X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/blobdiff_plain/0b73886b71273abd753184c88081127ca96c6c83..ba10a1665073ab396f23a2624ae16214524065d1:/tools/helpers/lxc.py

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index d774936..e1a81e0 100644
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -127,6 +127,15 @@ def generate_nodes_lxc_config(args):
 
     return nodes
 
+LXC_APPARMOR_PROFILE = "lxc-waydroid"
+def get_apparmor_status(args):
+    enabled = False
+    if shutil.which("aa-status"):
+        enabled = (tools.helpers.run.user(args, ["aa-status", "--quiet"], check=False) == 0)
+    if not enabled and shutil.which("systemctl"):
+        enabled = (tools.helpers.run.user(args, ["systemctl", "is-active", "-q", "apparmor"], check=False) == 0)
+    enabled &= os.path.exists(os.path.join("/etc/apparmor.d/lxc", LXC_APPARMOR_PROFILE))
+    return enabled
 
 def set_lxc_config(args):
     lxc_path = tools.config.defaults["lxc"] + "/waydroid"
@@ -135,8 +144,6 @@ def set_lxc_config(args):
         raise OSError("LXC is not installed")
     config_paths = tools.config.tools_src + "/data/configs/config_"
     seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
-    apparmor_profiles = [tools.config.tools_src + "/data/configs/" + "lxc-waydroid",tools.config.tools_src + "/data/configs/" + "android_app",tools.config.tools_src + "/data/configs/" + "adbd"]
-    apparmor_profile_dir = "/etc/apparmor.d/"
 
     config_snippets = [ config_paths + "base" ]
     # lxc v1 is a bit special because some options got renamed later
@@ -156,22 +163,9 @@ def set_lxc_config(args):
     tools.helpers.run.user(args, command)
     command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
     tools.helpers.run.user(args, command)
-
-    try:
-        command = ["cp", "-i", apparmor_profiles[0], apparmor_profile_dir + "lxc/lxc-waydroid"]
-        tools.helpers.run.user(args, command)
-        command = ["apparmor_parser", "-r", apparmor_profile_dir + "lxc/lxc-waydroid"]
-        tools.helpers.run.user(args, command)
-        command = ["cp", "-i", apparmor_profiles[1], apparmor_profile_dir + "android_app"]
-        tools.helpers.run.user(args, command)
-        command = ["apparmor_parser", "-r", apparmor_profile_dir + "android_app"]
-        tools.helpers.run.user(args, command)
-        command = ["cp", "-i", apparmor_profiles[2], apparmor_profile_dir + "adbd"]
-        tools.helpers.run.user(args, command)
-        command = ["apparmor_parser", "-r", apparmor_profile_dir + "adbd"]
+    if get_apparmor_status(args):
+        command = ["sed", "-i", "-E", "/lxc.aa_profile|lxc.apparmor.profile/ s/unconfined/{}/g".format(LXC_APPARMOR_PROFILE), lxc_path + "/config"]
         tools.helpers.run.user(args, command)
-    except:
-        logging.warning("An error has occurred while installing AppArmor profiles. If profiles are not installed, or AppArmor is disabled or not supported on your system, then the container will run without AppArmor protection.")
 
     nodes = generate_nodes_lxc_config(args)
     config_nodes_tmp_path = args.work + "/config_nodes"