Merge "Make stop/disable of apparmor work on all SLE systems"

Author: Zuul

tools/fixup_stuff.sh

@@ -230,12 +230,24 @@ function fixup_suse {
         return
     fi
 
-    # Disable apparmor profiles in openSUSE distros
-    # to avoid issues with haproxy and dnsmasq
-    if [ -x /usr/sbin/aa-enabled ] && sudo /usr/sbin/aa-enabled -q; then
-        sudo systemctl disable apparmor
+    # Deactivate and disable apparmor profiles in openSUSE and SLE
+    # distros to avoid issues with haproxy and dnsmasq.  In newer
+    # releases, systemctl stop apparmor is actually a no-op, so we
+    # have to use aa-teardown to make sure we've deactivated the
+    # profiles:
+    #
+    # https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-325343
+    # https://gitlab.com/apparmor/apparmor/merge_requests/81
+    # https://build.opensuse.org/package/view_file/openSUSE:Leap:15.2/apparmor/apparmor.service?expand=1
+    if sudo systemctl is-active -q apparmor; then
+        sudo systemctl stop apparmor
+    fi
+    if [ -x /usr/sbin/aa-teardown ]; then
         sudo /usr/sbin/aa-teardown
     fi
+    if sudo systemctl is-enabled -q apparmor; then
+        sudo systemctl disable apparmor
+    fi
 
     # Since pip10, pip will refuse to uninstall files from packages
     # that were created with distutils (rather than more modern