[systemd-bugs] [Bug 63312] Apparmor support in ConditionSecurity

Thu May 16 12:12:43 PDT 2013

https://bugs.freedesktop.org/show_bug.cgi?id=63312

Lennart Poettering <lennart at poettering.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #9 from Lennart Poettering <lennart at poettering.net> ---
Hmm, I just noticed this patch:

https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169

It contains a different check for AppArmor. Basically something like this:

/sys/module/apparmor/parameters/enabled == 'Y'

I'd prefer if we could change our code to do the same, given that the Ubuntu
guys are guys are upstream for apparmor.

Any chance you could rework the condition check? Most likely you can just use:

static bool apparmor_enabled(void) {
        _cleanup_free_ char *p = NULL;

        r = read_one_line_file("/sys/module/apparmor/parameters/enabled", &p);
        if (r < 0)
                return false;

        return parse_boolean(p) > 0;
}

But I can't test this, so I am kinda counting on you to check if this works and
provide a patch?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20130516/9eb49e21/attachment.html>