On Wed, Sep 21, 2016 at 10:28:04PM +0200, Christian Boltz wrote: > as promised in > Re: [apparmor] [patch] utils/test/test-aa.py: skip tests that break with > python2.7 > some minutes ago, here's v2: > > [patch] [15/38] Change handle_children() and ask_the_questions() to FileRule > > This patch changes handle_children() (which asks about exec events) and > ask_the_questions() (which asks everything else) to FileRule. This > solves the "brain split" introduced by the previous patch. > > This means aa-logprof and aa-genprof ask useful questions again, and > store the answers at the right place. > > In detail, this means (with '-' line number from the diff) > - (391) handle_binfmt(): use FileRule. Also avoid breakage if glob_common() > returns an empty result. > - (484) profile_storage(): drop profile['allow']['path'] and > profile['deny']['path'] > - (510) create_new_profile(): switch to FileRule > - (1190..1432) lots of changes in handle_children(): > - drop escaping (done in FileRule) > - don't add events with 'x' perms to prelog > - use is_known_rule() instead of profile_known_exec() > - replace several regexes for the selected CMD_* with more readable > 'in' clauses. While on it, drop unused parts of the regex. > - use plain 'ix', 'px' (as str) instead of str_to_mode() format > - call handle_binfmt() for the interpreter in ix, Pix and Cix rules > - (1652) ask_the_questions(): disable the old file-specific code > (not dropped because some features aren't ported to FileRule yet) > - (2336) collapse_log(): > - convert file log events to FileRule (and add some workarounds and > TODOs for logparser.py behaviour that needs to change) > - disable the old file-specific code (not dropped because merging of > existing permissions isn't ported to FileRule yet) > - (2403) drop now unused validate_profile_mode() and the regexes it used > - (3374) drop now unused profile_known_exec() > > Test changes: > - adjust fake_ldd to handle /bin/bash > - change test-aa.py AaTest_create_new_profile to expect FileRule instead > of a path hasher. Also copy the profiles to the tempdir and load the > abstractions that are needed by the test. > > > Important: Some nice-to-have features are not yet implemented for > FileRule: > - globbing > - (N)ew (allowing the user to enter a custom path) > - displaying and merging of permissions already existing in the profile > > This means: aa-logprof works, but it's not as user-friendly as before. > The next patches will fix that ;-) > > --- > > v2 brings two changes to the test-aa.py part of this patch: > - refresh the first hunk so that it can be applied again (broke by > Steve's 'import sys' addition) > - skip the extended AaTest_create_new_profile on py2 because changing > apparmor.aa.cfg['settings']['ldd'] doesn't work for some reason > > > [ 15-use-FileRule-in-logprof.diff ]
Phew, that's a lot of changes. FYI, the pflakes portion of the utils tests fail with the renamed ask_the_questions() function, due to it referencing undefined symbols (aamode, profile, hat). But I don't think that should block committing this; therefore Acked-by: Steve Beattie <st...@nxnw.org>. Thanks. -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
