[Pkg-sssd-devel] sssd: Changes to 'debian-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Tue Aug 21 11:47:03 UTC 2012
debian/changelog | 3 +++
debian/sssd.preinst | 26 +++++++++++++++-----------
debian/sssd.prerm | 7 +++++++
3 files changed, 25 insertions(+), 11 deletions(-)
New commits:
commit 16e6509622935b05f1ec023dc9f6dbbf167f6ce2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:13:14 2012 +0300
sssd.{preinst,postrm}: Install the apparmor profile in force-complain mode on install
and remove the profile directory on purge (if empty). Also migrate from previous setup which installed it as disabled.
diff --git a/debian/changelog b/debian/changelog
index 52a59ed..18b8fcb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ sssd (1.8.4-2) UNRELEASED; urgency=low
* rules: Fix the current date format, and move the date mangling to
happen before dh_install is run. (Closes: #670019)
+ * sssd.{preinst,postrm}: Install the apparmor profile in force-complain
+ mode on install, and remove the profile directory on purge (if empty). Also
+ migrate from previous setup which installed it as disabled.
-- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 05 Jun 2012 11:39:33 +0300
diff --git a/debian/sssd.preinst b/debian/sssd.preinst
index d90db96..7ba9f2b 100755
--- a/debian/sssd.preinst
+++ b/debian/sssd.preinst
@@ -23,20 +23,21 @@ rm_conffile() {
fi
}
-disable_profile() {
- APP_CONFFILE="/etc/apparmor.d/usr.sbin.sssd"
- APP_DISABLE="/etc/apparmor.d/disable/usr.sbin.sssd"
+APP_PROFILE="usr.sbin.sssd"
+APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE"
+APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE"
+APP_DISABLE="/etc/apparmor.d/disable/$APP_PROFILE"
+
+inst_complain_profile() {
# Create a symlink to the yet-to-be-unpacked profile
- if [ ! -e "$APP_CONFFILE" ]; then
- mkdir -p `dirname $APP_DISABLE` 2>/dev/null || true
- ln -sf $APP_CONFFILE $APP_DISABLE
- fi
+ mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true
+ ln -sf $APP_CONFFILE $APP_COMPLAIN
}
case "$1" in
install)
- # Disable AppArmor profile on install
- disable_profile
+ # Force the AppArmor profile to complain mode on install
+ inst_complain_profile
;;
upgrade)
if dpkg --compare-versions "$2" le "1.0.5-1"; then
@@ -48,8 +49,11 @@ upgrade)
rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-krb5.conf"
rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ldap.conf"
fi
- if dpkg --compare-versions "$2" lt "1.8.4-1"; then
- disable_profile
+ if dpkg --compare-versions "$2" lt "1.8.4-2"; then
+ inst_complain_profile
+ if [ -e "$APP_DISABLE" ]; then
+ rm_conffile sssd "$APP_DISABLE"
+ fi
fi
;;
esac
diff --git a/debian/sssd.prerm b/debian/sssd.prerm
index 3122dd8..f277ac1 100644
--- a/debian/sssd.prerm
+++ b/debian/sssd.prerm
@@ -5,5 +5,12 @@ invoke_failure() {
return
}
+if [ "$1" = "purge" ]; then
+ APP_PROFILE="usr.sbin.sssd"
+ rm -f /etc/apparmor.d/force-complain/$APP_PROFILE >/dev/null 2>&1 || true
+ rm -f /etc/apparmor.d/disable/$APP_PROFILE >/dev/null 2>&1 || true
+ rmdir /etc/apparmor.d/disable >/dev/null 2>&1 || true
+fi
+
#DEBHELPER#
More information about the Pkg-sssd-devel
mailing list