes, as a straight forward preprocessing phase. +/* Handle apparmor includes, as a straight forward preprocessing phase. While we are at it we will strip comments. Why? because it made it easier. We support 2 types of includes #include which searches for the first occurance of name in the - subdomain directory path. + apparmor directory path. #include "name" which will search for a relative or absolute pathed file -p : preprocess only. Dump output to stdout -I path : add a path to be search by #include < > --b path : set the base path to something other than /etc/subdomain.d +-b path : set the base path to something other than /etc/apparmor.d */ @@ -57,13 +57,6 @@ /* maximum depth of nesting */ #define MAX_NEST_LEVEL 100 -/* Location of the subdomain.conf file */ -#ifdef SUBDOMAIN_CONFDIR -#define SUBDOMAIN_CONF SUBDOMAIN_CONFDIR "/subdomain.conf" -#else /* !defined SUBDOMAIN_CONFDIR */ -#define SUBDOMAIN_CONF "/etc/subdomain.conf" -#endif /* SUBDOMAIN_CONFDIR */ - static char *path[MAX_PATH] = { NULL }; static int npath = 0; @@ -71,12 +64,11 @@ static int fgetline(FILE * f, char *buffer, size_t len); static int stripcomment(char *s); static char *stripblanks(char *s); -/* default base directory is /etc/subdomain.d, it can be overriden +/* default base directory is /etc/apparmor.d, it can be overriden with the -b option. */ const char *basedir; static const char *default_basedir = "/etc/apparmor.d"; -static const char *old_basedir = "/etc/subdomain.d"; /* set up basedir so that it can be overridden/used later. */ @@ -94,12 +86,6 @@ void init_base_dir(void) basedir = default_basedir; return; } - - rc = stat(old_basedir, &sbuf); - if (rc == 0 && S_ISDIR(sbuf.st_mode)) { - basedir = old_basedir; - return; - } } /* Set the base dir. Used to change default path for relative includes */ @@ -164,53 +150,9 @@ int add_search_dir(const char *dir) return 1; } -/* Parse Subdomain.conf and put the default dirs in place. - - subdomain.conf is a shell sourcable file - we only parse entries starting with - SUBDOMAIN_PATH= - - if there are multiple entries with SUBDOMAIN_PATH= - each will get added. - - SUBDOMAIN_PATH=/etc/subdomain.d:/etc/subdomain.d/include - is the same as - SUBDOMAIN_PATH=/etc/subdomain.d - SUBDOMAIN_PATH=/etc/subdomain.d/include */ void parse_default_paths(void) { - autofclose FILE *f; - char buf[1024]; - char *t, *s; - int saved_npath = npath; - - f = fopen(SUBDOMAIN_CONF, "r"); - if (f == NULL) - goto out; - - memset(buf, 0, sizeof(buf)); - - while (fgetline(f, buf, 1024)) { - if (stripcomment(buf) && (t = strstr(buf, "SUBDOMAIN_PATH="))) { - t += 15; - /* handle : separating path elements */ - do { - s = strchr(t, ':'); - if (s) - *s = 0; - if (!add_search_dir(stripblanks(t))) - break; - if (s) - t = s + 1; - } while (s != NULL); - } - } - - /* if subdomain.conf doesn't set a base search dir set it to this */ -out: - if (npath - saved_npath == 0) { - add_search_dir(basedir); - } + add_search_dir(basedir); } FILE *search_path(char *filename, char **fullpath) diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions index 3a25108ec..8201a9b35 100644 --- a/parser/rc.apparmor.functions +++ b/parser/rc.apparmor.functions @@ -33,25 +33,12 @@ CONFIG_DIR=/etc/apparmor MODULE=apparmor -OLD_MODULE=subdomain if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf" -elif [ -f "${CONFIG_DIR}/${OLD_MODULE}.conf" ] ; then - APPARMOR_CONF="${CONFIG_DIR}/${OLD_MODULE}.conf" -elif [ -f "/etc/immunix/subdomain.conf" ] ; then - aa_log_warning_msg "/etc/immunix/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead" - APPARMOR_CONF="/etc/immunix/subdomain.conf" -elif [ -f "/etc/subdomain.conf" ] ; then - aa_log_warning_msg "/etc/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead" - APPARMOR_CONF="/etc/subdomain.conf" else aa_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?" fi -# Read configuration options from /etc/subdomain.conf, default is to -# warn if subdomain won't load. -SUBDOMAIN_MODULE_PANIC="warn" -SUBDOMAIN_ENABLE_OWLSM="no" APPARMOR_ENABLE_AAEVENTD="no" if [ -f "${APPARMOR_CONF}" ] ; then @@ -61,28 +48,18 @@ fi PARSER=/sbin/apparmor_parser -# SUBDOMAIN_DIR