John asked that I take a look at this patch in order to see if my proposed aa-exec rewrite in C should use the binutils/ dir proposed by this patch.
On 2015-11-28 10:38:34, John Johansen wrote: > v3 > > change conflicting/unknown option warning message slightly > output error string on failure > add binutils dir > add manpage > add makefile > add pot file > > --- > > === modified file 'Makefile' > --- Makefile 2015-01-24 00:01:14 +0000 > +++ Makefile 2015-11-28 17:33:33 +0000 > @@ -11,6 +11,7 @@ > DIRS=parser \ > profiles \ > utils \ > + binutils \ > libraries/libapparmor \ > changehat/mod_apparmor \ > changehat/pam_apparmor \ > > === added directory 'binutils' > === added file 'binutils/Makefile' > --- binutils/Makefile 1970-01-01 00:00:00 +0000 > +++ binutils/Makefile 2015-11-28 18:18:25 +0000 > @@ -0,0 +1,200 @@ > +# ---------------------------------------------------------------------- > +# Copyright (c) 2015 > +# Canonical Ltd. (All rights reserved) > +# > +# This program is free software; you can redistribute it and/or > +# modify it under the terms of version 2 of the GNU General Public > +# License published by the Free Software Foundation. > +# > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > +# ---------------------------------------------------------------------- > +NAME=aa-binutils > +all: > +COMMONDIR=../common/ > + > +include $(COMMONDIR)/Make.rules > + > +DESTDIR=/ > +CONFDIR=/etc/apparmor > +INSTALL_CONFDIR=${DESTDIR}${CONFDIR} > +LOCALEDIR=/usr/share/locale > +MANPAGES=aa-enabled.8 > + > +WARNINGS = -Wall > +EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers > -Wformat-security -Wunused-parameter > +CPP_WARNINGS = > +ifndef CFLAGS > +CFLAGS = -g -O2 -pipe > + > +ifdef DEBUG > +CFLAGS += -pg -D DEBUG > +endif > +ifdef COVERAGE > +CFLAGS = -g -pg -fprofile-arcs -ftest-coverage > +endif > +endif #CFLAGS > + > +EXTRA_CFLAGS = ${EXTRA_CXXFLAGS} ${CPP_WARNINGS} > + > +#INCLUDEDIR = /usr/src/linux/include > +INCLUDEDIR = > + > +ifdef INCLUDEDIR > + CFLAGS += -I$(INCLUDEDIR) > +endif > + > +# Internationalization support. Define a package and a LOCALEDIR > +EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\" > + > +# Compile-time configuration of the location of the config file > +EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\" > + > +SRCS = aa-enabled.c It is nitpicky but the style throughout the code base is that source files use underscores as separators and the resulting binaries use hyphens. > +HDRS = > +TOOLS = aa-enabled > + > +AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread > + > +ifdef USE_SYSTEM > + # Using the system libapparmor so Makefile dependencies can't be used > + LIBAPPARMOR_A = > + INCLUDE_APPARMOR = > + APPARMOR_H = > +else > + LIBAPPARMOR_SRC = ../libraries/libapparmor/ > + LOCAL_LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include > + LOCAL_LIBAPPARMOR_LDPATH = $(LIBAPPARMOR_SRC)/src/.libs > + > + LIBAPPARMOR_A = $(LOCAL_LIBAPPARMOR_LDPATH)/libapparmor.a > + INCLUDE_APPARMOR = -I$(LOCAL_LIBAPPARMOR_INCLUDE) > + APPARMOR_H = $(LOCAL_LIBAPPARMOR_INCLUDE)/sys/apparmor.h > +endif > +EXTRA_CFLAGS += $(INCLUDE_APPARMOR) > + > +ifdef V > + VERBOSE = 1 > +endif > +ifndef VERBOSE > + VERBOSE = 0 > +endif > +ifeq ($(VERBOSE),1) > + BUILD_OUTPUT = > + Q = > +else > + BUILD_OUTPUT = > /dev/null 2>&1 > + Q = @ > +endif > +export Q VERBOSE BUILD_OUTPUT > + > +po/%.pot: %.c > + $(MAKE) -C po $(@F) NAME=$* SOURCES=$*.c > + > +# targets arranged this way so that people who don't want full docs