From d3ea1d0a4e176d84434e0de6d4cccbce59c811f6 Mon Sep 17 00:00:00 2001
From: Bryan Quigley <bryan.quigley@canonical.com>
Date: Fri, 27 Mar 2015 17:35:07 -0400
Subject: [apparmor] Capture AppArmor profiles and status

Captures /etc/apparmor.d for profiles

Excludes /cache - because it's not config.  Excludes libvirt/libvirt
because it can grow quite large and the TEMPLATE file should usually
be enough. Excludes abstractions because they are usually not
modified and are large.

For both libvirt and abstractions capture an ls just to be sure
permissions are correct.

Captures apparmor_status to get the effective profiles.

Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
---
 sos/plugins/apparmor.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/sos/plugins/apparmor.py b/sos/plugins/apparmor.py
index cb66bba9..360f58b8 100644
--- a/sos/plugins/apparmor.py
+++ b/sos/plugins/apparmor.py
@@ -25,7 +25,15 @@ class Apparmor(Plugin, UbuntuPlugin):
 
     def setup(self):
         self.add_copy_spec([
-            "/etc/apparmor"
+            "/etc/apparmor*"
+        ])
+        self.add_forbidden_path("/etc/apparmor.d/cache")
+        self.add_forbidden_path("/etc/apparmor.d/libvirt/libvirt*")
+        self.add_forbidden_path("/etc/apparmor.d/abstractions")
+        self.add_cmd_output([
+            "apparmor_status",
+            "ls -alh /etc/apparmor.d/abstractions",
+            "ls -alh /etc/apparmor.d/libvirt",
         ])
 
 # vim: et ts=4 sw=4
-- 
cgit