[Pkg-sssd-devel] sssd: Changes to 'debian-unstable'

Tue Aug 21 11:47:03 UTC 2012

debian/changelog    |    3 +++
 debian/sssd.preinst |   26 +++++++++++++++-----------
 debian/sssd.prerm   |    7 +++++++
 3 files changed, 25 insertions(+), 11 deletions(-)

New commits:
commit 16e6509622935b05f1ec023dc9f6dbbf167f6ce2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Aug 21 13:13:14 2012 +0300

    sssd.{preinst,postrm}: Install the apparmor profile in force-complain mode on install
    
    and remove the profile directory on purge (if empty). Also migrate from previous setup which installed it as disabled.

diff --git a/debian/changelog b/debian/changelog
index 52a59ed..18b8fcb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ sssd (1.8.4-2) UNRELEASED; urgency=low
 
   * rules: Fix the current date format, and move the date mangling to
     happen before dh_install is run. (Closes: #670019)
+  * sssd.{preinst,postrm}: Install the apparmor profile in force-complain
+    mode on install, and remove the profile directory on purge (if empty). Also
+    migrate from previous setup which installed it as disabled.
 
  -- Timo Aaltonen <tjaalton at ubuntu.com>  Tue, 05 Jun 2012 11:39:33 +0300
 
diff --git a/debian/sssd.preinst b/debian/sssd.preinst
index d90db96..7ba9f2b 100755
--- a/debian/sssd.preinst
+++ b/debian/sssd.preinst
@@ -23,20 +23,21 @@ rm_conffile() {
     fi
 }
 
-disable_profile() {
-    APP_CONFFILE="/etc/apparmor.d/usr.sbin.sssd"
-    APP_DISABLE="/etc/apparmor.d/disable/usr.sbin.sssd"
+APP_PROFILE="usr.sbin.sssd"
+APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE"
+APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE"
+APP_DISABLE="/etc/apparmor.d/disable/$APP_PROFILE"
+
+inst_complain_profile() {
     # Create a symlink to the yet-to-be-unpacked profile
-    if [ ! -e "$APP_CONFFILE" ]; then
-        mkdir -p `dirname $APP_DISABLE` 2>/dev/null || true
-        ln -sf $APP_CONFFILE $APP_DISABLE
-    fi
+    mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true
+    ln -sf $APP_CONFFILE $APP_COMPLAIN
 }
 
 case "$1" in
 install)
-    # Disable AppArmor profile on install
-    disable_profile
+    # Force the AppArmor profile to complain mode on install
+    inst_complain_profile
     ;;
 upgrade)
     if dpkg --compare-versions "$2" le "1.0.5-1"; then
@@ -48,8 +49,11 @@ upgrade)
         rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-krb5.conf"
         rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ldap.conf"
     fi
-    if dpkg --compare-versions "$2" lt "1.8.4-1"; then
-        disable_profile
+    if dpkg --compare-versions "$2" lt "1.8.4-2"; then
+	    inst_complain_profile
+        if [ -e "$APP_DISABLE" ]; then
+            rm_conffile sssd "$APP_DISABLE"
+        fi
     fi
     ;;
 esac
diff --git a/debian/sssd.prerm b/debian/sssd.prerm
index 3122dd8..f277ac1 100644
--- a/debian/sssd.prerm
+++ b/debian/sssd.prerm
@@ -5,5 +5,12 @@ invoke_failure() {
     return
 }
 
+if [ "$1" = "purge" ]; then
+    APP_PROFILE="usr.sbin.sssd"
+    rm -f /etc/apparmor.d/force-complain/$APP_PROFILE >/dev/null 2>&1 || true
+    rm -f /etc/apparmor.d/disable/$APP_PROFILE >/dev/null 2>&1 || true
+    rmdir /etc/apparmor.d/disable >/dev/null 2>&1 || true
+fi
+
 #DEBHELPER#
 