can > +# pick specific targets they want. > +arch: $(TOOLS) > + > +manpages: $(MANPAGES) > + > +docs: manpages > + > +indep: docs > + $(Q)$(MAKE) -C po all > + > +all: arch indep > + > +.PHONY: coverage > +coverage: > + $(MAKE) clean aa-enabled COVERAGE=1 > + > +ifndef USE_SYSTEM > +$(LIBAPPARMOR_A): > + @if [ ! -f $@ ]; then \ > + echo "error: $@ is missing. Pick one of these possible > solutions:" 1>&2; \ > + echo " 1) Build against the in-tree libapparmor by building it > first and then trying again. See the top-level README for help." 1>&2; \ > + echo " 2) Build against the system libapparmor by adding > USE_SYSTEM=1 to your make command." 1>&2;\ > + return 1; \ > + fi > +endif > + > +aa-enabled: aa-enabled.c $(LIBAPPARMOR_A) > + $(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB) > + > +.SILENT: check > +.PHONY: check > +check: check_pod_files tests > + > +.SILENT: tests > +tests: aa-enabled $(TESTS) > + echo "no tests atm" > + > +.PHONY: install-rhel4 > +install-rhel4: install-redhat > + > +.PHONY: install-redhat > +install-redhat: > + > +.PHONY: install-suse > +install-suse: > + > +.PHONY: install-slackware > +install-slackware: > + > +.PHONY: install-debian > +install-debian: > + > +.PHONY: install-unknown > +install-unknown: > + > +INSTALLDEPS=arch > + > +ifndef DISTRO > +DISTRO=$(shell if [ -f /etc/slackware-version ] ; then \ > + echo slackware ; \ > + elif [ -f /etc/debian_version ] ; then \ > + echo debian ;\ > + elif which rpm > /dev/null ; then \ > + if [ "$(rpm --eval '0%{?suse_version}')" != "0" ] ; then \ > + echo suse ;\ > + elif [ "$(rpm --eval '%{_host_vendor}')" = redhat ] ; then \ > + echo rhel4 ;\ > + elif [ "$(rpm --eval '0%{?fedora}')" != "0" ] ; then \ > + echo rhel4 ;\ > + else \ > + echo unknown ;\ > + fi ;\ > + else \ > + echo unknown ;\ > + fi) > +endif > + > +ifdef DISTRO > +INSTALLDEPS+=install-$(DISTRO) > +endif > + > +.PHONY: install > +install: install-indep install-arch > + > +.PHONY: install-arch > +install-arch: $(INSTALLDEPS) > + install -m 755 -d $(DESTDIR)/sbin > + install -m 755 ${TOOLS} $(DESTDIR)/sbin > + > +.PHONY: install-indep > +install-indep: > + $(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR} > + $(MAKE) install_manpages DESTDIR=${DESTDIR} > + > +ifndef VERBOSE > +.SILENT: clean > +endif > +.PHONY: clean > +clean: pod_clean > + rm -f core core.* *.o *.s *.a *~ *.gcda *.gcno > + rm -f gmon.out > + rm -f $(TOOLS) $(TESTS) > + rm -f $(NAME)*.tar.gz $(NAME)*.tgz > + $(MAKE) -s -C po clean > + > > === added file 'binutils/aa-enabled.c' > --- binutils/aa-enabled.c 1970-01-01 00:00:00 +0000 > +++ binutils/aa-enabled.c 2015-11-28 17:34:45 +0000 > @@ -0,0 +1,89 @@ > +/* > + * Copyright (C) 2015 Canonical Ltd. > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of version 2 of the GNU General Public > + * License published by the Free Software Foundation. > + */ > + > +#include <errno.h> > +#include <locale.h> > +#include <stdio.h> > +#include <stdlib.h> > +#include <string.h> > +#include <libintl.h> > +#define _(s) gettext(s) > + > +#include <sys/apparmor.h> > + > +#ifndef PACKAGE > +#define PACKAGE "" > +#define LOCALEDIR "" > +#endif > + > +void print_help(const char *command) > +{ > + printf(_("%s: [options]\n" > + " options:\n" > + " -q | --quiet Don't print out any messages\n" > + " -h | --help Print help\n"), > + command); > + exit(1); > +} > + > +int main(int argc, char **argv) > +{ > + int enabled; > + int quiet = 0; > + int err = 0; > + > + setlocale(LC_MESSAGES, ""); > + bindtextdomain(PACKAGE, LOCALEDIR); > + textdomain(PACKAGE); > + > + if (argc > 2) { > + printf(_("unknown or incompatible options\n")); > + print_help(argv[0]); > + } else if (argc == 2) { > + if (strcmp(argv[1], "--quiet") == 0 || > + strcmp(argv[1], "-q") == 0) { > + quiet = 1; > + } else if (strcmp(argv[1], "--help") == 0 || > + strcmp(argv[1], "-h") == 0) { > + print_help(argv[0]); > + } else { > + printf(_("unknown option '%s'\n"), argv[1]); > + print_help(argv[0]); > + } > + } > + > + enabled = aa_is_enabled(); > + err = errno; > + if (enabled) { > + if (!quiet) > + printf(_("Yes\n")); > + return 0; > + } > + > + if (!quiet) { > + switch(err) { > + case ENOSYS: > + printf(_("No - not available on this system.\n")); > + break; > + case ECANCELED: > + printf(_("No - disabled at boot.\n")); > + break; > + case ENOENT: > + printf(_("Maybe - policy interface not available.\n")); > + break; > + case EPERM: > + case EACCES: > + printf(_("Maybe - insufficient permissions to determine > availability.\n")); > + break; > + default: > + printf(_("Error - '%s'\n"), strerror(err)); > + } > + } > + > + return err; Do we really want to return an errno value here? Why not just EXIT_FAILURE? > +} > > === added file 'binutils/aa-enabled.pod' > --- binutils/aa-enabled.pod 1970-01-01 00:00:00 +0000 > +++ binutils/aa-enabled.pod 2015-11-25 10:30:22 +0000 > @@ -0,0 +1,62 @@ > +# This publication is intellectual property of Canonical Ltd. Its contents > +# can be duplicated, either in part or in whole, provided that a copyright > +# label is visibly located on each copy. > +# > +# All information found in this book has been compiled with utmost > +# attention to detail. However, this does not guarantee complete accuracy. > +# Neither Canonical Ltd, the authors, nor the translators shall be held > +# liable for possible errors or the consequences thereof. > +# > +# Many of the software and hardware descriptions cited in this book > +# are registered trademarks. All trade names are subject to copyright > +# restrictions and may be registered trade marks. Canonical Ltd > +# essentially adheres to the manufacturer's spelling. > +# > +# Names of products and trademarks appearing in this book (with or without > +# specific notation) are likewise subject to trademark and trade protection > +# laws and may thus fall under copyright restrictions. > +# > + > + > +=pod > + > +=head1 NAME > + > +aa-enabled - test whether apparmor is enabled s/apparmor/AppArmor/g > + > +=head1 SYNOPSIS > + > +B<aa-enabled> [options] > + > +=head1 DESCRIPTION > + > +B<aa-enabled> is used to determine if apparmor is enabled and enforcing > +policy. > + > +=head1 OPTIONS > +B<aa-enabled> accepts the following arguments: > + > +=over 4 > + > +=item -h, --help > + > +Display a brief usage guide. > + > +=item -q, --quiet > + > +Do not output anything to stdout. This option is intended to be used by > +scripts that can test use the exit code to determine if apparmor is s/can test use/can use/ > +enabled. > + > +=back > + > +=head1 BUGS > + > +If you find any bugs, please report them at > +L<https://bugs.launchpad.net/apparmor/+filebug>. > + > +=head1 SEE ALSO > + > +apparmor(7), apparmor.d(5), and L<http://wiki.apparmor.net>. aa_is_enabled(2) is probably useful to mention. Tyler > + > +=cut > > === added directory 'binutils/po' > === added file 'binutils/po/Makefile' > --- binutils/po/Makefile 1970-01-01 00:00:00 +0000 > +++ binutils/po/Makefile 2015-11-28 18:20:34 +0000 > @@ -0,0 +1,19 @@ > +# ---------------------------------------------------------------------- > +# Copyright (C) 2015 Canonical Ltd. > +# > +# This program is free software; you can redistribute it and/or > +# modify it under the terms of version 2 of the GNU General Public > +# License published by the Free Software Foundation. > +# ---------------------------------------------------------------------- > +all: > + > +# As translations get added, they will automatically be included, unless > +# the lang is explicitly added to DISABLED_LANGS; e.g. DISABLED_LANGS=en es > + > +DISABLED_LANGS= > + > +COMMONDIR=../../common > +include $(COMMONDIR)/Make-po.rules > + > +XGETTEXT_ARGS+=--language=C --keyword=_ $(shell if [ -f ${NAME}.pot ] ; then > echo -n -j ; fi) > + > > === added file 'binutils/po/aa-enabled.pot' > --- binutils/po/aa-enabled.pot 1970-01-01 00:00:00 +0000 > +++ binutils/po/aa-enabled.pot 2015-11-28 18:23:11 +0000 > @@ -0,0 +1,67 @@ > +# SOME DESCRIPTIVE TITLE. > +# Copyright (C) YEAR Canonical Ltd > +# This file is distributed under the same license as the PACKAGE package. > +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. > +# > +#, fuzzy > +msgid "" > +msgstr "" > +"Project-Id-Version: PACKAGE VERSION\n" > +"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n" > +"POT-Creation-Date: 2015-11-28 10:23-0800\n" > +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" > +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" > +"Language-Team: LANGUAGE <l...@li.org>\n" > +"Language: \n" > +"MIME-Version: 1.0\n" > +"Content-Type: text/plain; charset=CHARSET\n" > +"Content-Transfer-Encoding: 8bit\n" > + > +#: ../aa-enabled.c:26 > +#, c-format > +msgid "" > +"%s: [options]\n" > +" options:\n" > +" -q | --quiet Don't print out any messages\n" > +" -h | --help Print help\n" > +msgstr "" > + > +#: ../aa-enabled.c:45 > +#, c-format > +msgid "unknown or incompatible options\n" > +msgstr "" > + > +#: ../aa-enabled.c:55 > +#, c-format > +msgid "unknown option '%s'\n" > +msgstr "" > + > +#: ../aa-enabled.c:64 > +#, c-format > +msgid "Yes\n" > +msgstr "" > + > +#: ../aa-enabled.c:71 > +#, c-format > +msgid "No - not available on this system.\n" > +msgstr "" > + > +#: ../aa-enabled.c:74 > +#, c-format > +msgid "No - disabled at boot.\n" > +msgstr "" > + > +#: ../aa-enabled.c:77 > +#, c-format > +msgid "Maybe - policy interface not available.\n" > +msgstr "" > + > +#: ../aa-enabled.c:81 > +#, c-format > +msgid "Maybe - insufficient permissions to determine availability.\n" > +msgstr "" > + > +#: ../aa-enabled.c:84 > +#, c-format > +msgid "Error - '%s'\n" > +msgstr "" > > === modified file 'common/Make-po.rules' > --- common/Make-po.rules 2011-05-20 20:34:29 +0000 > +++ common/Make-po.rules 2015-11-28 18:22:58 +0000 > @@ -1,7 +1,7 @@ > # ------------------------------------------------------------------ > # > # Copyright (c) 1999-2008 NOVELL (All rights reserved) > -# Copyright 2009-2010 Canonical Ltd. > +# Copyright 2009-2015 Canonical Ltd. > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of version 2 of the GNU General Public > @@ -21,7 +21,7 @@ > # exist > LOCALEDIR=/usr/share/locale > > -XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." > --msgid-bugs-address=apparmor@lists.ubuntu.com -d ${NAME} > +XGETTEXT_ARGS=--copyright-holder="Canonical Ltd" > --msgid-bugs-address=apparmor@lists.ubuntu.com -d ${NAME} > > # When making the .pot file, it's expected that the parent Makefile will > # pass in the list of sources in the SOURCES variable > > > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor