| Server IP : 79.136.114.73 / Your IP : 216.73.216.25 Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64 User : www-data ( 33) PHP Version : 5.5.9-1ubuntu4.29 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/bin/ |
Upload File : |
#!/usr/bin/perl -w
=head1 NAME
dh_apparmor - reload AppArmor profile and create local include
=cut
use strict;
use Debian::Debhelper::Dh_Lib;
=head1 SYNOPSIS
B<dh_apparmor> [B<--manifest=>I<manifestfile>] B<--profile-name=>I<profilename>
=head1 DESCRIPTION
dh_apparmor is a debhelper program that will create/remove the
/etc/apparmor.d/local/<profilename> include file in maintainer scripts. It
also reloads the specified AppArmor profile in postinst using:
=over 4
apparmor_parser -r -W -T /etc/apparmor.d/<profilename>
=back
By using '-W -T' we ensure that any abstraction updates are also pulled in.
=head1 OPTIONS
=over 4
=item B<--profile-name=><profilename>
Specify the profile name. Eg:
dh_apparmor --profile-name=bin.foo
dh_apparmor --profile-name=bin.foo -p foo
=back
=over 4
=item B<--manifest=><manifestfile>
Optionally specify a manifest file. When specified, a profile is generated by
calling B<aa-easyprof(8)> with the specified manifest file and putting the
resulting profile in debian/apparmor/<profilename>. Eg, if there is a valid
manifest in debian/manifest.json, then the following command will create
debian/apparmor/bin.bar for the 'bar' package (you will need to clean this up
via override_dh_clean or similar).
dh_apparmor --manifest=manifest.json --profile-name=bin.bar -p bar
Because not all build enviroments support the apparmor kernel interface,
B<aa-easyprof(8)> is called with the --no-verify option. Use of this option
requires that apparmor-easyprof is installed.
=back
=head1 NOTES
When using modern dh packaging techniques, dh_apparmor can be added to the
override_dh_install section of the rules file. Note that for packages that
have multiple binary packages, you will want to pass '-p<package name>' to
dh_apparmor, otherwise dh_apparmor will add AppArmor reload commands for all
packages rather than just the one that ships the profile.
In addition, you will have to install the profile itself in /etc/apparmor.d.
Eg, in the above manifest file example if you are using dh_install you would
add to debian/bar.install:
=over 4
debian/apparmor/bin.bar etc/apparmor.d
=back
=cut
init(options => {
"profile-name=s" => \$dh{PROFILE_NAME},
"manifest-file=s" => \$dh{AA_MANIFEST},
});
my $aa_dir = "debian/apparmor";
foreach my $package (@{$dh{DOPACKAGES}}) {
if (! $dh{PROFILE_NAME}) {
error("Must specify --profile-name for $package");
}
my $pname = $dh{PROFILE_NAME};
autoscript($package,"postinst","postinst-apparmor","s/#PROFILE#/$pname/");
autoscript($package,"postrm","postrm-apparmor","s/#PROFILE#/$pname/");
if ($dh{AA_MANIFEST}) {
unless (-e "debian/$dh{AA_MANIFEST}") {
error("Could not find debian/$dh{AA_MANIFEST}");
}
unless (-x "/usr/bin/aa-easyprof") {
error("Could not find aa-easyprof");
}
if (! -d "$aa_dir") {
mkdir("$aa_dir");
}
my $profile_fn = "$aa_dir/$dh{PROFILE_NAME}";
if (-e "$profile_fn") {
warning("Regenerating $profile_fn");
unlink("$profile_fn");
}
my $tmpdir = tmpdir($package);
my $tmp = "$tmpdir/$dh{PROFILE_NAME}.aa-easyprof.tmp";
complex_doit("aa-easyprof --no-verify --manifest=debian/$dh{AA_MANIFEST} > $tmp");
rename("$tmp", "$profile_fn");
}
}
=head1 SEE ALSO
L<debhelper(7)> L<aa-easyprof(8)>
This program is a part of debhelper.
=head1 AUTHOR
Jamie Strandboge <jamie@canonical.com>
=cut