On Fri, Feb 28, 2014 at 09:34:51PM +0100, Christian Boltz wrote: > Am Montag, 24. Februar 2014 schrieb Steve Beattie: > > I should note that one side effect is that this patch effectively > > neuters the -r (revert) option for aa-disable. I don't really like > > that option (I'd rather point people at using aa-enforce to undo > > aa-disable). I can submit a patch that either removes the option or > > adds the functionality if we desire it. > > The -r option was probably inspired by the -r option of aa-complain and > aa-audit, but I understand your POV that it might be confusing in a > triple-state case (enforce/complain/disabled). > > Anyway, either remove the -r option or make sure it's working ;-)
Here's the patch to remove the -r option for aa-disable, as well as the test and manpage documentation for it. Thanks! -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
Signed-off-by: Steve Beattie <st...@nxnw.org> --- utils/aa-disable | 1 - utils/aa-disable.pod | 4 ---- utils/apparmor/tools.py | 1 - utils/test/minitools_test.py | 6 ------ 4 files changed, 12 deletions(-) Index: b/utils/aa-disable =================================================================== --- a/utils/aa-disable +++ b/utils/aa-disable @@ -22,7 +22,6 @@ _ = init_translation() parser = argparse.ArgumentParser(description=_('Disable the profile for the given programs')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) -parser.add_argument('-r', '--revert', action='store_true', help=_('enable the profile for the given programs')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) args = parser.parse_args() Index: b/utils/aa-disable.pod =================================================================== --- a/utils/aa-disable.pod +++ b/utils/aa-disable.pod @@ -35,10 +35,6 @@ B<-d --dir /path/to/profiles> Specifies where to look for the AppArmor security profile set. Defaults to /etc/apparmor.d. -B<-r --revert> - - Enables the profile and loads it. - =head1 DESCRIPTION B<aa-disable> is used to I<disable> one or more profiles. Index: b/utils/test/minitools_test.py =================================================================== --- a/utils/test/minitools_test.py +++ b/utils/test/minitools_test.py @@ -97,12 +97,6 @@ class Test(unittest.TestCase): self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename) - #Enable the ntpd profile and check if it was correctly re-enabled - subprocess.check_output('%s ./../aa-disable -d ./profiles -r %s'%(python_interpreter, test_path), shell=True) - - self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove a symlink for %s from disable'%local_profilename) - - def test_autodep(self): pass Index: b/utils/apparmor/tools.py =================================================================== --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -33,7 +33,6 @@ class aa_tools: if tool_name in ['audit', 'complain']: self.remove = args.remove elif tool_name == 'disable': - self.revert = args.revert self.disabledir = apparmor.profile_dir + '/disable' self.check_disable_dir() elif tool_name == 'autodep':
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor