On Thu, Mar 06, 2014 at 09:41:02AM -0800, Steve Beattie wrote: > On Thu, Mar 06, 2014 at 01:29:41PM +0100, Christian Boltz wrote: > > Am Mittwoch, 5. März 2014 schrieb Steve Beattie: > > > This patch splits out the genprof tool functionality into a separate > > > command function, merging with the use_autodep function that already > > > existed. > > > > > > Signed-off-by: Steve Beattie <[email protected]> > > ... > > > Index: b/utils/apparmor/tools.py > > > =================================================================== > > > --- a/utils/apparmor/tools.py > > > +++ b/utils/apparmor/tools.py > > ... > > > @@ -209,6 +206,23 @@ class aa_tools: > > > if cmd_info[0] != 0: > > > raise apparmor.AppArmorException(cmd_info[1]) > > > > > > + def cmd_autodep(self): > > > + for (program, profile) in self.get_next_to_profile(): > > > + if not program: > > > + aaui.UI_Info('Profile %s already exists - skipping.' > > > % profile) > > > + continue > > > > NAK - this breaks the --force option (assuming the error message is > > correct - I didn't test it) > > Not quite. When program is None but profile is not, it indicates that > the user passed the profile on the command line and not the program. So > --force will still work if you give the program name on the command > line. I agree that the error message should be different/better. > > I hadn't looked to see if we have a function for digging the program > name out of an existing profile, but I suppose that could happen for > this situation, and --force would be required in any event. But it's > a little weird to pass aa-autodep a profile name rather than a program > name/path to begin with.
How about the attached patch? -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
Subject: utils: split out aa-genprof command [v2]
This patch splits out the genprof tool functionality into a separate
command function, merging with the use_autodep function that already
existed.
Patch history:
v1 - initial revision
v2 - mark strings for translation and modify message when a profile
name is passed to aa-autodep, rather than a program name/path.
Signed-off-by: Steve Beattie <[email protected]>
---
utils/aa-autodep | 4 ++--
utils/apparmor/tools.py | 32 ++++++++++++++++++--------------
2 files changed, 20 insertions(+), 16 deletions(-)
Index: b/utils/aa-autodep
===================================================================
--- a/utils/aa-autodep
+++ b/utils/aa-autodep
@@ -26,6 +26,6 @@ parser.add_argument('-d', '--dir', type=
parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
args = parser.parse_args()
-autodep = apparmor.tools.aa_tools('autodep', args)
+tool = apparmor.tools.aa_tools('autodep', args)
-autodep.act()
+tool.cmd_autodep()
Index: b/utils/apparmor/tools.py
===================================================================
--- a/utils/apparmor/tools.py
+++ b/utils/apparmor/tools.py
@@ -102,10 +102,7 @@ class aa_tools:
aaui.UI_Info(_("%s does not exist, please double-check the path.") % program)
sys.exit(1)
- if self.name == 'autodep' and program and os.path.exists(program):
- self.use_autodep(program)
-
- elif program and apparmor.profile_exists(program):
+ if program and apparmor.profile_exists(program):
if self.name == 'cleanprof':
self.clean_profile(program)
@@ -209,6 +206,23 @@ class aa_tools:
if cmd_info[0] != 0:
raise apparmor.AppArmorException(cmd_info[1])
+ def cmd_autodep(self):
+ for (program, profile) in self.get_next_to_profile():
+ if not program:
+ aaui.UI_Info(_('Please pass an application to generate a profile, not a profile itself - skipping %s.') % profile)
+ continue
+
+ apparmor.read_profiles()
+
+ apparmor.check_qualifiers(program)
+
+ if os.path.exists(apparmor.get_profile_filename(program)) and not self.force:
+ aaui.UI_Info(_('Profile for %s already exists - skipping.') % program)
+ else:
+ apparmor.autodep(program)
+ if self.aa_mountpoint:
+ apparmor.reload(program)
+
def clean_profile(self, program):
filename = apparmor.get_profile_filename(program)
import apparmor.cleanprofile as cleanprofile
@@ -245,16 +259,6 @@ class aa_tools:
else:
raise apparmor.AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program)
- def use_autodep(self, program):
- apparmor.check_qualifiers(program)
-
- if os.path.exists(apparmor.get_profile_filename(program)) and not self.force:
- aaui.UI_Info('Profile for %s already exists - skipping.' % program)
- else:
- apparmor.autodep(program)
- if self.aa_mountpoint:
- apparmor.reload(program)
-
def enable_profile(self, filename):
apparmor.delete_symlink('disable', filename)
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
