| 1 | #!/bin/bash |
| 2 | . /etc/rc.conf |
| 3 | . /etc/rc.d/functions |
| 4 | |
| 5 | aa_profiles='/etc/apparmor.d/' |
| 6 | aa_log='/var/log/apparmor.init.log' |
| 7 | |
| 8 | aa_log_daemon_msg() { echo "$@"; } |
| 9 | aa_log_failure_msg() { echo "$@"; } |
| 10 | aa_log_end_msg() { echo "$@"; } |
| 11 | . /lib/apparmor/rc.apparmor.functions |
| 12 | |
| 13 | aa_parser_all() { |
| 14 | apparmor_parser $@ $(find "$aa_profiles" -maxdepth 1 -type f) 2>>"$aa_log" |
| 15 | } |
| 16 | |
| 17 | case "$1" in |
| 18 | start) |
| 19 | stat_busy "Enabling AppArmor profiles" |
| 20 | aa_parser_all -r |
| 21 | if [ $? -gt 0 ]; then |
| 22 | stat_fail |
| 23 | else |
| 24 | add_daemon apparmor |
| 25 | stat_done |
| 26 | fi |
| 27 | ;; |
| 28 | stop) |
| 29 | stat_busy "Disabling AppArmor profiles" |
| 30 | aa_parser_all -R |
| 31 | if [ $? -gt 0 ]; then |
| 32 | stat_fail |
| 33 | else |
| 34 | rm_daemon apparmor |
| 35 | stat_done |
| 36 | fi |
| 37 | ;; |
| 38 | complain) |
| 39 | $0 stop |
| 40 | sleep 1 |
| 41 | stat_busy "Enabling AppArmor profiles in complain mode" |
| 42 | aa_parser_all -C |
| 43 | if [ $? -gt 0 ]; then |
| 44 | stat_fail |
| 45 | else |
| 46 | stat_done |
| 47 | fi |
| 48 | ;; |
| 49 | restart) |
| 50 | $0 stop |
| 51 | sleep 1 |
| 52 | $0 start |
| 53 | ;; |
| 54 | status) |
| 55 | aa-status |
| 56 | ;; |
| 57 | *) |
| 58 | echo "usage: $0 {start|stop|complain|restart|status}" |
| 59 | esac |
| 60 | exit 0 |