This patch converts some of the internal references from subdomain to
apparmor (and s/sd/aa/ as well). Variables referenced in
/etc/apparmor/subdomain.conf (which also needs to be renamed) are not
renamed.
[This is a slight update to a patch originally by jjohansen@suse.de]
The ability of the rcapparmor initscript to rebuild the apparmor module
if attmepts to load the module failed had been broken for a while; this
patch rips out the option altogether. The ability to drop to runlevel
1 if the apparmor module can't be loaded is still available, if not
recently tested.
This patch, based on prior versions by jjohansen@suse.de, reworks the
rcapparmor initscript to support apparmor as a kernel builtin, instead
of just a module.
In the recent fixups for Ubuntu/Debian, .dpkg-new files got added to the
set of profile names that get ignored. Alas, that only got added in one
of two locations in the initscript; this patch fixes that by making a
common test function that both locations use.
Move the autodep(8), complain(8), enforce(8), logprof(8), genprof(8),
unconfined(8), logprof.conf(5), and apparmor_status(8) manpages, along
with their aa- form symlinks, to the utils package.
Move the apparmor.d(5), apparmor(7), apparmor_parser(8),
subdomain.conf(5) and apparmor.vim(5) (for lack of a better location)
into the apparmor-parser package.
This patch moves the make rules used to generate man pages and their
html counterparts from the docs package to the common/ directory, so
that all packages can make use of them. It also makes the immunix.css
stylesheet available via the common/ dir, renaming it to apparmor.css.
extra perl warnings about using an uninitialized value in a pattern
match when the user uses the arrow keys to move up and down in the option
list when asking how to handle path access rules. This makes sure the
variables used in m// operations are always defined.
file that prevented it from working correctly on systems where /bin/sh
isn't bash, and is probably more readable to boot. It still will parse
things properly when confined binaries or thier corresponding profiles
contain spaces in their names.
Fix based on feedback and patches from Arkadiusz Miskiewicz
<arekm@maven.pl>/PLD and Kees Cook/Ubuntu.
