Expected Results:
Running "/etc/init.d/apparmor status" after stopping apparmor should have a non-zero exit status to indicate that apparmor is not enabled.
Actual Results:
Running "/etc/init.d/apparmor status" always result in an exit code of 0, even after running "/etc/init.d/apparmor stop".
Looks like this is caused by a simple error in /etc/init.d/apparmor. The status function looks for the existence of /usr/bin/aa-status. However, aa-status is in /usr/sbin, not /usr/bin. So the status function falls back to displaying the contents of /sys/kernel/sercurity/apparmor/profiles and uses the exit status of the cat command as its exit status.
If the init script correctly calls aa-status, the status function has a more useful exit status.
Binary package hint: apparmor
# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# apt-cache policy apparmor apparmor-utils
apparmor:
Installed: 2.5-0ubuntu3
Candidate: 2.5-0ubuntu3
[...]
apparmor-utils:
Installed: 2.5-0ubuntu3
Candidate: 2.5-0ubuntu3
Expected Results: d/apparmor status" after stopping apparmor should have a non-zero exit status to indicate that apparmor is not enabled.
Running "/etc/init.
Actual Results: d/apparmor status" always result in an exit code of 0, even after running "/etc/init. d/apparmor stop".
Running "/etc/init.
Looks like this is caused by a simple error in /etc/init. d/apparmor. The status function looks for the existence of /usr/bin/aa-status. However, aa-status is in /usr/sbin, not /usr/bin. So the status function falls back to displaying the contents of /sys/kernel/ sercurity/ apparmor/ profiles and uses the exit status of the cat command as its exit status.
If the init script correctly calls aa-status, the status function has a more useful exit status.