Call /lib/apparmor/profile-load directly instead of the wrapper

AppArmor ships /lib/apparmor/profile-load. /lib/init/apparmor-profile-load is
merely a wrapper which calls the former, so just call it directly to avoid the
dependency on the wrapper.

LP: #1432683

diff --git a/config/init/systemd/lxc-apparmor-load b/config/init/systemd/lxc-apparmor-load
index 4ac9496cd8baa58f602c15db65147b6b1614c4ca..619cd5324a756ceb67eb7cfd908115d47ece437b 100755 (executable)
--- a/config/init/systemd/lxc-apparmor-load
+++ b/config/init/systemd/lxc-apparmor-load
@@ -6,9 +6,9 @@ set -eu
 # don't load profiles if mount mediation is not supported
 SYSF=/sys/kernel/security/apparmor/features/mount/mask
 if [ -f $SYSF ]; then
-       if [ -x /lib/init/apparmor-profile-load ]; then
-               /lib/init/apparmor-profile-load usr.bin.lxc-start
-               /lib/init/apparmor-profile-load lxc-containers
+       if [ -x /lib/apparmor/profile-load ]; then
+               /lib/apparmor/profile-load usr.bin.lxc-start
+               /lib/apparmor/profile-load lxc-containers
        fi
 fi
 

diff --git a/config/init/upstart/lxc.conf b/config/init/upstart/lxc.conf
index ab79aab04c6fd275c480355f21e93458a85c7123..ff21137b9e0b0d21e31bedb3e83e76e6941d62ff 100644 (file)
--- a/config/init/upstart/lxc.conf
+++ b/config/init/upstart/lxc.conf
@@ -36,9 +36,9 @@ pre-start script
        # don't load profiles if mount mediation is not supported
        SYSF=/sys/kernel/security/apparmor/features/mount/mask
        if [ -f $SYSF ]; then
-               if [ -x /lib/init/apparmor-profile-load ]; then
-                       /lib/init/apparmor-profile-load usr.bin.lxc-start
-                       /lib/init/apparmor-profile-load lxc-containers
+               if [ -x /lib/apparmor/profile-load ]; then
+                       /lib/apparmor/profile-load usr.bin.lxc-start
+                       /lib/apparmor/profile-load lxc-containers
                fi
        fi