From 23f3e1c703936452c0f8e13dcea7e3e00df17532 Mon Sep 17 00:00:00 2001
From: Alessandro Astone <ales.astone@gmail.com>
Date: Fri, 18 Nov 2022 17:32:14 +0100
Subject: [PATCH] lxc: Only enable apparmor if the profile is currently loaded

---
 tools/helpers/lxc.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index e1a81e0..fdea1fd 100644
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -134,7 +134,11 @@ def get_apparmor_status(args):
         enabled = (tools.helpers.run.user(args, ["aa-status", "--quiet"], check=False) == 0)
     if not enabled and shutil.which("systemctl"):
         enabled = (tools.helpers.run.user(args, ["systemctl", "is-active", "-q", "apparmor"], check=False) == 0)
-    enabled &= os.path.exists(os.path.join("/etc/apparmor.d/lxc", LXC_APPARMOR_PROFILE))
+    try:
+        with open("/sys/kernel/security/apparmor/profiles", "r") as f:
+            enabled &= (LXC_APPARMOR_PROFILE in f.read())
+    except:
+        enabled = False
     return enabled
 
 def set_lxc_config(args):
-- 
2.47.3