From 8280c27facd11b0a94035b416cefe174025627bc Mon Sep 17 00:00:00 2001
From: Nils Ratusznik <nils.github@anotherhomepage.org>
Date: Fri, 31 Jan 2025 10:57:51 +0100
Subject: [PATCH] Improve Apparmor detection, using the sys virtual fs (#260)

---
 attributes/default.rb | 2 +-
 kitchen.dokken.yml    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/attributes/default.rb b/attributes/default.rb
index 236fa36f..ec76e48d 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -102,7 +102,7 @@
 when 'debian'
   default['ntp']['leapfile_managed_by_os'] = true
   default['ntp']['service'] = 'ntp'
-  default['ntp']['apparmor_enabled'] = true if File.exist?('/etc/init.d/apparmor')
+  default['ntp']['apparmor_enabled'] = true if File.exist?('/sys/module/apparmor/parameters/enabled') && (File.read('/sys/module/apparmor/parameters/enabled') == 'Y')
   default['ntp']['leapfile'] = '/usr/share/zoneinfo/leap-seconds.list'
 when 'rhel', 'fedora', 'amazon'
   default['ntp']['leapfile_managed_by_os'] = true
diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml
index 998bb20c..73393d6f 100644
--- a/kitchen.dokken.yml
+++ b/kitchen.dokken.yml
@@ -2,6 +2,8 @@ driver:
   name: dokken
   privileged: true
   chef_version: <%= ENV['CHEF_VERSION'] || 'current' %>
+  volumes:
+    - /sys/kernel/security:/sys/kernel/security:rw
 
 transport: { name: dokken }
 provisioner: { name: dokken }