(CommandList children: [ (C {(.)} {(/lib/apparmor/functions)}) (C {(.)} {(/lib/lsb/init-functions)}) (FuncDef name: usage body: (BraceGroup children: [ (C {(echo)} { (DQ ("Usage: ") ($ VSub_Number "$0") (" {start|stop|restart|reload|force-reload|status|recache}") ) } ) ] spids: [113] ) spids: [109 112] ) (AndOr children: [(C {(test)} {(-x)} {(${ VSub_Name PARSER)}) (C {(exit)} {(0)})] op_id: Op_DPipe ) (AndOr children: [(C {(test)} {(-d)} {(/sys/module/apparmor)}) (C {(exit)} {(0)})] op_id: Op_DPipe ) (FuncDef name: securityfs body: (BraceGroup children: [ (If arms: [ (if_arm cond: (Sentence command: (C {(Lit_Other "[")} {(KW_Bang "!")} {(-d)} {(DQ (${ VSub_Name AA_SFS))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) action: (If arms: [ (if_arm cond: (Sentence command: (Pipeline children: [ (C {(cut)} {(-d) (DQ (" "))} {(-f2) (Lit_Comma ",") (3)} {(/proc/mounts)} ) (C {(grep)} {(-q)} {(DQ ("^") (${ VSub_Name SECURITYFS) (" securityfs")) (SQ <"$">) } ) ] negated: False ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_action_msg)} {(DQ ("AppArmor not available as kernel LSM."))}) (C {(log_end_msg)} {(1)}) (C {(exit)} {(1)}) ] ) spids: [-1 225] ) ] else_action: (CommandList children: [ (C {(log_action_begin_msg)} {(DQ ("Mounting securityfs on ") (${ VSub_Name SECURITYFS))} ) (If arms: [ (if_arm cond: (Sentence command: (Pipeline children: [ (C {(mount)} {(-t)} {(securityfs)} {(none)} {(DQ (${ VSub_Name SECURITYFS))} ) ] negated: True ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_action_end_msg)} {(1)}) (C {(log_end_msg)} {(1)}) (C {(exit)} {(1)}) ] ) spids: [-1 277] ) ] spids: [-1 295] ) ] ) spids: [245 298] ) spids: [-1 188] ) ] spids: [-1 301] ) (If arms: [ (if_arm cond: (Sentence command: (C {(Lit_Other "[")} {(KW_Bang "!")} {(-w)} {(DQ ($ VSub_Name "$AA_SFS")) (/.load)} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_action_msg)} {(DQ ("Insufficient privileges to change profiles."))}) (C {(log_end_msg)} {(1)}) (C {(exit)} {(1)}) ] ) spids: [-1 320] ) ] spids: [-1 340] ) ] spids: [164] ) spids: [160 163] ) (If arms: [ (if_arm cond: (Sentence command: (C {(Lit_Other "[")} {(DQ ($ VSub_Number "$1"))} {(Lit_Other "=")} {(DQ (recache))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_daemon_msg)} {(DQ ("Recaching AppArmor profiles"))}) (C {(recache_profiles)}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{($ VSub_QMark "$?")} spids:[378])] spids: [378] ) (C {(log_end_msg)} {(DQ ($ VSub_Name "$rc"))}) (C {(exit)} {($ VSub_Name "$rc")}) ] ) spids: [-1 365] ) ] spids: [-1 393] ) (AndOr children: [(C {(test)} {(-d)} {(/rofs/etc/apparmor.d)}) (C {(exit)} {(0)})] op_id: Op_DAmp ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{(255)} spids:[412])] spids: [412] ) (Case to_match: {(DQ ($ VSub_Number "$1"))} arms: [ (case_arm pat_list: [{(start)}] action: (CommandList children: [ (If arms: [ (if_arm cond: (Sentence command: (AndOr children: [ (C {(Lit_Other "[")} {(-x)} {(/bin/running-in-container)} {(Lit_Other "]")} ) (C {(/bin/running-in-container)}) ] op_id: Op_DAmp ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_daemon_msg)} {(DQ ("Not starting AppArmor in container"))}) (C {(log_end_msg)} {(0)}) (C {(exit)} {(0)}) ] ) spids: [-1 443] ) ] spids: [-1 463] ) (C {(log_daemon_msg)} {(DQ ("Starting AppArmor profiles"))}) (C {(securityfs)}) (C {(load_configured_profiles)}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{($ VSub_QMark "$?")} spids:[479])] spids: [479] ) (C {(log_end_msg)} {(DQ ($ VSub_Name "$rc"))}) ] ) spids: [424 425 490 -1] ) (case_arm pat_list: [{(stop)}] action: (CommandList children: [ (C {(log_daemon_msg)} {(DQ ("Clearing AppArmor profiles cache"))}) (C {(clear_cache)}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{($ VSub_QMark "$?")} spids:[507])] spids: [507] ) (C {(log_end_msg)} {(DQ ($ VSub_Name "$rc"))}) (SimpleCommand words: [{(cat)}] redirects: [ (Redirect op_id: Redir_GreatAnd arg_word: {(2)} fd: -1 spids: [520] ) (HereDoc op_id: Redir_DLess arg_word: { (DQ ( "All profile caches have been cleared, but no profiles have been unloaded.\n" ) ("Unloading profiles will leave already running processes permanently\n") ("unconfined, which can lead to unexpected situations.