and APPARMOR_DIR might be defined in subdomain.conf|apparmor.conf +# APPARMOR_DIR might be defined in apparmor.conf if [ -d "${APPARMOR_DIR}" ] ; then PROFILE_DIR=${APPARMOR_DIR} -elif [ -d "${SUBDOMAIN_DIR}" ] ; then - PROFILE_DIR=${SUBDOMAIN_DIR} elif [ -d /etc/apparmor.d ] ; then PROFILE_DIR=/etc/apparmor.d -elif [ -d /etc/subdomain.d ] ; then - PROFILE_DIR=/etc/subdomain.d fi ABSTRACTIONS="-I${PROFILE_DIR}" AA_EV_BIN=/usr/sbin/aa-eventd AA_EV_PIDFILE=/var/run/aa-eventd.pid AA_STATUS=/usr/sbin/aa-status -SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl -SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid -SD_STATUS=/usr/sbin/subdomain_status SECURITYFS=/sys/kernel/security -SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab | \ - sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null) - # keep exit status from parser during profile load. 0 is good, 1 is bad STATUS=0 @@ -96,9 +73,6 @@ is_apparmor_present() { shift done - # check for subdomainfs version of module - grep -qE "^($modules)[[:space:]]" /proc/modules - [ $? -ne 0 -a -d /sys/module/apparmor ] return $? @@ -249,44 +223,17 @@ failstop_system() { return 255 } -module_panic() { - # the module failed to load, determine what action should be taken - - case "$SUBDOMAIN_MODULE_PANIC" in - "warn"|"WARN") - return 1 ;; - "panic"|"PANIC") failstop_system - rc=$? - return $rc ;; - *) aa_log_failure_msg "- invalid AppArmor module fail option" - return 255 ;; - esac -} - is_apparmor_loaded() { if ! is_securityfs_mounted ; then mount_securityfs fi - mount_subdomainfs - if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}" return 0 fi - if [ -f "${SECURITYFS}/${OLD_MODULE}/profiles" ]; then - SFS_MOUNTPOINT="${SECURITYFS}/${OLD_MODULE}" - return 0 - fi - - if [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then - SFS_MOUNTPOINT=${SUBDOMAINFS_MOUNTPOINT} - return 0 - fi - - # check for subdomainfs version of module - is_apparmor_present apparmor subdomain + is_apparmor_present apparmor return $? } @@ -305,26 +252,6 @@ mount_securityfs() { return 0 } - -mount_subdomainfs() { - # for backwords compatibility - if grep -q subdomainfs /proc/filesystems && \ - ! grep -q subdomainfs /proc/mounts && \ - [ -n "${SUBDOMAINFS_MOUNTPOINT}" ]; then - aa_action "Mounting subdomainfs on ${SUBDOMAINFS_MOUNTPOINT}" \ - mount "${SUBDOMAINFS_MOUNTPOINT}" - return $? - fi - return 0 -} - -unmount_subdomainfs() { - SUBDOMAINFS=$(grep subdomainfs /proc/mounts | cut -d" " -f2 2> /dev/null) - if [ -n "${SUBDOMAINFS}" ]; then - aa_action "Unmounting subdomainfs" umount ${SUBDOMAINFS} - fi -} - apparmor_start() { aa_log_daemon_msg "Starting AppArmor" if ! is_apparmor_present ; then @@ -358,7 +285,7 @@ apparmor_start() { remove_profiles() { - # removing profiles as we directly read from subdomainfs + # removing profiles as we directly read from apparmorfs # doesn't work, since we are removing entries which screws up # our position. Lets hope there are never enough profiles to # overflow the variable @@ -406,11 +333,8 @@ apparmor_kill() { return 1 fi - unmount_subdomainfs if is_apparmor_present apparmor ; then MODULE=apparmor - elif is_apparmor_present subdomain ; then - MODULE=subdomain else aa_log_failure_msg "AppArmor is builtin" return 1 @@ -457,27 +381,11 @@ apparmor_try_restart() { return $? } -configure_owlsm () { - if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then - # Sigh, the "sh -c" is necessary for the SuSE aa_action - # and it can't be abstracted out as a seperate function, as - # that breaks under RedHat's action, which needs a - # binary to invoke. - aa_action "Enabling OWLSM extension" sh -c "echo -n \"1\" > \"${SFS_MOUNTPOINT}/control/owlsm\"" - elif [ -f "${SFS_MOUNTPOINT}/control/owlsm" ] ; then - aa_action "Disabling OWLSM extension" sh -c "echo -n \"0\" > \"${SFS_MOUNTPOINT}/control/owlsm\"" - fi -} - apparmor_status () { if test -x ${AA_STATUS} ; then ${AA_STATUS} --verbose return $? fi - if test -x ${SD_STATUS} ; then - ${SD_STATUS} --verbose - return $? - fi if ! is_apparmor_loaded ; then echo "AppArmor is not loaded." rc=1 diff --git a/parser/subdomain.conf b/parser/subdomain.conf deleted file mode 100644 index 20e7cab91..000000000 --- a/parser/subdomain.conf +++ /dev/null @@ -1,53 +0,0 @@ -# subdomain.conf is a shared AppArmor configuration file that is sh sourcable. - -################## AppArmor init.d configuration ################ - -# Move this to /etc/sysconfig/apparmor eventually -## Path: System/AppArmor -## Description: Enable the OWLSM extension to AppArmor -## Type: yesno -## Default: no -# -# Enable OWLSM extension to AppArmor? -# OWLSM is an extension to AppArmor that prevents processes from -# following symlinks they don't own and creating hardlinks to files they -# don't own, in an attempt to prevent /tmp race attacks. However, OWLSM -# can break some applications, so is disabled by default. -SUBDOMAIN_ENABLE_OWLSM="no" - -## Path: System/AppArmor -## Description: Enable the AppArmor event daemon for reporting -## Type: yesno -## Default: no -# -# Enable the AppArmor event daemon for reporting? -APPARMOR_ENABLE_AAEVENTD="no" - -#SUBDOMAIN_MODULE_PANIC=XXX -#This option controls how subdomain behaves when the init script attempts -#to load the AppArmor module and fails. There are 4 options -#warn - log a failure message. (default behavior) -#build - attempt to build the AppArmor module is the module can't be loaded. -# If successful -# the module will be built for the running kernel and loaded. -# If the build fails -# a failure message is logged -#panic - If the AppArmor module fails to load -# a failure message will be logged -# and the machine will drop to runlevel 1 (single user) -#build-panic - If the AppArmor module fails to load -# attempt to build the module -# If building the module fails -# panic (drop to runlevel 1) - -#SUBDOMAIN_MODULE_PANIC=warn - -################## subdomain_parser configuration ################ - -#SUBDOMAIN_PATH=XXXX -#This option specifies the include path that the subdomain_parser will -#use by default. If no entry is specified /etc/subdomain.d is used by -#default. - -#SUBDOMAIN_PATH=/etc/subdomain.d - diff --git a/parser/subdomain.conf.pod b/parser/subdomain.conf.pod deleted file mode 100644 index b38f7488c..000000000 --- a/parser/subdomain.conf.pod +++ /dev/null @@ -1,104 +0,0 @@ -# ---------------------------------------------------------------------- -# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, -# 2008, 2009 -# NOVELL (All rights reserved) -# -# Copyright (c) 2010 - 2012 -# Canonical Ltd. (All rights reserved) -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, contact Novell, Inc. -# ---------------------------------------------------------------------- - - -=pod - -=head1 NAME - -/etc/apparmor/subdomain.conf - configuration file for fine-tuning the -behavior of the AppArmor security tool. - -=head1 DESCRIPTION - -The AppArmor security tool can be configured to have -certain default behaviors based on configuration options set -in subdomain.conf. There are two variables that can be set in -subdomain.conf: B, and B. - -=begin comment - -FIXME keep quiet about OWLSM support for now. - -=head2 SUBDOMAIN_ENABLE_OWLSM - -This veriable is a yes/no toggle and is by default set to I. - -This variable determines whether the AppArmor initscript will enable -or disable the OWLsm security extension to AppArmor when the AppArmor -security tool is started. When enabled the OWLsm feature prevents programs -from following symlinks in temporary directories that are not owned by -the program's UID, and prevents processes from creating hardlinks to -files not owned by their UID. - -=end comment - -=head2 SUBDOMAIN_PATH - -This variable accepts a string (path), and is by default set to -'/etc/apparmor.d/' This variable defines where the AppArmor security -tool looks for its policy definitions (a.k.a. AppArmor profiles). - -=head2 SUBDOMAIN_MODULE_PANIC - -This variable accepts a string that is one of four values: I, -I, I, or I, and is set by default to I. - -This setting controls the behavior of the AppArmor initscript if it -cannot successfully load the AppArmor kernel module on startup. The four -possible settings are: - -=over 4 - -=item I - -Log a failure message (the default behavior). - -=item I - -Attempt to build the AppArmor module against the currently running -kernel. If the compilation is successful, the module will be loaded and -AppArmor started; if the compilation fails, a failure message is logged. - -=item I - -Log a failure message and drop to runlevel 1 (single user). - -=item I - -Attempt to build the module against the running kernel (like I) -and if the compilation fails, drop to runlevel 1 (single user). - -=back - -=head1 BUGS - -Setting the initscript to recompile the module will fail on SUSE, as the -module source is no longer installed by default. However, the module has -been included with the SUSE kernel, so no rebuilding should be necessary. - -If you find any additional bugs, please report them at -L. - -=head1 SEE ALSO - -apparmor(7), apparmor_parser(8), and -L. diff --git a/tests/stress/subdomain/Makefile b/tests/stress/apparmor/Makefile similarity index 100% rename from tests/stress/subdomain/Makefile rename to tests/stress/apparmor/Makefile diff --git a/tests/stress/subdomain/change_hat.c b/tests/stress/apparmor/change_hat.c similarity index 100% rename from tests/stress/subdomain/change_hat.c rename to tests/stress/apparmor/change_hat.c diff --git a/tests/stress/subdomain/change_hat.profile.pre b/tests/stress/apparmor/change_hat.profile.pre similarity index 100% rename from tests/stress/subdomain/change_hat.profile.pre rename to tests/stress/apparmor/change_hat.profile.pre diff --git a/tests/stress/subdomain/child.c b/tests/stress/apparmor/child.c similarity index 100% rename from tests/stress/subdomain/child.c rename to tests/stress/apparmor/child.c diff --git a/tests/stress/subdomain/child.profile.pre b/tests/stress/apparmor/child.profile.pre similarity index 100% rename from tests/stress/subdomain/child.profile.pre rename to tests/stress/apparmor/child.profile.pre diff --git a/tests/stress/subdomain/kill.sh b/tests/stress/apparmor/kill.sh similarity index 100% rename from tests/stress/subdomain/kill.sh rename to tests/stress/apparmor/kill.sh diff --git a/tests/stress/subdomain/open.c b/tests/stress/apparmor/open.c similarity index 100% rename from tests/stress/subdomain/open.c rename to tests/stress/apparmor/open.c diff --git a/tests/stress/subdomain/open.profile.pre b/tests/stress/apparmor/open.profile.pre similarity index 100% rename from tests/stress/subdomain/open.profile.pre rename to tests/stress/apparmor/open.profile.pre diff --git a/tests/stress/subdomain/s-2.4.20.sh b/tests/stress/apparmor/s-2.4.20.sh similarity index 100% rename from tests/stress/subdomain/s-2.4.20.sh rename to tests/stress/apparmor/s-2.4.20.sh diff --git a/tests/stress/subdomain/s.sh b/tests/stress/apparmor/s.sh similarity index 100% rename from tests/stress/subdomain/s.sh rename to tests/stress/apparmor/s.sh diff --git a/tests/stress/subdomain/sh.profile.pre b/tests/stress/apparmor/sh.profile.pre similarity index 100% rename from tests/stress/subdomain/sh.profile.pre rename to tests/stress/apparmor/sh.profile.pre diff --git a/tests/stress/subdomain/stress.sh b/tests/stress/apparmor/stress.sh similarity index 100% rename from tests/stress/subdomain/stress.sh rename to tests/stress/apparmor/stress.sh diff --git a/tests/stress/subdomain/stress.sh-2.4.20 b/tests/stress/apparmor/stress.sh-2.4.20 similarity index 100% rename from tests/stress/subdomain/stress.sh-2.4.20 rename to tests/stress/apparmor/stress.sh-2.4.20 diff --git a/tests/stress/subdomain/uservars.inc b/tests/stress/apparmor/uservars.inc similarity index 100% rename from tests/stress/subdomain/uservars.inc rename to tests/stress/apparmor/uservars.inc diff --git a/utils/apparmor/config.py b/utils/apparmor/config.py index 64334c9b7..b8fcc0d38 100644 --- a/utils/apparmor/config.py +++ b/utils/apparmor/config.py @@ -40,7 +40,7 @@ from apparmor.common import AppArmorException, open_file_read # , warn, msg, # CFG = None # REPO_CFG = None -# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf', 'subdomain.conf'] +# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf'] class Config(object): def __init__(self, conf_type, conf_dir='/etc/apparmor'): self.CONF_DIR = conf_dir