[apparmor] [PATCH 3/6] utils: Add --immediate option to C based aa-exec

Tyler Hicks Tue, 15 Dec 2015 12:57:13 -0800

Call aa_change_profile(), instead of aa_change_onexec(), when
--immediate is passed in.


Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
 utils/aa_exec.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/utils/aa_exec.c b/utils/aa_exec.c
index 12f54d1..972c20e 100644
--- a/utils/aa_exec.c
+++ b/utils/aa_exec.c
@@ -27,6 +27,7 @@
 
 static const char *opt_profile = NULL;
 static bool opt_debug = false;
+static bool opt_immediate = false;
 static bool opt_verbose = false;
 
 static void usage(const char *name, bool error)
@@ -47,6 +48,7 @@ static void usage(const char *name, bool error)
                "OPTIONS:\n"
                "  -p PROFILE, --profile=PROFILE                PROFILE to 
confine <prog> with\n"
                "  -d, --debug                          show messages with 
debugging information\n"
+               "  -i, --immediate                      change profile 
immediately instead of at exec\n"
                "  -v, --verbose                                show messages 
with stats\n"
                "  -h, --help                           display this help\n"
                "\n", name);
@@ -108,10 +110,11 @@ static char **parse_args(int argc, char **argv)
                {"debug", no_argument, 0, 'd'},
                {"help", no_argument, 0, 'h'},
                {"profile", required_argument, 0, 'p'},
+               {"immediate", no_argument, 0, 'i'},
                {"verbose", no_argument, 0, 'v'},
        };
 
-       while ((opt = getopt_long(argc, argv, "+dhp:v", long_opts, NULL)) != 
-1) {
+       while ((opt = getopt_long(argc, argv, "+dhp:iv", long_opts, NULL)) != 
-1) {
                switch (opt) {
                case 'd':
                        opt_debug = true;
@@ -122,6 +125,9 @@ static char **parse_args(int argc, char **argv)
                case 'p':
                        opt_profile = optarg;
                        break;
+               case 'i':
+                       opt_immediate = true;
+                       break;
                case 'v':
                        opt_verbose = true;
                        break;
@@ -143,7 +149,14 @@ int main(int argc, char **argv)
 
        argv = parse_args(argc, argv);
 
-       if (opt_profile) {
+       if (!opt_profile)
+               goto exec;
+
+       if (opt_immediate) {
+               verbose("aa_change_profile(\"%s\")", opt_profile);
+               rc = aa_change_profile(opt_profile);
+               debug("%d = aa_change_profile(\"%s\")", rc, opt_profile);
+       } else {
                verbose("aa_change_onexec(\"%s\")", opt_profile);
                rc = aa_change_onexec(opt_profile);
                debug("%d = aa_change_onexec(\"%s\")", rc, opt_profile);
@@ -159,6 +172,7 @@ int main(int argc, char **argv)
                }
        }
 
+exec:
        verbose_print_argv(argv);
        execvp(argv[0], argv);
        error("Failed to execute \"%s\": %m", argv[0]);
-- 
2.5.0


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 3/6] utils: Add --immediate option to C based aa-exec

Reply via email to