The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2847
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Improve config file error opening management and improve main code block. Execute this python script during CI to avoid regressions Signed-off-by: Hervé Beraud <hber...@redhat.com>
From 78b39520f0ea84168d614899476d647c994df296 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Beraud?= <hber...@redhat.com> Date: Tue, 12 Feb 2019 22:48:51 +0100 Subject: [PATCH] apparmor: catch config file opening error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improve config file error opening management and improve main code block. Execute this python script during CI to avoid regressions Signed-off-by: Hervé Beraud <hber...@redhat.com> --- .travis.yml | 2 + config/apparmor/lxc-generate-aa-rules.py | 75 ++++++++++++++---------- 2 files changed, 46 insertions(+), 31 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9805facc1..4b47a3bee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,6 +27,8 @@ script: - ../configure --enable-tests --with-distro=unknown - make -j4 - make DESTDIR=$TRAVIS_BUILD_DIR/install install + - ./config/apparmor/lxc-generate-aa-rules.py config/apparmor/container-rules.base + notifications: email: recipients: diff --git a/config/apparmor/lxc-generate-aa-rules.py b/config/apparmor/lxc-generate-aa-rules.py index d7c9a868e..2f8a5dbb8 100755 --- a/config/apparmor/lxc-generate-aa-rules.py +++ b/config/apparmor/lxc-generate-aa-rules.py @@ -3,6 +3,7 @@ import sys blocks = [] +denies = [] # # blocks is an array of paths under which we want to block by @@ -63,28 +64,6 @@ def add_allow(path): prev.append(n) prev = n['children'] -config = "config" -if len(sys.argv) > 1: - config = sys.argv[1] -with open(config) as f: - for x in f.readlines(): - x.strip() - if x[:1] == '#': - continue - try: - (cmd, path) = x.split(' ') - except: # blank line - continue - if cmd == "block": - add_block(path) - elif cmd == "allow": - add_allow(path) - else: - print("Unknown command: %s" % cmd) - sys.exit(1) - -denies = [] - def collect_chars(children, ref, index): r = "" @@ -126,14 +105,48 @@ def gen_denies(pathsofar, children): newpath = "%s/%s" % (pathsofar, c['path']) gen_denies(newpath, c['children']) -for b in blocks: - gen_denies(b['path'], b['children']) -denies.sort() +def main(): + config = "config" + if len(sys.argv) > 1: + config = sys.argv[1] + + lines = None + try: + with open(config) as f: + lines = f.readlines() + except FileNotFoundError as err: + print("Config file not found") + print(err) + sys.exit(1) + + for line in lines: + line.strip() + if line.startswith('#'): + continue + try: + (cmd, path) = line.split(' ') + except: # blank line + continue + if cmd == "block": + add_block(path) + elif cmd == "allow": + add_allow(path) + else: + print("Unknown command: %s" % cmd) + sys.exit(1) + for block in blocks: + gen_denies(block['path'], block['children']) + + denies.sort() + + genby = " # generated by: lxc-generate-aa-rules.py" + for a in sys.argv[1:]: + genby += " %s" % a + print(genby) + for d in denies: + print(" %s" % d) + -genby = " # generated by: lxc-generate-aa-rules.py" -for a in sys.argv[1:]: - genby += " %s" % a -print(genby) -for d in denies: - print(" %s" % d) +if __name__ == "__main__": + main()
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel