remove subdomainfs support

It has been over 10 years since transition from subdomainfs to
using securityfs. Lets drop this deprecated code.

PR: https://gitlab.com/apparmor/apparmor/merge_requests/258
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: seth.arnold@canonical.com

changehat/mod_apparmor/mod_apparmor.pod

@@ -139,7 +139,7 @@ them at L<https://bugs.launchpad.net/apparmor/+filebug>.
 
 =head1 SEE ALSO
 
-apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and
+apparmor(7), apparmor_parser(8), aa_change_hat(2) and
 L<https://wiki.apparmor.net>.
 
 =cut

parser/Makefile

@@ -30,7 +30,7 @@ SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system
 CONFDIR=/etc/apparmor
 INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
 LOCALEDIR=/usr/share/locale
-MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 aa-teardown.8
+MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8
 
 YACC	:= bison
 YFLAGS	:= -d
@@ -72,9 +72,6 @@ endif
 # Internationalization support. Define a package and a LOCALEDIR
 EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
 
-# Compile-time configuration of the location of the config file
-EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\"
-
 SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
        parser_main.c parser_misc.c parser_merge.c parser_symtab.c \
        parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
@@ -373,7 +370,6 @@ install-arch: $(INSTALLDEPS)
 .PHONY: install-indep
 install-indep: indep
 	install -m 755 -d $(INSTALL_CONFDIR)
-	install -m 644 subdomain.conf $(INSTALL_CONFDIR)
 	install -m 644 parser.conf $(INSTALL_CONFDIR)
 	install -m 755 -d ${DESTDIR}/var/lib/apparmor
 	install -m 755 -d $(APPARMOR_BIN_PREFIX)

parser/apparmor.pod

@@ -212,7 +212,7 @@ Else, if auditd is running, see auditd(8) and auditd.conf(5).
 =head1 SEE ALSO
 
 apparmor_parser(8), aa_change_hat(2), apparmor.d(5),
-subdomain.conf(5), aa-autodep(1), clean(1),
+aa-autodep(1), clean(1),
 auditd(8),
 aa-unconfined(8), aa-enforce(1), aa-complain(1), and
 L<https://wiki.apparmor.net>.

parser/apparmor_parser.pod

@@ -179,7 +179,7 @@ defined as relative paths.
 Add element n to the search path when resolving #include directives
 defined as an absolute paths.
 
-=item -f n, --subdomainfs n
+=item -f n, --apparmorfs n
 
 Set the location of the apparmor security filesystem (default is
 "/sys/kernel/security/apparmor").
@@ -408,7 +408,7 @@ L<https://bugs.launchpad.net/apparmor/+filebug>.
 
 =head1 SEE ALSO
 
-apparmor(7), apparmor.d(5), subdomain.conf(5), aa_change_hat(2), and
+apparmor(7), apparmor.d(5), aa_change_hat(2), and
 L<https://wiki.apparmor.net>.
 
 =cut

parser/parser_include.c

@@ -17,21 +17,21 @@
  *   along with this program; if not, contact Canonical, Ltd.
  */
 
-/* Handle subdomain includes, as a straight forward preprocessing phase.
+/* Handle apparmor includes, as a straight forward preprocessing phase.
    While we are at it we will strip comments.  Why? because it made it
    easier.
 
    We support 2 types of includes
 
 #include <name> which searches for the first occurance of name in the
-   subdomain directory path.
+   apparmor directory path.
 
 #include "name" which will search for a relative or absolute pathed
    file
 
 -p : preprocess only.  Dump output to stdout
 -I path : add a path to be search by #include < >
--b path : set the base path to something other than /etc/subdomain.d
+-b path : set the base path to something other than /etc/apparmor.d
 
 */
 
@@ -57,13 +57,6 @@
 /* maximum depth of nesting */
 #define MAX_NEST_LEVEL 100
 
-/* Location of the subdomain.conf file */
-#ifdef SUBDOMAIN_CONFDIR
-#define SUBDOMAIN_CONF SUBDOMAIN_CONFDIR "/subdomain.conf"
-#else	/* !defined SUBDOMAIN_CONFDIR */
-#define SUBDOMAIN_CONF "/etc/subdomain.conf"
-#endif	/* SUBDOMAIN_CONFDIR */
-
 static char *path[MAX_PATH] = { NULL };
 static int npath = 0;
 
@@ -71,12 +64,11 @@ static int fgetline(FILE * f, char *buffer, size_t len);
 static int stripcomment(char *s);
 static char *stripblanks(char *s);
 
-/* default base directory is /etc/subdomain.d, it can be overriden
+/* default base directory is /etc/apparmor.d, it can be overriden
    with the -b option. */
 
 const char *basedir;
 static const char *default_basedir = "/etc/apparmor.d";
-static const char *old_basedir = "/etc/subdomain.d";
 
 
 /* set up basedir so that it can be overridden/used later. */
@@ -94,12 +86,6 @@ void init_base_dir(void)
 		basedir = default_basedir;
 		return;
 	}
-
-	rc = stat(old_basedir, &sbuf);
-	if (rc == 0 && S_ISDIR(sbuf.st_mode)) {
-		basedir = old_basedir;
-		return;
-	}
 }
 
 /* Set the base dir.  Used to change default path for relative includes */
@@ -164,53 +150,9 @@ int add_search_dir(const char *dir)
 	return 1;
 }
 
-/* Parse Subdomain.conf and put the default dirs in place.  
-
-   subdomain.conf is a shell sourcable file
-   we only parse entries starting with
-   SUBDOMAIN_PATH=
-
-   if there are multiple entries with SUBDOMAIN_PATH=
-   each will get added.
-
-   SUBDOMAIN_PATH=/etc/subdomain.d:/etc/subdomain.d/include
-   is the same as
-   SUBDOMAIN_PATH=/etc/subdomain.d
-   SUBDOMAIN_PATH=/etc/subdomain.d/include */
 void parse_default_paths(void)
 {
-	autofclose FILE *f;
-	char buf[1024];
-	char *t, *s;
-	int saved_npath = npath;
-
-	f = fopen(SUBDOMAIN_CONF, "r");
-	if (f == NULL)
-		goto out;
-
-	memset(buf, 0, sizeof(buf));
-
-	while (fgetline(f, buf, 1024)) {
-		if (stripcomment(buf) && (t = strstr(buf, "SUBDOMAIN_PATH="))) {
-			t += 15;
-			/* handle : separating path elements */
-			do {
-				s = strchr(t, ':');
-				if (s)
-					*s = 0;
-				if (!add_search_dir(stripblanks(t)))
-					break;
-				if (s)
-					t = s + 1;
-			} while (s != NULL);
-		}
-	}
-
-	/* if subdomain.conf doesn't set a base search dir set it to this */
-out:
-	if (npath - saved_npath == 0) {
-		add_search_dir(basedir);
-	}
+	add_search_dir(basedir);
 }
 
 FILE *search_path(char *filename, char **fullpath)

parser/rc.apparmor.functions

@@ -33,25 +33,12 @@
 
 CONFIG_DIR=/etc/apparmor
 MODULE=apparmor
-OLD_MODULE=subdomain
 if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then
 	APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf"
-elif [ -f "${CONFIG_DIR}/${OLD_MODULE}.conf" ] ; then
-	APPARMOR_CONF="${CONFIG_DIR}/${OLD_MODULE}.conf"
-elif [ -f "/etc/immunix/subdomain.conf" ] ; then
-	aa_log_warning_msg "/etc/immunix/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead"
-	APPARMOR_CONF="/etc/immunix/subdomain.conf"
-elif [ -f "/etc/subdomain.conf" ] ; then
-	aa_log_warning_msg "/etc/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead"
-	APPARMOR_CONF="/etc/subdomain.conf"
 else
 	aa_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?"
 fi
 
-# Read configuration options from /etc/subdomain.conf, default is to
-# warn if subdomain won't load.
-SUBDOMAIN_MODULE_PANIC="warn"
-SUBDOMAIN_ENABLE_OWLSM="no"
 APPARMOR_ENABLE_AAEVENTD="no"
 
 if [ -f "${APPARMOR_CONF}" ] ; then
@@ -61,28 +48,18 @@ fi
 
 PARSER=/sbin/apparmor_parser
 
-# SUBDOMAIN_DIR and APPARMOR_DIR might be defined in subdomain.conf|apparmor.conf
+# APPARMOR_DIR might be defined in apparmor.conf
 if [ -d "${APPARMOR_DIR}" ] ; then
 	PROFILE_DIR=${APPARMOR_DIR}
-elif [ -d "${SUBDOMAIN_DIR}" ] ; then
-	PROFILE_DIR=${SUBDOMAIN_DIR}
 elif [ -d /etc/apparmor.d ] ; then
 	PROFILE_DIR=/etc/apparmor.d
-elif [ -d /etc/subdomain.d ] ; then
-	PROFILE_DIR=/etc/subdomain.d
 fi
 ABSTRACTIONS="-I${PROFILE_DIR}"
 AA_EV_BIN=/usr/sbin/aa-eventd
 AA_EV_PIDFILE=/var/run/aa-eventd.pid
 AA_STATUS=/usr/sbin/aa-status
-SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl
-SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid
-SD_STATUS=/usr/sbin/subdomain_status
 SECURITYFS=/sys/kernel/security
 
-SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab  | \
-	sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
-
 # keep exit status from parser during profile load.  0 is good, 1 is bad
 STATUS=0
 
@@ -96,9 +73,6 @@ is_apparmor_present() {
 		shift
 	done
 
-	# check for subdomainfs version of module
-	grep -qE "^($modules)[[:space:]]" /proc/modules
-
 	[ $? -ne 0 -a -d /sys/module/apparmor ]
 
 	return $?
@@ -249,44 +223,17 @@ failstop_system() {
 	return 255
 }
 
-module_panic() {
-	# the module failed to load, determine what action should be taken
-
-	case "$SUBDOMAIN_MODULE_PANIC" in
-		"warn"|"WARN")
-			return 1 ;;
-		"panic"|"PANIC") failstop_system
-			rc=$?
-			return $rc ;;
-		*) aa_log_failure_msg "- invalid AppArmor module fail option"
-			return 255 ;;
-	esac
-}
-
 is_apparmor_loaded() {
 	if ! is_securityfs_mounted ; then
 		mount_securityfs
 	fi
 
-	mount_subdomainfs
-
 	if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then
 		SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
 		return 0
 	fi
 
-	if [ -f "${SECURITYFS}/${OLD_MODULE}/profiles" ]; then
-		SFS_MOUNTPOINT="${SECURITYFS}/${OLD_MODULE}"
-		return 0
-	fi
-
-	if [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then
-		SFS_MOUNTPOINT=${SUBDOMAINFS_MOUNTPOINT}
-		return 0
-	fi
-
-	# check for subdomainfs version of module
-	is_apparmor_present apparmor subdomain
+	is_apparmor_present apparmor
 
 	return $?
 }
@@ -305,26 +252,6 @@ mount_securityfs() {
 	return 0
 }
 
-
-mount_subdomainfs() {
-	# for backwords compatibility
-	if grep -q subdomainfs /proc/filesystems && \
-	   ! grep -q subdomainfs /proc/mounts && \
-	   [ -n "${SUBDOMAINFS_MOUNTPOINT}" ]; then
-		aa_action "Mounting subdomainfs on ${SUBDOMAINFS_MOUNTPOINT}" \
-				mount "${SUBDOMAINFS_MOUNTPOINT}"
-		return $?
-	fi
-	return 0
-}
-
-unmount_subdomainfs() {
-	SUBDOMAINFS=$(grep subdomainfs /proc/mounts  | cut -d" " -f2 2> /dev/null)
-	if [ -n "${SUBDOMAINFS}" ]; then
-		aa_action "Unmounting subdomainfs" umount ${SUBDOMAINFS}
-	fi
-}
-
 apparmor_start() {
 	aa_log_daemon_msg "Starting AppArmor"
 	if ! is_apparmor_present ; then
@@ -358,7 +285,7 @@ apparmor_start() {
 
 remove_profiles() {
 
-	# removing profiles as we directly read from subdomainfs
+	# removing profiles as we directly read from apparmorfs
 	# doesn't work, since we are removing entries which screws up
 	# our position.  Lets hope there are never enough profiles to
 	# overflow the variable
@@ -406,11 +333,8 @@ apparmor_kill() {
 		return 1
 	fi
 
-	unmount_subdomainfs
 	if is_apparmor_present apparmor ; then
 		MODULE=apparmor
-	elif is_apparmor_present subdomain ; then
-		MODULE=subdomain
 	else
 		aa_log_failure_msg "AppArmor is builtin"
 		return 1
@@ -457,27 +381,11 @@ apparmor_try_restart() {
 	return $?
 }
 
-configure_owlsm () {
-	if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then
-		# Sigh, the "sh -c" is necessary for the SuSE aa_action
-		# and it can't be abstracted out as a seperate function, as
-		# that breaks under RedHat's action, which needs a
-		# binary to invoke.
-		aa_action "Enabling OWLSM extension" sh -c "echo -n \"1\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
-	elif [ -f "${SFS_MOUNTPOINT}/control/owlsm" ] ; then
-		aa_action "Disabling OWLSM extension" sh -c "echo -n \"0\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
-	fi
-}
-
 apparmor_status () {
 	if test -x ${AA_STATUS} ; then
 		${AA_STATUS} --verbose
 		return $?
 	fi
-	if test -x ${SD_STATUS} ; then
-		${SD_STATUS} --verbose
-		return $?
-	fi
 	if ! is_apparmor_loaded ; then
 		echo "AppArmor is not loaded."
 		rc=1

parser/subdomain.conf

@@ -1,53 +0,0 @@
-# subdomain.conf is a shared AppArmor configuration file that is sh sourcable.
-
-################## AppArmor init.d configuration ################
-
-# Move this to /etc/sysconfig/apparmor eventually
-## Path: 	System/AppArmor
-## Description: Enable the OWLSM extension to AppArmor
-## Type: 	yesno
-## Default:	no
-#
-# Enable OWLSM extension to AppArmor?
-# OWLSM is an extension to AppArmor that prevents processes from
-# following symlinks they don't own and creating hardlinks to files they
-# don't own, in an attempt to prevent /tmp race attacks. However, OWLSM
-# can break some applications, so is disabled by default.
-SUBDOMAIN_ENABLE_OWLSM="no"
-
-## Path: 	System/AppArmor
-## Description: Enable the AppArmor event daemon for reporting
-## Type: 	yesno
-## Default:	no
-#
-# Enable the AppArmor event daemon for reporting?
-APPARMOR_ENABLE_AAEVENTD="no"
-
-#SUBDOMAIN_MODULE_PANIC=XXX
-#This option controls how subdomain behaves when the init script attempts
-#to load the AppArmor module and fails.  There are 4 options
-#warn  - log a failure message. (default behavior)
-#build - attempt to build the AppArmor module is the module can't be loaded.
-#        If successful
-#           the module will be built for the running kernel and loaded.
-#        If the build fails
-#           a failure message is logged
-#panic - If the AppArmor module fails to load
-#           a failure message will be logged
-#           and the machine will drop to runlevel 1 (single user)
-#build-panic - If the AppArmor module fails to load
-#                 attempt to build the module
-#                 If building the module fails
-#                    panic (drop to runlevel 1)  
-
-#SUBDOMAIN_MODULE_PANIC=warn
-
-################## subdomain_parser configuration ################
-
-#SUBDOMAIN_PATH=XXXX
-#This option specifies the include path that the subdomain_parser will
-#use by default.  If no entry is specified /etc/subdomain.d is used by
-#default.
-
-#SUBDOMAIN_PATH=/etc/subdomain.d
-

parser/subdomain.conf.pod

@@ -1,104 +0,0 @@
-# ----------------------------------------------------------------------
-#    Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
-#                  2008, 2009
-#    NOVELL (All rights reserved)
-#
-#    Copyright (c) 2010 - 2012
-#    Canonical Ltd. (All rights reserved)
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-
-
-=pod
-
-=head1 NAME
-
-/etc/apparmor/subdomain.conf - configuration file for fine-tuning the
-behavior of the AppArmor security tool.
-
-=head1 DESCRIPTION
-
-The AppArmor security tool can be configured to have
-certain default behaviors based on configuration options set
-in subdomain.conf. There are two variables that can be set in
-subdomain.conf: B<SUBDOMAIN_PATH>, and B<SUBDOMAIN_MODULE_PANIC>.
-
-=begin comment
-
-FIXME keep quiet about OWLSM support for now.
-
-=head2 SUBDOMAIN_ENABLE_OWLSM
-
-This veriable is a yes/no toggle and is by default set to I<no>.
-
-This variable determines whether the AppArmor initscript will enable
-or disable the OWLsm security extension to AppArmor when the AppArmor
-security tool is started. When enabled the OWLsm feature prevents programs
-from following symlinks in temporary directories that are not owned by
-the program's UID, and prevents processes from creating hardlinks to
-files not owned by their UID.
-
-=end comment
-
-=head2 SUBDOMAIN_PATH
-
-This variable accepts a string (path), and is by default set to
-'/etc/apparmor.d/' This variable defines where the AppArmor security
-tool looks for its policy definitions (a.k.a. AppArmor profiles).
-
-=head2 SUBDOMAIN_MODULE_PANIC
-
-This variable accepts a string that is one of four values: I<warn>,
-I<build>, I<panic>, or I<build-panic>, and is set by default to I<warn>. 
-
-This setting controls the behavior of the AppArmor initscript if it
-cannot successfully load the AppArmor kernel module on startup. The four
-possible settings are:
-
-=over 4
-
-=item I<warn> 
-
-Log a failure message (the default behavior).
-
-=item I<build> 
-
-Attempt to build the AppArmor module against the currently running
-kernel. If the compilation is successful, the module will be loaded and
-AppArmor started; if the compilation fails, a failure message is logged.
-
-=item I<panic> 
-
-Log a failure message and drop to runlevel 1 (single user).
-
-=item I<build-panic>
-
-Attempt to build the module against the running kernel (like I<build>)
-and if the compilation fails, drop to runlevel 1 (single user).
-
-=back
-
-=head1 BUGS
-
-Setting the initscript to recompile the module will fail on SUSE, as the
-module source is no longer installed by default. However, the module has
-been included with the SUSE kernel, so no rebuilding should be necessary.
-
-If you find any additional bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
-
-=head1 SEE ALSO
-
-apparmor(7), apparmor_parser(8), and
-L<https://wiki.apparmor.net>.

utils/apparmor/config.py

@@ -40,7 +40,7 @@ from apparmor.common import AppArmorException, open_file_read  # , warn, msg,
 
 # CFG = None
 # REPO_CFG = None
-# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf', 'subdomain.conf']
+# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf']
 class Config(object):
     def __init__(self, conf_type, conf_dir='/etc/apparmor'):
         self.CONF_DIR = conf_dir