On Wed, Mar 05, 2014 at 05:44:41PM -0800, Steve Beattie wrote: > This patch creates a separate tool.cmd_complain function, as well as > removes the -r remove option, to match aa-enforce and aa-disable. > It also cleans up some bits in aa-enforce now that aa-complain and > aa-enforce have been separated. > > Signed-off-by: Steve Beattie <st...@nxnw.org>
Acked-by: Seth Arnold <seth.arn...@canonical.com> Thanks > --- > utils/aa-complain | 5 ++--- > utils/aa-complain.pod | 9 +-------- > utils/aa-enforce | 6 +----- > utils/apparmor/tools.py | 26 +++++++++++++++++++------- > 4 files changed, 23 insertions(+), 23 deletions(-) > > Index: b/utils/aa-complain > =================================================================== > --- a/utils/aa-complain > +++ b/utils/aa-complain > @@ -22,10 +22,9 @@ _ = init_translation() > > parser = argparse.ArgumentParser(description=_('Switch the given program to > complain mode')) > parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) > -parser.add_argument('-r', '--remove', action='store_true', help=_('remove > complain mode')) > parser.add_argument('program', type=str, nargs='+', help=_('name of > program')) > args = parser.parse_args() > > -complain = apparmor.tools.aa_tools('complain', args) > +tool = apparmor.tools.aa_tools('complain', args) > #print(args) > -complain.act() > +tool.cmd_complain() > Index: b/utils/apparmor/tools.py > =================================================================== > --- a/utils/apparmor/tools.py > +++ b/utils/apparmor/tools.py > @@ -30,7 +30,7 @@ class aa_tools: > self.check_profile_dir() > self.silent = None > > - if tool_name in ['audit', 'complain']: > + if tool_name in ['audit']: > self.remove = args.remove > elif tool_name == 'disable': > self.disabledir = apparmor.profile_dir + '/disable' > @@ -122,12 +122,6 @@ class aa_tools: > aaui.UI_Info(_('Removing audit mode from %s.') % > program) > apparmor.change_profile_flags(filename, program, > 'audit', not self.remove) > > - elif self.name == 'complain': > - if not self.remove: > - apparmor.set_complain(filename, program) > - else: > - apparmor.set_enforce(filename, program) > - #apparmor.set_profile_flags(filename, self.name) > else: > # One simply does not walk in here! > raise apparmor.AppArmorException('Unknown tool: %s' > % self.name) > @@ -177,6 +171,24 @@ class aa_tools: > > # FIXME: this should be a profile_reload function/method > cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, > '-r', profile]) > + > + if cmd_info[0] != 0: > + raise apparmor.AppArmorException(cmd_info[1]) > + > + def cmd_complain(self): > + for (program, profile) in self.get_next_to_profile(): > + > + apparmor.read_profiles() > + output_name = profile if program is None else program > + > + if not os.path.isfile(profile) or > apparmor.is_skippable_file(profile): > + aaui.UI_Info(_('Profile for %s not found, skipping') % > output_name) > + continue > + > + apparmor.set_complain(profile, program) > + > + # FIXME: this should be a profile_reload function/method > + cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, > '-r', profile]) > > if cmd_info[0] != 0: > raise apparmor.AppArmorException(cmd_info[1]) > Index: b/utils/aa-enforce > =================================================================== > --- a/utils/aa-enforce > +++ b/utils/aa-enforce > @@ -24,11 +24,7 @@ parser = argparse.ArgumentParser(descrip > parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) > parser.add_argument('program', type=str, nargs='+', help=_('name of > program')) > args = parser.parse_args() > -# Set the remove flag since complain = !enforce > -# XXX remove this entirely once conversion to individual cmd methods > -# on the Tool class are implemented > -args.remove = True > > -tool = apparmor.tools.aa_tools('complain', args) > +tool = apparmor.tools.aa_tools('enforce', args) > > tool.cmd_enforce() > Index: b/utils/aa-complain.pod > =================================================================== > --- a/utils/aa-complain.pod > +++ b/utils/aa-complain.pod > @@ -26,7 +26,7 @@ aa-complain - set an AppArmor security p > > =head1 SYNOPSIS > > -B<aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d > /path/to/profiles>] [I<-r>]> > +B<aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d > /path/to/profiles>] > > =head1 OPTIONS > > @@ -35,19 +35,12 @@ B<-d --dir /path/to/profiles> > Specifies where to look for the AppArmor security profile set. > Defaults to /etc/apparmor.d. > > -B<-r --remove> > - > - Removes the complain mode for the profile. > - > =head1 DESCRIPTION > > B<aa-complain> is used to set the enforcement mode for one or more profiles > to I<complain> mode. > In this mode security policy is not enforced but rather access violations > are logged to the system log. > > -The I<--remove> option can be used to remove the complain mode for the > profile, > -setting it to enforce mode by default. > - > =head1 BUGS > > If you find any bugs, please report them at > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor