[Apparmor-general] how to get the status of the apparmor
Seth Arnold
seth.arnold at suse.de
Tue May 15 15:12:17 MDT 2007
On Tue, May 15, 2007 at 12:56:02AM -0600, S Kalyanasundaram wrote:
> Hi all,
> I wanted to reload the apparmor profiles through my script. I was doing
> x=`rcapparmor status | grep "profiles are loaded" | cut -d' ' -f 1`
> if [ $x -gt 0 ]
> then
> rcapparmor restart
> fi
What is your goal? How would you like to handle the case where the module
is loaded, but there are no loaded profiles? (There could zero profiles
loaded if the sysadmin runs rcapparmor stop, or if the sysadmin runs
rm /etc/apparmor.d/* ; rcapparmor restart. In the one case, apparmor
is 'stopped' -- in the other case, apparmor is 'running', albeit there
are no profiles loaded. They will look identical unless you look around
/etc/apparmor.d/.)
Perhaps you can simply call rcapparmor try-restart, assuming that our
try-restart code handles exactly the same way you want your script
to work..
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20070515/c44eac4f/attachment.pgp
More information about the Apparmor-general
mailing list