Improve Apparmor detection, using the sys virtual fs (sous-chefs#260)

Author: ahpnils

attributes/default.rb

@@ -102,7 +102,7 @@
 when 'debian'
   default['ntp']['leapfile_managed_by_os'] = true
   default['ntp']['service'] = 'ntp'
-  default['ntp']['apparmor_enabled'] = true if File.exist?('/etc/init.d/apparmor')
+  default['ntp']['apparmor_enabled'] = true if File.exist?('/sys/module/apparmor/parameters/enabled') && (File.open('/sys/module/apparmor/parameters/enabled') == 'Y')
   default['ntp']['leapfile'] = '/usr/share/zoneinfo/leap-seconds.list'
 when 'rhel', 'fedora', 'amazon'
   default['ntp']['leapfile_managed_by_os'] = true

spec/unit/attributes_spec.rb

@@ -196,15 +196,15 @@
   describe 'on Ubuntu' do
     let(:chef_run) { ChefSpec::SoloRunner.new(platform: 'ubuntu', version: '20.04').converge('ntp::default') }
 
-    it 'sets the apparmor_enabled attribute to true when /etc/init.d/apparmor exists' do
+    it 'sets the apparmor_enabled attribute to true when /sys/module/apparmor/parameters/enabled exists' do
       allow(File).to receive(:exist?).and_call_original
-      allow(File).to receive(:exist?).with('/etc/init.d/apparmor').and_return(true)
+      allow(File).to receive(:exist?).with('/sys/module/apparmor/parameters/enabled').and_return(true)
       expect(ntp['apparmor_enabled']).to eq(true)
     end
 
-    it 'sets the apparmor_enabled attribute to false when /etc/init.d/apparmor does not exist' do
+    it 'sets the apparmor_enabled attribute to false when /sys/module/apparmor/parameters/enabled does not exist' do
       allow(File).to receive(:exist?).and_call_original
-      allow(File).to receive(:exist?).with('/etc/init.d/apparmor').and_return(false)
+      allow(File).to receive(:exist?).with('/sys/module/apparmor/parameters/enabled').and_return(false)
       expect(ntp['apparmor_enabled']).to eq(false)
     end
   end