Hello, when an user adds a new rule to a profile, cleanup / delete existing rules that are covered by the new rule, and report the number of deleted rules.
[ 34-logprof-cleanup-duplicates-on-add.diff ]
=== modified file ./utils/aa-mergeprof
--- utils/aa-mergeprof 2016-08-08 23:55:34.096316427 +0200
+++ utils/aa-mergeprof 2016-08-11 22:56:37.215202376 +0200
@@ -393,9 +411,11 @@
else:
rule_obj =
selection_to_rule_obj(rule_obj, selection)
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_DENY':
if re_match_include(selection):
@@ -408,8 +428,10 @@
rule_obj =
selection_to_rule_obj(rule_obj, selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset
raw rule after manually modifying rule_obj
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_GLOB':
if not re_match_include(selection):
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2016-08-09 01:27:25.244323439 +0200
+++ utils/apparmor/aa.py 2016-08-11 22:54:49.815524051 +0200
@@ -1638,9 +1638,11 @@
else:
rule_obj =
selection_to_rule_obj(rule_obj, selection)
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_DENY':
if re_match_include(selection):
@@ -1653,8 +1655,10 @@
rule_obj =
selection_to_rule_obj(rule_obj, selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset
raw rule after manually modifying rule_obj
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_GLOB':
if not re_match_include(selection):
Regards,
Christian Boltz
--
The mission statement is simply 'world domination',
but we don't tell anybody. :-)
[Juergen Weigert in opensuse-project]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
