Initial import of Matthew Snelham <zeypher@sigalrm.com> latest ebuilds into the devel tree

and the skel.* files

branches/experimental/sys-apps/apparmor-parser/ChangeLog

@@ -0,0 +1,10 @@
+# ChangeLog for sys-apps/apparmor-parser
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+  06 Mar 2007; Mario Fetka <mario-fetka@gmx.at>
+  +apparmor-parser-2.0_p150.ebuild, +files/aaeventd, +files/apparmor,
+  +files/rc.apparmor.functions, +files/rc.helper.functions, +metadata.xml:
+  Initial import of Matthew Snelham <zeypher@sigalrm.com> latest ebuilds into
+  the devel tree
+

branches/experimental/sys-apps/apparmor-parser/Manifest

@@ -0,0 +1,32 @@
+AUX aaeventd 824 RMD160 032cce20f81b7b0e1f6f38cb6e1c392d70407ad5 SHA1 8adaa5e21867cab21c5fa907c974fb94cb280f70 SHA256 dbaa7fd1197388146c7a1a9b59553815fdcd0498510f7b7bf752af88f8eb1780
+MD5 379ee71ea946bd90c98e94e362bf9f2c files/aaeventd 824
+RMD160 032cce20f81b7b0e1f6f38cb6e1c392d70407ad5 files/aaeventd 824
+SHA256 dbaa7fd1197388146c7a1a9b59553815fdcd0498510f7b7bf752af88f8eb1780 files/aaeventd 824
+AUX apparmor 1090 RMD160 8d9781974318232731ef26881d7d57fc5991044c SHA1 2acee7585d1329bcb92cb8902ec36e1d0b94f5d6 SHA256 5c7b251473e7bf6a876e0d59d89cff3707bf5a6fcda0d9e95d50a463c8eddc8f
+MD5 7771cab70810b82185f0ed211f131018 files/apparmor 1090
+RMD160 8d9781974318232731ef26881d7d57fc5991044c files/apparmor 1090
+SHA256 5c7b251473e7bf6a876e0d59d89cff3707bf5a6fcda0d9e95d50a463c8eddc8f files/apparmor 1090
+AUX rc.apparmor.functions 11898 RMD160 12453790ffd14deed48b062f27d12bf2b2910ee4 SHA1 ec936b69474750dfd0205f451472e7d81b66f41a SHA256 d9cdb82c10bb5aa40c39d0f93c418a11020abc2d6df7154a831a71c816345618
+MD5 2adf748409596598872530ec06ef8717 files/rc.apparmor.functions 11898
+RMD160 12453790ffd14deed48b062f27d12bf2b2910ee4 files/rc.apparmor.functions 11898
+SHA256 d9cdb82c10bb5aa40c39d0f93c418a11020abc2d6df7154a831a71c816345618 files/rc.apparmor.functions 11898
+AUX rc.helper.functions 690 RMD160 d0b3b06a45645be5bc9d30b8ef19d518ac59940a SHA1 a58ba3ca5d59e099a3570ee21a62f5b4a6eb25fa SHA256 d065ac76a66d856716d77dd06b64478ed90c3b487d414cf8e33fc46ea77a723d
+MD5 5d9c000b99bd66788b988cb6d14b9b3d files/rc.helper.functions 690
+RMD160 d0b3b06a45645be5bc9d30b8ef19d518ac59940a files/rc.helper.functions 690
+SHA256 d065ac76a66d856716d77dd06b64478ed90c3b487d414cf8e33fc46ea77a723d files/rc.helper.functions 690
+DIST apparmor-parser-2.0-150.tar.gz 189171 RMD160 cf3299716fdf042cf326cf884d93fdcb5089dba6 SHA1 099ae08655ee2fc1d206166a7a4f8622637c02fc SHA256 678027c88cf69b42f8c7a36adfbe917489eb80800bc9eefe3b3f043bf01e6ee6
+EBUILD apparmor-parser-2.0_p150.ebuild 1533 RMD160 3fd845a2de512cbd470c967e0aab29e0228ca6e0 SHA1 92bb05478a932b01baa3a3ddf44e7ac88be87fd0 SHA256 47f6c14a53f970893f8a418e4be5d8a3f792b2cc7e4d6e8bacb26013f68bb4ef
+MD5 76c7b80fec3e2c011aa5d956a9426bf7 apparmor-parser-2.0_p150.ebuild 1533
+RMD160 3fd845a2de512cbd470c967e0aab29e0228ca6e0 apparmor-parser-2.0_p150.ebuild 1533
+SHA256 47f6c14a53f970893f8a418e4be5d8a3f792b2cc7e4d6e8bacb26013f68bb4ef apparmor-parser-2.0_p150.ebuild 1533
+MISC ChangeLog 414 RMD160 32500f8dbdd693af9f10ac7e6ccad09141c72787 SHA1 e1159c95576b90023613d9eae1605ed297dfe231 SHA256 702e74f1e4b3041b5502e684e015176ddd71257005a1acf28d9ab09413bbca9e
+MD5 d2f5dd9c4089985f64cf7f675ecb3df2 ChangeLog 414
+RMD160 32500f8dbdd693af9f10ac7e6ccad09141c72787 ChangeLog 414
+SHA256 702e74f1e4b3041b5502e684e015176ddd71257005a1acf28d9ab09413bbca9e ChangeLog 414
+MISC metadata.xml 436 RMD160 e15033b9b3e6c069ebf4fc0e0470c5792e33030a SHA1 a441df5f7fca5964bd09ff8f81af063aada1d157 SHA256 5781a6c617edd46a5bb4976d24b07d8df048a7e03b2cf36ea9edcee4fc9e3cfc
+MD5 832848da3df614d8f1bcb956856bb75e metadata.xml 436
+RMD160 e15033b9b3e6c069ebf4fc0e0470c5792e33030a metadata.xml 436
+SHA256 5781a6c617edd46a5bb4976d24b07d8df048a7e03b2cf36ea9edcee4fc9e3cfc metadata.xml 436
+MD5 f8b11c14f5b9a1945c17a5f94b338d2b files/digest-apparmor-parser-2.0_p150 271
+RMD160 a70e60c1977d77b9b90bca4617758a60e1449115 files/digest-apparmor-parser-2.0_p150 271
+SHA256 0d5798506f6e78b3f6f8bff3f1d8d98d43d040576e2edbe3c893ac8fa164847a files/digest-apparmor-parser-2.0_p150 271

