From 3d2d97a7277290c53011dee344724b6b41ab1f53 Mon Sep 17 00:00:00 2001
From: Sebastien BLAISOT <sebastien@blaisot.org>
Date: Wed, 20 Oct 2021 13:14:36 +0200
Subject: [PATCH] FIX(1.7.1.4): don't abort script in case of unconfined
 processes (#130)

---
 bin/hardening/1.7.1.4_enforcing_apparmor.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/hardening/1.7.1.4_enforcing_apparmor.sh b/bin/hardening/1.7.1.4_enforcing_apparmor.sh
index ae15a82..5ae9c80 100755
--- a/bin/hardening/1.7.1.4_enforcing_apparmor.sh
+++ b/bin/hardening/1.7.1.4_enforcing_apparmor.sh
@@ -32,8 +32,8 @@ audit() {
         fi
     done
     if [ "$ERROR" = 0 ]; then
-        RESULT_UNCONFINED=$($SUDO_CMD apparmor_status | grep "^0 processes are unconfined but have a profile defined")
-        RESULT_COMPLAIN=$($SUDO_CMD apparmor_status | grep "^0 profiles are in complain mode.")
+        RESULT_UNCONFINED=$($SUDO_CMD apparmor_status | grep "^0 processes are unconfined but have a profile defined" || true)
+        RESULT_COMPLAIN=$($SUDO_CMD apparmor_status | grep "^0 profiles are in complain mode." || true)
 
         if [ -n "$RESULT_UNCONFINED" ]; then
             ok "No profiles are unconfined"
@@ -61,8 +61,8 @@ apply() {
         fi
     done
 
-    RESULT_UNCONFINED=$(apparmor_status | grep "^0 processes are unconfined but have a profile defined")
-    RESULT_COMPLAIN=$(apparmor_status | grep "^0 profiles are in complain mode.")
+    RESULT_UNCONFINED=$(apparmor_status | grep "^0 processes are unconfined but have a profile defined" || true)
+    RESULT_COMPLAIN=$(apparmor_status | grep "^0 profiles are in complain mode." || true)
 
     if [ -n "$RESULT_UNCONFINED" ]; then
         ok "No profiles are unconfined"