summaryrefslogtreecommitdiff
path: root/pcr/apparmor-openrc/apparmor-init
blob: 2c7836b481f82fd3a2e6272ec3861a8bc6124845 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

description="Load all configured profiles for the AppArmor security module."
description_reload="Reload all profiles"

extra_started_commands="reload"

aa_action() {
	local arg=$1
	local return

	shift
	$*
	return=$?

	if [ ${return} -eq 0 ]; then
		aa_log_success_msg $arg
	else
		aa_log_failure_msg arg
	fi

	return $return
}

aa_log_action_start() {
	ebegin $1
}

aa_log_action_end() {
	eend $1
}

aa_log_success_msg() {
	einfo $1
}

aa_log_warning_msg() {
	ewarn $1
}

aa_log_failure_msg() {
	eerror $1
}

aa_log_skipped_msg() {
	einfo $1
}

aa_log_daemon_msg() {
	einfo $1
}

aa_log_end_msg() {
	eend $1
}

. /usr/lib/apparmor/rc.apparmor.functions

start() {
	ebegin "Starting AppArmor"
	eindent

	if ! is_apparmor_loaded ; then
		load_module
		if [ $? -ne 0 ]; then
			eerror "AppArmor kernel support is not present"
			eend 1
			return 1
		fi
	fi

	parse_profiles load

	eoutdent
}

stop() {
	ebegin "Stopping AppArmor"
	eindent
	apparmor_stop
	eoutdent
}

reload() {
	# todo: split out clean_profiles into its own function upstream
	# so we can do parse_profiles reload && clean_profiles
	# and do a proper reload instead of restart
	apparmor_restart
}