[Apparmor-dev] [RFC 2/5] initscript: support builtin apparmor

[Seth Arnold]

On Wed, Apr 04, 2007 at 11:31:45AM -0700, Steve Beattie wrote:
> This patch, based on prior versions by jjohansen at suse.de, reworks the
> rcapparmor initscript to support apparmor as a kernel builtin, instead
> of just a module.

Nice cleanups. :)

> +is_apparmor_loaded() {
> +	if ! is_securityfs_mounted ; then
> +		mount_securityfs
> +	fi
> +
> +	mount_subdomainfs
> +
> +	if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then
> +		SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
> +		return 0
> +	fi
> +
> +	if [ -f "${SECURITYFS}/${OLD_MODULE}/profiles" ]; then
> +		SFS_MOUNTPOINT="${SECURITYFS}/${OLD_MODULE}"
> +		return 0
> +	fi
> +
> +	if [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then
> +		SFS_MOUNTPOINT=${SUBDOMAINFS_MOUNTPOINT}
> +		return 0
> +	fi
> +
> +	# check for subdomainfs version of module
> +	grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules
> +	return $?
> +}
> +
> +is_securityfs_mounted() {
> +	grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts
> +	return $?
> +}
> +
> +mount_securityfs() {
> +	if grep -q securityfs /proc/filesystems ; then
> +		sd_action "Mounting securityfs on ${SECURITYFS}" \
> +				mount -t securityfs securityfs "${SECURITYFS}"
> +		return $?
> +	fi
> +	return 0
> +}
> +
> +
> +mount_subdomainfs() {
> +	# for backwords compatibility
> +	if grep -q subdomainfs /proc/filesystems && ! grep -q subdomainfs /proc/mounts; then
> +		if [ -n "${SUBDOMAINFS_MOUNTPOINT}" ]; then
> +			SFS_MOUNTPOINT=${SUBDOMAINFS_MOUNTPOINT}

Seems strange that this one function sets SFS_MOUNTPOINT, but
the other possibility locations for SFS_MOUNTPOINT are set in
is_apparmor_loaded(). Maybe not worth fixing, but it feels a bit strange.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070404/84bd9add/attachment.pgp