[apparmor] Capture AppArmor profiles and status

Captures /etc/apparmor.d for profiles

Excludes /cache - because it's not config.  Excludes libvirt/libvirt
because it can grow quite large and the TEMPLATE file should usually
be enough. Excludes abstractions because they are usually not
modified and are large.

For both libvirt and abstractions capture an ls just to be sure
permissions are correct.

Captures apparmor_status to get the effective profiles.

Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/sos/plugins/apparmor.py b/sos/plugins/apparmor.py
index cb66bba9..360f58b8 100644
--- a/sos/plugins/apparmor.py
+++ b/sos/plugins/apparmor.py
@@ -25,7 +25,15 @@ class Apparmor(Plugin, UbuntuPlugin):
 
     def setup(self):
         self.add_copy_spec([
-            "/etc/apparmor"
+            "/etc/apparmor*"
+        ])
+        self.add_forbidden_path("/etc/apparmor.d/cache")
+        self.add_forbidden_path("/etc/apparmor.d/libvirt/libvirt*")
+        self.add_forbidden_path("/etc/apparmor.d/abstractions")
+        self.add_cmd_output([
+            "apparmor_status",
+            "ls -alh /etc/apparmor.d/abstractions",
+            "ls -alh /etc/apparmor.d/libvirt",
         ])
 
 # vim: et ts=4 sw=4