[Apparmor-dev] [RFC 3/5] initscript: kill rebuild option

Wed Apr 4 12:31:46 MDT 2007

[This is a slight update to a patch originally by jjohansen at suse.de]

The ability of the rcapparmor initscript to rebuild the apparmor module
if attmepts to load the module failed had been broken for a while; this
patch rips out the option altogether. The ability to drop to runlevel
1 if the apparmor module can't be loaded is still available, if not
recently tested.
---
 parser/rc.apparmor.functions |   45 -------------------------------------------
 1 file changed, 45 deletions(-)

Index: b/parser/rc.apparmor.functions
===================================================================

--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@@ -86,7 +86,6 @@ SECURITYFS=/sys/kernel/security
 
 SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab  | \
 	sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
-SUBDOMAIN_SRC="/usr/src/kernel-modules/SubDomain/module"
 
 if [ -d "/var/lib/${MODULE}" ] ; then
 	APPARMOR_TMPDIR="/var/lib/${MODULE}"
@@ -190,40 +189,6 @@ profiles_names_list() {
 	done
 }
 
-rebuild_subdomain() {
-	if [ -d "$SUBDOMAIN_SRC" ] ; then
-		# only try to rebuild for the running kernel
-		cd "$SUBDOMAIN_SRC"
-		kernelver=`uname -r`
-                kernelsrc=`readlink "/lib/modules/$kernelver/build"`
-		line="KERNELVER=$kernelver KERNELSRC=$kernelsrc"
-		/usr/bin/env $line ${SUBDOMAIN_SRC}/BUILD-SUBDOMAIN ;
-		rc=$?
-		if [ $rc -ne 0 ] ; then
-			sd_log_failure_msg "- could not rebuild AppArmor module"
-			return $rc
-		fi
-		depmod -a
-		rc=$?
-		if [ $rc -ne 0 ] ; then
-			sd_log_failure_msg "- could not set AppArmor module dependencies"
-			return $rc ;
-		fi	
-
-		sd_action "Loading AppArmor module" /sbin/modprobe $MODULE $1
-		rc=$?
-		if [ $rc -ne 0 ] ; then
-			# we couldn't find the module
-			sd_log_failure_msg "- could not load rebuilt AppArmor module"
-			rc=$?
-			return $rc
-		fi
-	else
-		sd_log_failure_msg "- could not rebuild AppArmor, module source not found."
-		return -1
-	fi
-}
-
 failstop_system() {
 	level=$(runlevel | cut -d" " -f2)
 	if [ $level -ne "1" ] ; then
@@ -241,16 +206,6 @@ module_panic() {
 	case "$SUBDOMAIN_MODULE_PANIC" in
 		"warn"|"WARN")
 			return 1 ;;
-		"build"|"BUILD") rebuild_subdomain
-			rc=$?
-			return $rc ;;
-		"build-panic"|"BUILD-PANIC") rebuild_subdomain
-			rc=$?
-			if [ $rc -ne 0 ] ; then
-				failstop_system
-				rc=$?
-			fi
-			return $rc ;;
 		"panic"|"PANIC") failstop_system
 			rc=$?
 			return $rc ;;

-- 
Steve Beattie
SUSE Labs, Novell Inc. 
<sbeattie at suse.de>
http://NxNW.org/~steve/

