def is_app_armor_enabled():
"""
Returns a True/False if AppArmor is enabled.
"""
try:
import LibAppArmor
except ImportError:
# If Python bindings for AppArmor are not installed (if we're
# running on Jessie where we can't build python3-apparmor package)
# we resort to calling aa-status executable.
try:
from sh import aa_status
except ImportError:
return False
# Return codes (as per aa-status(8)):
# 0 if apparmor is enabled and policy is loaded.
# 1 if apparmor is not enabled/loaded.
# 2 if apparmor is enabled but no policy is loaded.
# 3 if the apparmor control files aren't available under /sys/kernel/security/.
# 4 if the user running the script doesn't have enough privileges to read the apparmor
# control files.
return aa_status(['--enabled'], _ok_code=[0, 1, 2, 3,
4]).exit_code in [0, 2]
else:
return LibAppArmor.aa_is_enabled() == 1
def is_app_armor_enabled():
"""
Returns a True/False if AppArmor is enabled.
"""
try:
from sh import aa_status
except ImportError:
return False
# Returns 0 if enabled and 1 if disable
get_aa_status = aa_status(['--enabled'], _ok_code=[0, 1]).exit_code
if get_aa_status == 1:
return False
return True