| Server IP : 3.128.248.115 / Your IP : 18.188.219.131 Web Server : Apache/2.4.41 (Ubuntu) System : Linux ip-172-31-33-233 5.15.0-1037-aws #41~20.04.1-Ubuntu SMP Mon May 22 18:18:00 UTC 2023 x86_64 User : www-data ( 33) PHP Version : 7.4.28 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /sbin/ |
Upload File : |
#!/bin/sh
# ----------------------------------------------------------------------
# Copyright (c) 2017 Canonical Ltd. (All rights reserved)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
APPARMORFS=/sys/kernel/security/apparmor
PROFILES="${APPARMORFS}/profiles"
REMOVE="${APPARMORFS}/.remove"
DRY_RUN=0
. $APPARMOR_FUNCTIONS
usage() {
local progname="$1"
local rc="$2"
local msg="usage: ${progname} [options]
Remove profiles unknown to the system
Options:
-h, --help Show this help message and exit
-n Dry run; don't remove profiles"
if [ "$rc" -ne 0 ] ; then
echo "$msg" 1>&2
else
echo "$msg"
fi
exit "$rc"
}
if [ "$#" -gt 1 ] ; then
usage "$0" 1
elif [ "$#" -eq 1 ] ; then
if [ "$1" = "-h" -o "$1" = "--help" ] ; then
usage "$0" 0
elif [ "$1" = "-n" ] ; then
DRY_RUN=1
else
usage "$0" 1
fi
fi
# We can't use a -r test here because while $PROFILES is world-readable,
# apparmorfs may still return EACCES from open()
#
# We have to do this check because error checking awk's getline() below is
# tricky and, as is, results in an infinite loop when apparmorfs returns an
# error from open().
if ! IFS= read line < "$PROFILES" ; then
echo "ERROR: Unable to read apparmorfs profiles file" 1>&2
exit 1
elif [ ! -w "$REMOVE" ] ; then
echo "ERROR: Unable to write to apparmorfs remove file" 1>&2
exit 1
fi
# Clean out running profiles not associated with the current profile
# set, excluding the libvirt dynamically generated profiles.
# Note that we reverse sort the list of profiles to remove to
# ensure that child profiles (e.g. hats) are removed before the
# parent. We *do* need to remove the child profile and not rely
# on removing the parent profile when the profile has had its
# child profile names changed.
profiles_names_list | awk '
BEGIN {
while (getline < "'${PROFILES}'" ) {
str = sub(/ \((enforce|complain)\)$/, "", $0);
if (match($0, /^libvirt-[0-9a-f\-]+$/) == 0)
arr[$str] = $str
}
}
{ if (length(arr[$0]) > 0) { delete arr[$0] } }
END {
for (key in arr)
if (length(arr[key]) > 0) {
printf("%s\n", arr[key])
}
}
' | LC_COLLATE=C sort -r | \
while IFS= read profile ; do
if [ "$DRY_RUN" -ne 0 ]; then
echo "Would remove '${profile}'"
else
echo "Removing '${profile}'"
echo -n "$profile" > "${REMOVE}"
fi
done
# will not catch all errors, but still better than nothing
exit $?