On Wed, Mar 01, 2017 at 08:52:01PM +0000, Tyler Hicks wrote: > Introduce an apparmor.aa.init_aa() method and move the initialization > code of the apparmor.aa module into it. Note that this change will break > any external users of apparmor.aa because global variables that were > previously initialized when importing apparmor.aa will not be > initialized unless a call to the new apparmor.aa.init_aa() method is > made. > > The main purpose of this change is to allow the utils tests to be able > to set a non-default location for configuration files. Instead of > hard-coding the location of logprof.conf and other utils related > configuration files to /etc/apparmor/, this patch allows it to be > configured by calling apparmor.aa.init_aa(confdir=PATH). > > This allows for the make check target to use the in-tree config file, > profiles, and parser by default. A helper method, setup_aa(), is added > to common_test.py that checks for an environment variable containing a > non-default configuration directory path prior to calling > apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated > to call setup_aa(). > > Signed-off-by: Tyler Hicks <[email protected]> > Suggested-by: Christian Boltz <[email protected]>
Acked-by: Seth Arnold <[email protected]> Thanks > --- > utils/aa-genprof | 1 + > utils/aa-logprof | 1 + > utils/aa-mergeprof | 3 +++ > utils/aa-unconfined | 1 + > utils/apparmor/aa.py | 43 > +++++++++++++++++++------------ > utils/apparmor/cleanprofile.py | 1 + > utils/apparmor/tools.py | 2 ++ > utils/test/Makefile | 6 +++-- > utils/test/common_test.py | 11 ++++++++ > utils/test/minitools_test.py | 3 ++- > utils/test/test-aa.py | 3 ++- > utils/test/test-libapparmor-test_multi.py | 3 ++- > utils/test/test-mount_parse.py | 3 ++- > utils/test/test-parser-simple-tests.py | 3 ++- > utils/test/test-pivot_root_parse.py | 3 ++- > utils/test/test-regex_matches.py | 3 ++- > utils/test/test-unix_parse.py | 3 ++- > 17 files changed, 66 insertions(+), 27 deletions(-) > > diff --git a/utils/aa-genprof b/utils/aa-genprof > index 3fe72bb..e2e6544 100755 > --- a/utils/aa-genprof > +++ b/utils/aa-genprof > @@ -66,6 +66,7 @@ args = parser.parse_args() > profiling = args.program > profiledir = args.dir > > +apparmor.init_aa() > apparmor.set_logfile(args.file) > > aa_mountpoint = apparmor.check_for_apparmor() > diff --git a/utils/aa-logprof b/utils/aa-logprof > index 05ebbd9..c05cbef 100755 > --- a/utils/aa-logprof > +++ b/utils/aa-logprof > @@ -34,6 +34,7 @@ args = parser.parse_args() > profiledir = args.dir > logmark = args.mark or '' > > +apparmor.init_aa() > apparmor.set_logfile(args.file) > > aa_mountpoint = apparmor.check_for_apparmor() > diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof > index 4e1e633..1241515 100755 > --- a/utils/aa-mergeprof > +++ b/utils/aa-mergeprof > @@ -43,6 +43,8 @@ args = parser.parse_args() > > args.other = None > > +apparmor.aa.init_aa() > + > profiles = args.files > > profiledir = args.dir > @@ -136,6 +138,7 @@ class Merge(object): > user, base = profiles > > #Read and parse base profile and save profile data, include data > from it and reset them > + apparmor.aa.init_aa() > apparmor.aa.read_profile(base, True) > self.base = cleanprofile.Prof(base) > > diff --git a/utils/aa-unconfined b/utils/aa-unconfined > index 69e0d65..0407395 100755 > --- a/utils/aa-unconfined > +++ b/utils/aa-unconfined > @@ -40,6 +40,7 @@ args = parser.parse_args() > > paranoid = args.paranoid > > +aa.init_aa() > aa_mountpoint = aa.check_for_apparmor() > if not aa_mountpoint: > raise aa.AppArmorException(_("It seems AppArmor was not started. Please > enable AppArmor and try again.")) > diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py > index eecf8c7..1464a21 100644 > --- a/utils/apparmor/aa.py > +++ b/utils/apparmor/aa.py > @@ -73,14 +73,14 @@ _ = init_translation() > # Setup logging incase of debugging is enabled > debug_logger = DebugLogger('aa') > > -CONFDIR = '/etc/apparmor' > - > # The database for severity > sev_db = None > # The file to read log messages from > ### Was our > logfile = None > > +CONFDIR = None > +conf = None > cfg = None > repo_cfg = None > > @@ -3741,24 +3741,33 @@ def logger_path(): > > ######Initialisations###### > > -conf = apparmor.config.Config('ini', CONFDIR) > -cfg = conf.read_config('logprof.conf') > +def init_aa(confdir="/etc/apparmor"): > + global CONFDIR > + global conf > + global cfg > + global profile_dir > + global extra_profile_dir > + global parser > + > + CONFDIR = confdir > + conf = apparmor.config.Config('ini', CONFDIR) > + cfg = conf.read_config('logprof.conf') > > -# prevent various failures if logprof.conf doesn't exist > -if not cfg.sections(): > - cfg.add_section('settings') > - cfg.add_section('required_hats') > + # prevent various failures if logprof.conf doesn't exist > + if not cfg.sections(): > + cfg.add_section('settings') > + cfg.add_section('required_hats') > > -if cfg['settings'].get('default_owner_prompt', False): > - cfg['settings']['default_owner_prompt'] = '' > + if cfg['settings'].get('default_owner_prompt', False): > + cfg['settings']['default_owner_prompt'] = '' > > -profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or > '/etc/apparmor.d' > -if not os.path.isdir(profile_dir): > - raise AppArmorException('Can\'t find AppArmor profiles in %s' % > (profile_dir)) > + profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or > '/etc/apparmor.d' > + if not os.path.isdir(profile_dir): > + raise AppArmorException('Can\'t find AppArmor profiles in %s' % > (profile_dir)) > > -extra_profile_dir = > conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or > '/usr/share/apparmor/extra-profiles/' > + extra_profile_dir = > conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or > '/usr/share/apparmor/extra-profiles/' > > -parser = conf.find_first_file(cfg['settings'].get('parser')) or > '/sbin/apparmor_parser' > -if not os.path.isfile(parser) or not os.access(parser, os.EX_OK): > - raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser)) > + parser = conf.find_first_file(cfg['settings'].get('parser')) or > '/sbin/apparmor_parser' > + if not os.path.isfile(parser) or not os.access(parser, os.EX_OK): > + raise AppArmorException('Can\'t find apparmor_parser at %s' % > (parser)) > > diff --git a/utils/apparmor/cleanprofile.py b/utils/apparmor/cleanprofile.py > index 5e2724e..0ef9b5a 100644 > --- a/utils/apparmor/cleanprofile.py > +++ b/utils/apparmor/cleanprofile.py > @@ -16,6 +16,7 @@ import apparmor.aa as apparmor > > class Prof(object): > def __init__(self, filename): > + apparmor.init_aa() > self.aa = apparmor.aa > self.filelist = apparmor.filelist > self.include = apparmor.include > diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py > index 1eac5ef..c370853 100644 > --- a/utils/apparmor/tools.py > +++ b/utils/apparmor/tools.py > @@ -31,6 +31,8 @@ class aa_tools: > self.silent = None > self.do_reload = args.do_reload > > + apparmor.init_aa() > + > if tool_name in ['audit']: > self.remove = args.remove > elif tool_name == 'autodep': > diff --git a/utils/test/Makefile b/utils/test/Makefile > index 014c094..025bba4 100644 > --- a/utils/test/Makefile > +++ b/utils/test/Makefile > @@ -23,11 +23,13 @@ include $(COMMONDIR)/Make.rules > ifdef USE_SYSTEM > LD_LIBRARY_PATH= > PYTHONPATH= > + CONFDIR= > else > # PYTHON_DIST_BUILD_PATH based on > libapparmor/swig/python/test/Makefile.am > PYTHON_DIST_BUILD_PATH = > ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import > distutils.util; import platform; print(\"lib.%s-%s\" > %(distutils.util.get_platform(), platform.python_version()[:3]))") > LD_LIBRARY_PATH=../../libraries/libapparmor/src/.libs/ > PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH) > + CONFDIR=$(CURDIR) > endif > > .PHONY: __libapparmor > @@ -62,10 +64,10 @@ clean: > rm -rf __pycache__/ .coverage htmlcov > > check: __libapparmor > - export PYTHONPATH=$(PYTHONPATH) ; export > LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ; export LC_ALL=C; $(foreach test, > $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test))) > + export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) > LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(foreach test, $(wildcard test-*.py), > echo ; echo === $(test) === ; $(call pyalldo, $(test))) > > .coverage: $(wildcard ../aa-* ../apparmor/*.py test-*.py) __libapparmor > - export PYTHONPATH=$(PYTHONPATH) ; export > LD_LIBRARY_PATH=$(LD_LIBRARY_PATH); export LC_ALL=C; > $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo > ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); ) > + export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) > LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(COVERAGE_IGNORE_FAILURES_CMD) ; > $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; > $(PYTHON) -m coverage run --branch -p $(test); ) > $(PYTHON) -m coverage combine > > coverage: .coverage > diff --git a/utils/test/common_test.py b/utils/test/common_test.py > index 67a5e7d..f3d5c01 100755 > --- a/utils/test/common_test.py > +++ b/utils/test/common_test.py > @@ -103,6 +103,17 @@ def setup_regex_tests(test_class): > stub_test.__doc__ = "test '%s': %s" % (line, desc) > setattr(test_class, 'test_%d' % (i), stub_test) > > +def setup_aa(aa): > + confdir = os.getenv('__AA_CONFDIR') > + try: > + if confdir: > + aa.init_aa(confdir=confdir) > + else: > + aa.init_aa() > + except AttributeError: > + # apparmor.aa module versions <= 2.11 do not have the init_aa() > method > + pass > + > def write_file(directory, file, contents): > '''construct path, write contents to it, and return the constructed > path''' > path = os.path.join(directory, file) > diff --git a/utils/test/minitools_test.py b/utils/test/minitools_test.py > index 7de1367..47c78f4 100755 > --- a/utils/test/minitools_test.py > +++ b/utils/test/minitools_test.py > @@ -16,7 +16,7 @@ import shutil > import subprocess > import sys > import unittest > -from common_test import AATest, setup_all_loops > +from common_test import AATest, setup_all_loops, setup_aa > > import apparmor.aa as apparmor > from common_test import read_file > @@ -156,6 +156,7 @@ class MinitoolsTest(AATest): > self.assertEqual(exp_content, real_content, 'Failed to cleanup > profile properly') > > > +setup_aa(apparmor) > setup_all_loops(__name__) > if __name__ == '__main__': > unittest.main(verbosity=2) > diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py > index 65cbd1f..a875c58 100644 > --- a/utils/test/test-aa.py > +++ b/utils/test/test-aa.py > @@ -10,7 +10,7 @@ > # ------------------------------------------------------------------ > > import unittest > -from common_test import AATest, setup_all_loops > +from common_test import AATest, setup_all_loops, setup_aa > from common_test import read_file, write_file > > import os > @@ -855,6 +855,7 @@ class AaTest_propose_file_rules(AATest): > proposals = propose_file_rules(profile, rule_obj) > self.assertEqual(proposals, expected) > > +setup_aa(apparmor.aa) > setup_all_loops(__name__) > if __name__ == '__main__': > unittest.main(verbosity=2) > diff --git a/utils/test/test-libapparmor-test_multi.py > b/utils/test/test-libapparmor-test_multi.py > index e9e3426..0e34564 100644 > --- a/utils/test/test-libapparmor-test_multi.py > +++ b/utils/test/test-libapparmor-test_multi.py > @@ -10,7 +10,7 @@ > # ------------------------------------------------------------------ > > import unittest > -from common_test import AATest, setup_all_loops, read_file > +from common_test import AATest, setup_all_loops, setup_aa, read_file > > import os > from apparmor.common import open_file_read > @@ -267,6 +267,7 @@ print('Testing libapparmor test_multi tests...') > TestLibapparmorTestMulti.tests = > find_test_multi('../../libraries/libapparmor/testsuite/test_multi/') > TestLogToProfile.tests = > find_test_multi('../../libraries/libapparmor/testsuite/test_multi/') > > +setup_aa(apparmor.aa) > setup_all_loops(__name__) > if __name__ == '__main__': > unittest.main(verbosity=1) # reduced verbosity due to the big number of > tests > diff --git a/utils/test/test-mount_parse.py b/utils/test/test-mount_parse.py > index 3f08fc2..37f4ec9 100644 > --- a/utils/test/test-mount_parse.py > +++ b/utils/test/test-mount_parse.py > @@ -11,7 +11,7 @@ > > import apparmor.aa as aa > import unittest > -from common_test import AAParseTest, setup_regex_tests > +from common_test import AAParseTest, setup_regex_tests, setup_aa > > class BaseAAParseMountTest(AAParseTest): > def setUp(self): > @@ -39,6 +39,7 @@ class AAParseUmountTest(BaseAAParseMountTest): > ('unmount /mnt/external,', 'unmount with mount point'), > ] > > +setup_aa(aa) > if __name__ == '__main__': > setup_regex_tests(AAParseMountTest) > setup_regex_tests(AAParseRemountTest) > diff --git a/utils/test/test-parser-simple-tests.py > b/utils/test/test-parser-simple-tests.py > index 92d81c3..303d901 100644 > --- a/utils/test/test-parser-simple-tests.py > +++ b/utils/test/test-parser-simple-tests.py > @@ -10,7 +10,7 @@ > # ------------------------------------------------------------------ > > import unittest > -from common_test import AATest, setup_all_loops > +from common_test import AATest, setup_all_loops, setup_aa > import apparmor.aa as apparmor > > import os > @@ -397,6 +397,7 @@ def find_and_setup_test_profiles(profile_dir): > print('Running %s parser simple_tests...' % > len(TestParseParserTests.tests)) > > > +setup_aa(apparmor) > find_and_setup_test_profiles('../../parser/tst/simple_tests/') > > setup_all_loops(__name__) > diff --git a/utils/test/test-pivot_root_parse.py > b/utils/test/test-pivot_root_parse.py > index fa4840b..f2a1c32 100644 > --- a/utils/test/test-pivot_root_parse.py > +++ b/utils/test/test-pivot_root_parse.py > @@ -11,7 +11,7 @@ > > import apparmor.aa as aa > import unittest > -from common_test import AAParseTest, setup_regex_tests > +from common_test import AAParseTest, setup_regex_tests, setup_aa > > class AAParsePivotRootTest(AAParseTest): > def setUp(self): > @@ -24,6 +24,7 @@ class AAParsePivotRootTest(AAParseTest): > ('pivot_root /old /new -> /usr/bin/child,', 'pivot_root child rule'), > ] > > +setup_aa(aa) > if __name__ == '__main__': > setup_regex_tests(AAParsePivotRootTest) > unittest.main(verbosity=2) > diff --git a/utils/test/test-regex_matches.py > b/utils/test/test-regex_matches.py > index 9abbe5b..b93a714 100644 > --- a/utils/test/test-regex_matches.py > +++ b/utils/test/test-regex_matches.py > @@ -11,7 +11,7 @@ > > import apparmor.aa as aa > import unittest > -from common_test import AATest, setup_all_loops > +from common_test import AATest, setup_all_loops, setup_aa > from apparmor.common import AppArmorBug, AppArmorException > > from apparmor.regex import ( strip_parenthesis, strip_quotes, > parse_profile_start_line, re_match_include, > @@ -502,6 +502,7 @@ class TestStripQuotes(AATest): > > > > +setup_aa(aa) > setup_all_loops(__name__) > if __name__ == '__main__': > # these two are not converted to a tests[] loop yet > diff --git a/utils/test/test-unix_parse.py b/utils/test/test-unix_parse.py > index be7056f..61d8307 100644 > --- a/utils/test/test-unix_parse.py > +++ b/utils/test/test-unix_parse.py > @@ -11,7 +11,7 @@ > > import apparmor.aa as aa > import unittest > -from common_test import AAParseTest, setup_regex_tests > +from common_test import AAParseTest, setup_regex_tests, setup_aa > > class AAParseUnixTest(AAParseTest): > > @@ -34,6 +34,7 @@ class AAParseUnixTest(AAParseTest): > 'complex unix rule'), > ] > > +setup_aa(aa) > if __name__ == '__main__': > setup_regex_tests(AAParseUnixTest) > unittest.main(verbosity=2)
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
