1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
#!/bin/sh
# postinst script for apparmor
#
# see: dh_installdeb(1)
set -e
. /usr/share/debconf/confmodule
. /lib/apparmor/rc.apparmor.functions
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure|abort-remove|abort-deconfigure)
# Remove old cache directories
if dpkg --compare-versions "$2" lt-nl "2.13-7"; then
rm -rf /etc/apparmor.d/cache /etc/apparmor.d/cache.d
fi
# Remove old cache files that click, snapd or manual invokation
# of "apparmor_parser --cache-loc /var/cache/apparmor" may have created:
# since 2.13-1 apparmor_parser won't create cache files at the root
# of the cache-loc, but instead in sub-directories.
if dpkg --compare-versions "$2" lt-nl "2.13-7"; then
find /var/cache/apparmor -maxdepth 1 -type f '!' -name CACHEDIR.TAG -delete
fi
# Try to determine values for apparmor/homedirs if the administrator
# hasn't already.
if dpkg --compare-versions "$2" lt-nl "2.5~pre+bzr1362-0ubuntu2"; then
db_get apparmor/homedirs
if [ -z "$RET" ]; then
# Get unique dirnames for uids between 1000 and 30000, then
# format them appropriately for AppArmor
dirs=`awk -F: '$3 >= 1000 && $3 < 30000 {printf "%s\n", $6}' /etc/passwd | xargs -d '\n' -n 1 dirname | grep -v '^/home$' | sed -e 's#\(.*\)#\\1/#g' | sed -e '/ / { s#\(.*\)#"\\1"#g }' | sort -u | tr '\n' ' '`
if [ -n "$dirs" ]; then
db_set apparmor/homedirs "$dirs"
fi
fi
fi
db_get apparmor/homedirs
tmp=`mktemp`
cat > "$tmp" <<EOM
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}. See tunables/home for details.
EOM
if [ -n "$RET" ]; then
cat >> "$tmp" <<EOM
@{HOMEDIRS}+=$RET
EOM
else
cat >> "$tmp" <<EOM
#@{HOMEDIRS}+=
EOM
fi
mkdir -p /etc/apparmor.d/tunables/home.d 2>/dev/null || true
mv -Z -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
chmod 644 /etc/apparmor.d/tunables/home.d/ubuntu
if [ ! -e /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local ]; then
tmp=`mktemp`
cat > "$tmp" <<EOM
# ------------------------------------------------------------------
#
# Copyright (C) 2014 Canonical Ltd.
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# The following may be used to add additional entries such as for
# translations. See tunables/xdg-user-dirs for details. Eg:
#@{XDG_MUSIC_DIR}+="Musique"
#@{XDG_DESKTOP_DIR}+=""
#@{XDG_DOWNLOAD_DIR}+=""
#@{XDG_TEMPLATES_DIR}+=""
#@{XDG_PUBLICSHARE_DIR}+=""
#@{XDG_DOCUMENTS_DIR}+=""
#@{XDG_MUSIC_DIR}+=""
#@{XDG_PICTURES_DIR}+=""
#@{XDG_VIDEOS_DIR}+=""
EOM
mkdir -p /etc/apparmor.d/tunables/xdg-user-dirs.d 2>/dev/null || true
mv -Z -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
chmod 644 /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
fi
# Remove various profiles from Ubuntu Touch since they no longer exist
# in the archive and require files from apparmor-easyprof-ubuntu (which
# was also removed) to load correctly.
if dpkg --compare-versions "$2" lt-nl "2.12-4ubuntu4"; then
for i in usr.bin.media-hub-server usr.bin.mediascanner-service-2.0 usr.lib.mediascanner-2.0.mediascanner-extractor usr.bin.messaging-app usr.bin.webbrowser-app ; do
rm -f "/etc/apparmor.d/$i"
rm -f "/etc/apparmor.d/local/$i"
done
fi
;;
abort-upgrade)
# Nothing to do
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
# Now that AppArmor is installed, attempt to reload profiles in the
# case of upgrades.
aa_log_action_start() {
echo "$@"
}
aa_log_action_end() {
echo -n
}
aa_log_daemon_msg() {
echo "$@"
}
aa_log_end_msg() {
echo -n
}
aa_log_failure_msg() {
echo "Error: $@"
}
aa_log_skipped_msg() {
echo "Skipped: $@"
}
aa_log_warning_msg() {
echo "Warning: $@"
}
case "$1" in
configure)
if aa-status --enabled 2>/dev/null; then
parse_profiles reload || true
fi
;;
esac
exit 0
|
