#!/bin/sh # postinst script for apparmor # # see: dh_installdeb(1) set -e . /usr/share/debconf/confmodule . /lib/apparmor/rc.apparmor.functions # summary of how this script can be called: # * <postinst> `configure' <most-recently-configured-version> # * <old-postinst> `abort-upgrade' <new version> # * <conflictor's-postinst> `abort-remove' `in-favour' <package> # <new-version> # * <postinst> `abort-remove' # * <deconfigured's-postinst> `abort-deconfigure' `in-favour' # <failed-install-package> <version> `removing' # <conflicting-package> <version> # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure|abort-remove|abort-deconfigure) # Remove old cache directories if dpkg --compare-versions "$2" lt-nl "2.13-7"; then rm -rf /etc/apparmor.d/cache /etc/apparmor.d/cache.d fi # Remove old cache files that click, snapd or manual invokation # of "apparmor_parser --cache-loc /var/cache/apparmor" may have created: # since 2.13-1 apparmor_parser won't create cache files at the root # of the cache-loc, but instead in sub-directories. if dpkg --compare-versions "$2" lt-nl "2.13-7"; then find /var/cache/apparmor -maxdepth 1 -type f '!' -name CACHEDIR.TAG -delete fi # Try to determine values for apparmor/homedirs if the administrator # hasn't already. if dpkg --compare-versions "$2" lt-nl "2.5~pre+bzr1362-0ubuntu2"; then db_get apparmor/homedirs if [ -z "$RET" ]; then # Get unique dirnames for uids between 1000 and 30000, then # format them appropriately for AppArmor dirs=`awk -F: '$3 >= 1000 && $3 < 30000 {printf "%s\n", $6}' /etc/passwd | xargs -d '\n' -n 1 dirname | grep -v '^/home$' | sed -e 's#\(.*\)#\\1/#g' | sed -e '/ / { s#\(.*\)#"\\1"#g }' | sort -u | tr '\n' ' '` if [ -n "$dirs" ]; then db_set apparmor/homedirs "$dirs" fi fi fi db_get apparmor/homedirs tmp=`mktemp` cat > "$tmp" <<EOM # This file is auto-generated. It is recommended you update it using: # $ sudo dpkg-reconfigure apparmor # # The following is a space-separated list of where additional user home # directories are stored, each must have a trailing '/'. Directories added # here are appended to @{HOMEDIRS}. See tunables/home for details. EOM if [ -n "$RET" ]; then cat >> "$tmp" <<EOM @{HOMEDIRS}+=$RET EOM else cat >> "$tmp" <<EOM #@{HOMEDIRS}+= EOM fi mkdir -p /etc/apparmor.d/tunables/home.d 2>/dev/null || true mv -Z -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu chmod 644 /etc/apparmor.d/tunables/home.d/ubuntu if [ ! -e /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local ]; then tmp=`mktemp` cat > "$tmp" <<EOM # ------------------------------------------------------------------ # # Copyright (C) 2014 Canonical Ltd. # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ # The following may be used to add additional entries such as for # translations. See tunables/xdg-user-dirs for details. Eg: #@{XDG_MUSIC_DIR}+="Musique" #@{XDG_DESKTOP_DIR}+="" #@{XDG_DOWNLOAD_DIR}+="" #@{XDG_TEMPLATES_DIR}+="" #@{XDG_PUBLICSHARE_DIR}+="" #@{XDG_DOCUMENTS_DIR}+="" #@{XDG_MUSIC_DIR}+="" #@{XDG_PICTURES_DIR}+="" #@{XDG_VIDEOS_DIR}+="" EOM mkdir -p /etc/apparmor.d/tunables/xdg-user-dirs.d 2>/dev/null || true mv -Z -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local chmod 644 /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local fi # Remove various profiles from Ubuntu Touch since they no longer exist # in the archive and require files from apparmor-easyprof-ubuntu (which # was also removed) to load correctly. if dpkg --compare-versions "$2" lt-nl "2.12-4ubuntu4"; then for i in usr.bin.media-hub-server usr.bin.mediascanner-service-2.0 usr.lib.mediascanner-2.0.mediascanner-extractor usr.bin.messaging-app usr.bin.webbrowser-app ; do rm -f "/etc/apparmor.d/$i" rm -f "/etc/apparmor.d/local/$i" done fi ;; abort-upgrade) # Nothing to do ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. # Automatically added by dh_apparmor/2.13.6-10 if [ "$1" = "configure" ]; then APP_PROFILE="/etc/apparmor.d/lsb_release" if [ -f "$APP_PROFILE" ]; then # Add the local/ include LOCAL_APP_PROFILE="/etc/apparmor.d/local/lsb_release" test -e "$LOCAL_APP_PROFILE" || { mkdir -p `dirname "$LOCAL_APP_PROFILE"` install --mode 644 /dev/null "$LOCAL_APP_PROFILE" } # Reload the profile, including any abstraction updates if aa-enabled --quiet 2>/dev/null; then apparmor_parser -r -T -W "$APP_PROFILE" || true fi fi fi # End automatically added section # Automatically added by dh_apparmor/2.13.6-10 if [ "$1" = "configure" ]; then APP_PROFILE="/etc/apparmor.d/nvidia_modprobe" if [ -f "$APP_PROFILE" ]; then # Add the local/ include LOCAL_APP_PROFILE="/etc/apparmor.d/local/nvidia_modprobe" test -e "$LOCAL_APP_PROFILE" || { mkdir -p `dirname "$LOCAL_APP_PROFILE"` install --mode 644 /dev/null "$LOCAL_APP_PROFILE" } # Reload the profile, including any abstraction updates if aa-enabled --quiet 2>/dev/null; then apparmor_parser -r -T -W "$APP_PROFILE" || true fi fi fi # End automatically added section # Automatically added by dh_installdeb/13.3.4 dpkg-maintscript-helper rm_conffile /etc/apparmor.d/abstractions/launchpad-integration 2.13.1-2\~ -- "$@" dpkg-maintscript-helper rm_conffile /etc/apparmor.d/abstractions/ubuntu-sdk-base 2.8.0-0ubuntu20\~ -- "$@" dpkg-maintscript-helper rm_conffile /etc/apparmor/features 2.11.1-4\~ -- "$@" dpkg-maintscript-helper rm_conffile /etc/apparmor/subdomain.conf 2.13.2-2\~ -- "$@" dpkg-maintscript-helper rm_conffile /etc/init/apparmor.conf 2.11.0-11\~ -- "$@" # End automatically added section # Automatically added by dh_installinit/13.3.4 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -x "/etc/init.d/apparmor" ]; then update-rc.d apparmor defaults >/dev/null || true fi fi # End automatically added section # Automatically added by dh_installsystemd/13.3.4 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # This will only remove masks created by d-s-h on package removal. deb-systemd-helper unmask 'apparmor.service' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'apparmor.service'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'apparmor.service' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'apparmor.service' >/dev/null || true fi fi # End automatically added section # Now that AppArmor is installed, attempt to reload profiles in the # case of upgrades. aa_log_action_start() { echo "$@" } aa_log_action_end() { echo -n } aa_log_daemon_msg() { echo "$@" } aa_log_end_msg() { echo -n } aa_log_failure_msg() { echo "Error: $@" } aa_log_skipped_msg() { echo "Skipped: $@" } aa_log_warning_msg() { echo "Warning: $@" } case "$1" in configure) if aa-status --enabled 2>/dev/null; then parse_profiles reload || true fi ;; esac exit 0