branches/experimental/sys-apps/apparmor-parser/apparmor-parser-2.0_p150.ebuild

@@ -0,0 +1,62 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils perl-module toolchain-funcs
+
+MY_PV="${PV/_p/-}"
+MY_P="${PN}-${MY_PV}"
+MY_S="${WORKDIR}/${PN}-${PV/_p*/}"
+MONTH="October"
+
+DESCRIPTION="The userspace tools and init scripts to load security profiles into the apparmor kernel security module."
+HOMEPAGE="http://forge.novell.com/modules/xfmod/project/?apparmor"
+SRC_URI="http://forgeftp.novell.com/apparmor/Development%20-%20${MONTH}%20Snapshot/${MY_P}.tar.gz"
+
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~amd64"
+IUSE=""
+
+DEPEND="sys-libs/libapparmor
+        sys-libs/libcap
+        dev-libs/libpcre
+        sys-devel/bison
+        sys-devel/flex"
+
+RDEPEND="|| (sys-kernel/apparmor-sources ys-apps/apparmor-modules)"
+
+src_unpack() {
+	unpack ${A}
+
+	## apparmor-parser
+	cd ${MY_S}
+	# the Make.rules isn't needed for Gentoo
+	sed -i "s/^include Make.rules//g" Makefile
+	# Un-needed historical artifact, AND ugly non-LSB path
+	# This is mounted at /sys/kernel/security/subdomain, not /subdomain
+	sed -i 's/^.*\/subdomain//g' Makefile
+}
+
+src_compile() {
+	cd ${MY_S}
+	emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" || die
+}
+
+src_install() {
+
+	## apparmor-parser
+	cd ${MY_S}
+	make DESTDIR=${D} install || die
+
+	## Init script and addtional files
+	doinitd ${FILESDIR}/apparmor 
+	doinitd ${FILESDIR}/aaeventd 
+	insopts -m0644
+	insinto /lib/apparmor
+	doins ${FILESDIR}/rc.helper.functions
+	doins ${FILESDIR}/rc.apparmor.functions
+
+	dodir /etc/apparmor.d/abstractions
+}

branches/experimental/sys-apps/apparmor-parser/files/aaeventd

@@ -0,0 +1,40 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
+APPARMOR_HELPERS=/lib/apparmor/rc.helper.functions
+if [ -f "${APPARMOR_HELPERS}" -a -f "${APPARMOR_FUNCTIONS}" ]; then
+	source ${APPARMOR_HELPERS}
+	source ${APPARMOR_FUNCTIONS}
+else
+        eend 1 "Unable to find AppArmor initscript functions"
+fi
+
+depend() {
+	need apparmor
+	use logger dns
+}
+
+start() {
+	ebegin "Starting aaeventd (AppArmor Event Daemon)"
+
+	if [ "${APPARMOR_ENABLE_AAEVENTD}" = "no" ]; then
+		eend 1 "   aaeventd disabled in ${APPARMOR_CONF}."
+	fi
+
+	start_sd_event
+	eend $waserror
+}
+
+stop() {
+	ebegin "Stopping aaeventd (AppArmor Event Daemon)"
+	stop_sd_event
+	eend $waserror
+}
+
+restart() {
+	srv_stop
+	srv_start
+}

branches/experimental/sys-apps/apparmor-parser/files/apparmor

@@ -0,0 +1,55 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+#
+# rc.apparmor.gentoo: contribuited by Matthew Snelham 
+# /etc/init.d/apparmor
+
+APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
+APPARMOR_HELPERS=/lib/apparmor/rc.helper.functions
+if [ -f "${APPARMOR_HELPERS}" -a -f "${APPARMOR_FUNCTIONS}" ]; then
+        source ${APPARMOR_HELPERS}
+        source ${APPARMOR_FUNCTIONS}
+else
+	eend 1 "Unable to find AppArmor initscript functions"
+fi
+
+opts="${opts} reload status"
+
+depend() {
+	need localmount
+	## AppArmor needs to be loaded before any other 
+	## (potentially protected) user-space services come up.
+	#before *
+}
+
+start() {
+	ebegin "Starting AppArmor"
+	subdomain_start
+	einfo "...AppArmor Start"
+	eend $waserror
+}
+
+stop() {
+	ebegin "Stopping AppArmor"
+	subdomain_stop
+	einfo "...AppArmor Stop"
+	eend $waserror
+}
+
+restart() {
+	svc_stop; svc_start
+}
+
+reload() {
+	ebegin "Restarting AppArmor"
+	subdomain_restart
+	eend $?
+}
+
+status() {
+	ebegin "Checking AppArmor Status"
+	subdomain_status
+	eend $?
+}

branches/experimental/sys-apps/apparmor-parser/files/digest-apparmor-parser-2.0_p150

@@ -0,0 +1,3 @@
+MD5 cbb25435e4353b10b5fdd96f80c854b9 apparmor-parser-2.0-150.tar.gz 189171
+RMD160 cf3299716fdf042cf326cf884d93fdcb5089dba6 apparmor-parser-2.0-150.tar.gz 189171
+SHA256 678027c88cf69b42f8c7a36adfbe917489eb80800bc9eefe3b3f043bf01e6ee6 apparmor-parser-2.0-150.tar.gz 189171

branches/experimental/sys-apps/apparmor-parser/files/rc.apparmor.functions

@@ -0,0 +1,443 @@
+#!/bin/sh
+#
+# ----------------------------------------------------------------------
+#    Copyright (c) 1999, 2000, 20001, 2004, 2005, NOVELL (All rights reserved)
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program; if not, contact Novell, Inc.
+# ----------------------------------------------------------------------
+# rc.subdomain.functions by Steve Beattie
+# Modified for Gentoo Linux, by Matthew Snelham
+#
+# Modifications Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+
+# NOTE: rc.subdomain initscripts that source this file need to implement
+# the following set of functions:
+#	sd_action
+#	sd_log_info_msg
+#	sd_log_success_msg
+#	sd_log_warning_msg
+#       sd_log_failure_msg
+
+
+CONFIG_DIR=/etc/apparmor
+MODULE=apparmor
+OLD_MODULE=subdomain
+if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then
+	APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf"
+elif [ -f "${CONFIG_DIR}/${OLD_MODULE}.conf" ] ; then
+	APPARMOR_CONF="${CONFIG_DIR}/${OLD_MODULE}.conf"
+else
+	sd_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?"
+fi
+
+# Read configuration options from ${APPARMOR_CONF}, default is to
+# warn if subdomain won't load.
+APPARMOR_MODULE_PANIC="warn"
+SUBDOMAIN_ENABLE_OWLSM="no"
+APPARMOR_ENABLE_AAEVENTD="no"
+
+if [ -f "${APPARMOR_CONF}" ] ; then
+	source "${APPARMOR_CONF}"
+fi
+
+if [ -f /sbin/apparmor_parser ] ; then
+	PARSER=/sbin/apparmor_parser
+else
+	sd_log_failure_msg "Unable to find apparmor_parser, installation problem?"
+	exit 1
+fi
+
+# APPARMOR_DIR might be redefined in ${APPARMOR_CONF}
+if [ -d "${APPAMROR_DIR}" ] ; then
+	PROFILE_DIR=${APPARMOR_DIR}
+elif [ -d /etc/apparmor.d ] ; then
+	PROFILE_DIR=/etc/apparmor.d
+fi
+ABSTRACTIONS="-I${PROFILE_DIR}"
+AA_EV_BIN=/usr/sbin/aa-eventd
+AA_EV_PIDFILE=/var/run/aa-eventd.pid
+AA_STATUS=/usr/sbin/apparmor_status
+SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl
+SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid
+SD_STATUS=/usr/sbin/subdomain_status
+if grep -q securityfs /proc/filesystems ; then
+	SECURITYFS=/sys/kernel/security
+fi
+
+SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab  | \
+	sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
+
+if [ -d "/var/lib/${MODULE}" ] ; then
+	APPARMOR_TMPDIR="/var/lib/${MODULE}"
+else
+	APPARMOR_TMPDIR="/tmp"
+fi
+
+
+function parse_profiles() {	
+	# get parser arg
+	case "$1" in
+		load)
+			PARSER_ARGS="--add"
+			PARSER_MSG="Loading AppArmor profiles "
+			;;
+		reload)
+			PARSER_ARGS="--replace"
+			PARSER_MSG="Reloading AppArmor profiles "
+			;;
+		*)
+			exit 1
+			;;
+	esac
+	sd_log_info_msg "$PARSER_MSG"
+
+	# run the parser on all of the apparmor profiles
+	if [ ! -f "$PARSER" ]; then
+		sd_log_failure_msg "$PARSER_MSG - AppArmor parser not found"
+		exit 1
+	fi
+
+	if [ ! -d "$PROFILE_DIR" ]; then
+		sd_log_failure_msg "$PARSER_MSG - Profile directory not found"
+		exit 1
+	fi
+
+	if [ "X" == "X$(ls $PROFILE_DIR/)" ]; then
+		sd_log_warning_msg "$PARSER_MSG - No profiles found"
+		exit 1
+	fi
+
+	for profile in $PROFILE_DIR/*; do
+	        if [ "${profile%.rpmnew}" != "${profile}" -o \
+		     "${profile%.rpmsave}" != "${profile}" -o \
+		     "${profile%\~}" != "${profile}" ]
+		then 
+			sd_log_warning_msg "Skipping profile $profile"
+		elif [ -f "${profile}" ] ; then
+			sd_action "  Adding profile: `basename ${profile}`" $PARSER $ABSTRACTIONS $PARSER_ARGS ${profile} 
+			if [ $? -ne 0 ]; then
+				waserror=1
+			fi
+		fi
+	done
+}
+
+function profiles_names_list() {	
+	# run the parser on all of the apparmor profiles
+	TMPFILE=$1
+	if [ ! -f "$PARSER" ]; then
+		sd_log_failure_msg "AppArmor parser ($PARSER) not found"
+		exit 1
+	fi
+
+	if [ ! -d "$PROFILE_DIR" ]; then
+		sd_log_failure_msg "Profile directory ($PROFILE_DIR) not found"
+		exit 1
+	fi
+
+	for profile in $PROFILE_DIR/*; do
+	        if [ "${profile%.rpmnew}" != "${profile}" -o \
+		     "${profile%.rpmsave}" != "${profile}" -o \
+		     "${profile%\~}" != "${profile}" ]
+		then 
+			echo "nop" >/dev/null
+		elif [ -f "${profile}" ] ; then
+			LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" | grep -v '\^')
+			if [ $? -eq 0 ]; then
+				echo "$LIST_ADD" >>$TMPFILE
+			fi
+		fi
+	done
+}
+
+function is_securityfs_mounted() {
+	if grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts ; then
+		if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then
+			SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
+			return 0
+		fi
+	fi
+	return 1
+}
+
+function mount_securityfs() {
+	if [ "X" != "X${SECURITYFS}" ]; then
+		if ! grep -q securityfs /proc/mounts ; then
+			sd_action "Mounting securityfs on ${SECURITYFS}" \
+					mount -t securityfs securityfs "${SECURITYFS}"
+			rc=$?
+			if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then
+				SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
+			else
+				SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
+			fi
+			return $rc
+		fi
+	fi
+	return 0
+}
+
+function unmount_securityfs() {
+	SUBDOMAINFS=$(grep subdomainfs /proc/mounts  | cut -d" " -f2 2> /dev/null)
+	if [ "X" != "X${SUBDOMAINFS}" ]; then
+		sd_action "Unmounting securityfs" umount ${SUBDOMAINFS}
+	fi
+}
+
+function failstop_system() {
+	level=$(runlevel | cut -d" " -f2)
+	if [ $level -ne "1" ] ; then
+		sd_log_failure_msg "Could not start AppArmor.  Changing to runlevel 1"
+		telinit 1;
+		return -1;
+	fi
+	sd_log_failure_msg "Could not start AppArmor."
+	return -1
+}
+
+function module_panic() {
+	# the module failed to load, determine what action should be taken
+
+	case "$APPARMOR_MODULE_PANIC" in
+		"warn"|"WARN") sd_log_failure_msg "Could not start AppArmor"
+			return -1 ;;
+		"panic"|"PANIC") failstop_system
+			rc=$?
+			return $rc ;;
+		*) sd_log_failure_msg "Invalid AppArmor module fail option"
+			return -1 ;;
+	esac
+}
+
+function load_module() {
+	if modinfo -F filename apparmor > /dev/null 2>&1 ; then
+		MODULE=apparmor
+	elif modinfo -F filename subdomain > /dev/null 2>&1 ; then
+		MODULE=subdomain
+	fi
+	if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
+		sd_action "Loading AppArmor module" /sbin/modprobe $MODULE $1
+		rc=$?
+		if [ $rc -ne 0 ] ; then
+			# we couldn't find the module
+			module_panic
+			rc=$?
+			if [ $rc -ne 0 ] ; then
+				exit $rc
+			fi
+		fi
+	fi
+}	
+
+function start_sd_event() {
+	if [ -x "$AA_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
+		sd_action "Starting AppArmor Event daemon" startproc -f -p $AA_EV_PIDFILE $AA_EV_BIN -p $AA_EV_PIDFILE
+	elif [ -x "$SD_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
+		sd_action "Starting AppArmor Event daemon" startproc -f -p $SD_EV_PIDFILE $SD_EV_BIN -p $SD_EV_PIDFILE
+	fi
+}
+
+function stop_sd_event() {
+	if [ -x "$AA_EV_BIN" -a -f "$AA_EV_PIDFILE" ] ; then
+		sd_action "Shutting down AppArmor Event daemon" killproc -G -p $AA_EV_PIDFILE -INT $AA_EV_BIN
+	fi
+	if [ -f "$SD_EV_PIDFILE" ] ; then
+		sd_action "Shutting down AppArmor Event daemon" killproc -G -p $SD_EV_PIDFILE -INT $SD_EV_BIN
+	fi
+}
+
+function subdomain_start() {
+	if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
+		load_module
+		rc=$?
+		if [ $rc -ne 0 ] ; then
+			return $rc
+		fi
+	fi
+
+	if ! is_securityfs_mounted ; then
+		mount_securityfs
+		rc=$?
+		if [ $rc -ne 0 ] ; then
+			return $rc
+		fi
+	fi
+
+	if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then
+		sd_log_failure_msg "Loading AppArmor profiles - failed, Do you have the correct privileges?"
+		return 1
+	fi
+
+	configure_owlsm
+
+	if [ $(wc -l "$SFS_MOUNTPOINT/profiles" | awk '{print $1}') -eq 0 ] ; then
+		parse_profiles load
+	else
+		sd_log_warning_msg "Loading AppArmor profiles - AppArmor already loaded with profiles."
+	fi
+}
+
+function remove_profiles() {
+	# removing profiles as we directly read from subdomainfs
+	# doesn't work, since we are removing entries which screws up
+	# our position.  Lets hope there are never enough profiles to
+	# overflow the variable
+	if ! is_securityfs_mounted ; then
+		sd_log_failure_msg "failed: is securityfs loaded?"
+		return 1
+	fi
+
+	if [ ! -w "$SFS_MOUNTPOINT/.remove" ] ; then
+		sd_log_failure_msg "failed: Do you have the correct privileges?"
+		return 1
+	fi
+
+	if [ ! -x "${PARSER}" ] ; then
+		sd_log_failure_msg "failed: unable to execute subdomain parser"
+		return 1
+	fi
+
+	retval=0
+	IFS=$'\n'
+	enforced_profiles=$(sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles")
+	for profile in $enforced_profiles ; do 
+		sd_action "  Removing profile: ${profile}" sh -c "echo \"$profile { }\" | $PARSER -R"
+		rc=$?
+		if [ ${rc} -ne 0 ] ; then 
+			retval=${rc}
+		fi
+	done
+	if [ ${retval} -ne 0 ] ; then
+		waserror=1
+	fi	
+}
+
+function subdomain_stop() {
+	stop_sd_event
+	sd_log_info_msg "Unloading AppArmor profiles"
+	remove_profiles
+}
+
+function subdomain_kill() {
+	stop_sd_event
+	unmount_securityfs
+	if grep -qE "^apparmor[[:space:]]" /proc/modules ; then
+		MODULE=apparmor
+	elif grep -qE "^subdomain[[:space:]]" /proc/modules ; then
+		MODULE=subdomain
+	else
+		MODULE=apparmor
+	fi
+	sd_action "Unloading AppArmor modules" /sbin/modprobe -r $MODULE
+}
+
+function __subdomain_restart() {
+	if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then
+		sd_log_failure_msg "Loading AppArmor profiles - failed, Do you have the correct privileges?"
+		return 4
+	fi
+
+	configure_owlsm
+	parse_profiles reload
+	PNAMES_LIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
+	profiles_names_list ${PNAMES_LIST}
+	MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX)
+	sed  -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST"
+	#profiles=$(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -)
+	#for profile in $profiles ; do
+	IFS=$'\n' && for profile in $(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) ; do
+		echo "\"$profile\" {}" | $PARSER -R >/dev/null
+	done
+	rm "$MODULE_PLIST"
+	rm "$PNAMES_LIST"
+	return 0
+}
+
+function subdomain_restart() {
+	if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
+		subdomain_start
+		rc=$?
+		return $rc
+	fi
+
+	if ! is_securityfs_mounted ; then
+		mount_securityfs
+		rc=$?
+		if [ $rc -ne 0 ] ; then
+			return $rc
+		fi
+	fi
+
+	__subdomain_restart
+	rc=$?
+	return $rc
+}
+
+function subdomain_try_restart() {
+	if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
+		return 1
+	fi
+
+	if ! is_securityfs_mounted ; then
+		return 1
+	fi
+
+	__subdomain_restart
+	rc=$?
+	return $rc
+}
+
+function subdomain_debug() {
+	subdomain_kill
+	load_module "subdomain_debug=1"
+	mount_securityfs
+	configure_owlsm
+	parse_profiles load
+}
+
+function configure_owlsm () {
+	if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then
+		# Sigh, the "sh -c" is necessary for the SuSE sd_action
+		# and it can't be abstracted out as a seperate function, as
+		# that breaks under RedHat's action, which needs a
+		# binary to invoke.
+		sd_action "Enabling OWLSM extension" sh -c "echo -n \"1\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
+	elif [ -f "${SFS_MOUNTPOINT}/control/owlsm" ] ; then
+		sd_action "Disabling OWLSM extension" sh -c "echo -n \"0\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
+	fi
+}
+
+function subdomain_status () {
+	if test -x ${AA_STATUS} ; then
+		${AA_STATUS} --verbose
+		return $?
+	fi
+	if test -x ${SD_STATUS} ; then
+		${SD_STATUS} --verbose
+		return $?
+	fi
+	if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then
+		sd_log_failure_msg "AppArmor not loaded."
+		rc=1
+	else
+		sd_log_success_msg "AppArmor module enabled."
+		rc=0
+	fi
+	sd_log_warning_msg "Install the apparmor-utils package to receive more detailed"
+	sd_log_warning_msg "status information here (or examine ${SFS_MOUNTPOINT} directly)."
+
+	return $rc
+}

branches/experimental/sys-apps/apparmor-parser/files/rc.helper.functions

@@ -0,0 +1,47 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+waserror=0
+
+function sd_action() {
+	MSG=$1
+	shift
+	#echo "ACTION: $*"
+	$* > /dev/null
+	rc=$?
+	if [ $rc -ne 0 ] ; then
+		sd_log_failure_msg $"$MSG"
+	else
+		sd_log_success_msg $"$MSG"
+	fi
+	return $rc
+}
+
+function sd_log_info_msg() {
+	einfo "  $*"
+}
+
+function sd_log_warning_msg() {
+	ewarn "  $*"
+}
+
+function sd_log_success_msg() {
+	einfo "  $*"
+	eend 0
+}
+
+function sd_log_failure_msg() {
+	waserror=1
+	einfo "  $*"
+	eend 1
+}
+
+function startproc() {
+	/sbin/start-stop-daemon --start -p $3 --exec $4 -- -p $3
+}
+
+function killproc() {
+	/sbin/start-stop-daemon --stop -p $3
+}
+

branches/experimental/sys-apps/apparmor-parser/metadata.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>apparmor</herd>
+<maintainer>
+  <email>zepher@sigalrm.com</email>
+  <name>Matthew Snelham</name>
+  <description>Primary Maintainer</description>
+</maintainer>
+<longdescription lang="en">Core Apparmor package containing userspace policy parser, utilities, and documentation.</longdescription>
+</pkgmetadata>