\n") ("\n") ("To set a process to complain mode, use the command line tool\n") ( "'aa-complain'. To really tear down all profiles, run the init script\n" ) ("with the 'teardown' option.") (Right_DoubleQuote "\"") ("\n") ) } fd: -1 do_expansion: True here_end: EOM was_filled: True spids: [523] ) ] ) ] ) spids: [493 494 527 -1] ) (case_arm pat_list: [{(teardown)}] action: (CommandList children: [ (If arms: [ (if_arm cond: (Sentence command: (AndOr children: [ (C {(Lit_Other "[")} {(-x)} {(/bin/running-in-container)} {(Lit_Other "]")} ) (C {(/bin/running-in-container)}) ] op_id: Op_DAmp ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_daemon_msg)} {(DQ ("Not tearing down AppArmor in container"))}) (C {(log_end_msg)} {(0)}) (C {(exit)} {(0)}) ] ) spids: [-1 549] ) ] spids: [-1 569] ) (C {(log_daemon_msg)} {(DQ ("Unloading AppArmor profiles"))}) (C {(securityfs)}) (Pipeline children: [ (C {(running_profile_names)}) (While cond: (Sentence command:(C {(read)} {(profile)}) terminator:<Op_Semi ";">) body: (DoGroup child: (If arms: [ (if_arm cond: (Sentence command: (Pipeline children: [ (C {(unload_profile)} {(DQ ($ VSub_Name "$profile"))}) ] negated: True ) terminator: <Op_Semi ";"> ) action: (CommandList children: [(C {(log_end_msg)} {(1)}) (C {(exit)} {(1)})] ) spids: [-1 608] ) ] spids: [-1 621] ) spids: [593 624] ) ) ] negated: False ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{(0)} spids:[627])] spids: [627] ) (C {(log_end_msg)} {($ VSub_Name "$rc")}) ] ) spids: [530 531 636 -1] ) (case_arm pat_list: [{(restart)} {(reload)} {(force-reload)}] action: (CommandList children: [ (If arms: [ (if_arm cond: (Sentence command: (AndOr children: [ (C {(Lit_Other "[")} {(-x)} {(/bin/running-in-container)} {(Lit_Other "]")} ) (C {(/bin/running-in-container)}) ] op_id: Op_DAmp ) terminator: <Op_Semi ";"> ) action: (CommandList children: [ (C {(log_daemon_msg)} {(DQ ("Not reloading AppArmor in container"))}) (C {(log_end_msg)} {(0)}) (C {(exit)} {(0)}) ] ) spids: [-1 662] ) ] spids: [-1 682] ) (C {(log_daemon_msg)} {(DQ ("Reloading AppArmor profiles"))}) (C {(securityfs)}) (C {(clear_cache)}) (C {(load_configured_profiles)}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{($ VSub_QMark "$?")} spids:[701])] spids: [701] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LeftVar name:aa_configured) rhs: { (CommandSubPart command_list: (C {(mktemp)} {(-t)} {(aa-XXXXXX)}) spids: [715 721] ) } spids: [714] ) ] spids: [714] ) (AndOr children: [ (SimpleCommand words: [{(configured_profile_names)}] redirects: [ (Redirect op_id: Redir_Great arg_word: {(DQ ($ VSub_Name "$aa_configured"))} fd: -1 spids: [726] ) ] ) (C {(exit)} {(1)}) ] op_id: Op_DPipe ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LeftVar name:aa_loaded) rhs: { (CommandSubPart command_list: (C {(mktemp)} {(-t)} {(aa-XXXXXX)}) spids: [740 746] ) } spids: [739] ) ] spids: [739] ) (AndOr children: [ (SimpleCommand words: [{(running_profile_names)}] redirects: [ (Redirect op_id: Redir_Great arg_word: {(DQ ($ VSub_Name "$aa_loaded"))} fd: -1 spids: [751] ) ] ) (C {(exit)} {(1)}) ] op_id: Op_DPipe ) (Pipeline children: [ (SimpleCommand words: [ {(comm)} {(-2)} {(-3)} {(DQ ($ VSub_Name "$aa_loaded"))} {(DQ ($ VSub_Name "$aa_configured"))} ] more_env: [(env_pair name:LC_COLLATE val:{(C)} spids:[764])] ) (While cond: (Sentence command:(C {(read)} {(profile)}) terminator:<Op_Semi ";">) body: (DoGroup child: (C {(unload_profile)} {(DQ ($ VSub_Name "$profile"))}) spids: [791 801] ) ) ] negated: False ) (C {(rm)} {(-f)} {(DQ ($ VSub_Name "$aa_configured"))} {(DQ ($ VSub_Name "$aa_loaded"))}) (C {(log_end_msg)} {(DQ ($ VSub_Name "$rc"))}) ] ) spids: [639 644 825 -1] ) (case_arm pat_list: [{(status)}] action: (CommandList children: [ (C {(securityfs)}) (If arms: [ (if_arm cond: (Sentence command: (C {(Lit_Other "[")} {(-x)} {(/usr/sbin/aa-status)} {(Lit_Other "]")}) terminator: <Op_Semi ";"> ) action: (C {(aa-status)} {(--verbose)}) spids: [-1 846] ) ] else_action: (C {(cat)} {(DQ ($ VSub_Name "$AA_SFS")) (/profiles)}) spids: [854 865] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{($ VSub_QMark "$?")} spids:[868])] spids: [868] ) ] ) spids: [828 829 872 -1] ) (case_arm pat_list: [{(Lit_Other "*")}] action: (CommandList children: [ (C {(usage)}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LeftVar name:rc) rhs:{(1)} spids:[882])] spids: [882] ) ] ) spids: [875 876 886 -1] ) ] spids: [415 421 889] ) (C {(exit)} {($ VSub_Name "$rc")}) ] )