On Wed, Mar 05, 2014 at 05:44:42PM -0800, Steve Beattie wrote: > This patch moves the audit functionality to an audit specific command > function. > > As an aside, the -r option is left in place here, because aa-audit > is a bit orthogonal to aa-enforce, aa-complain, and aa-disable.
Hah, good catch, I wouldn't have had that foresight. :) > Signed-off-by: Steve Beattie <[email protected]> Acked-by: Seth Arnold <[email protected]> > --- > utils/aa-audit | 5 +++-- > utils/apparmor/tools.py | 30 +++++++++++++++++++++++------- > 2 files changed, 26 insertions(+), 9 deletions(-) > > Index: b/utils/aa-audit > =================================================================== > --- a/utils/aa-audit > +++ b/utils/aa-audit > @@ -29,9 +29,10 @@ parser.add_argument('--trace', action='s > args = parser.parse_args() > > try: > - audit = apparmor.tools.aa_tools('audit', args) > + tool = apparmor.tools.aa_tools('audit', args) > + > + tool.cmd_audit() > > - audit.act() > except Exception as e: > if not args.trace: > print(e.value + "\n") > Index: b/utils/apparmor/tools.py > =================================================================== > --- a/utils/apparmor/tools.py > +++ b/utils/apparmor/tools.py > @@ -115,13 +115,6 @@ class aa_tools: > if not os.path.isfile(filename) or > apparmor.is_skippable_file(filename): > aaui.UI_Info(_('Profile for %s not found, skipping') > % program) > > - elif self.name == 'audit': > - if not self.remove: > - aaui.UI_Info(_('Setting %s to audit mode.') % > program) > - else: > - aaui.UI_Info(_('Removing audit mode from %s.') % > program) > - apparmor.change_profile_flags(filename, program, > 'audit', not self.remove) > - > else: > # One simply does not walk in here! > raise apparmor.AppArmorException('Unknown tool: %s' > % self.name) > @@ -189,6 +182,29 @@ class aa_tools: > > # FIXME: this should be a profile_reload function/method > cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, > '-r', profile]) > + > + if cmd_info[0] != 0: > + raise apparmor.AppArmorException(cmd_info[1]) > + > + def cmd_audit(self): > + for (program, profile) in self.get_next_to_profile(): > + > + apparmor.read_profiles() > + output_name = profile if program is None else program > + > + if not os.path.isfile(profile) or > apparmor.is_skippable_file(profile): > + aaui.UI_Info(_('Profile for %s not found, skipping') % > output_name) > + continue > + > + # keep this to allow toggling 'audit' flags > + if not self.remove: > + aaui.UI_Info(_('Setting %s to audit mode.') % output_name) > + else: > + aaui.UI_Info(_('Removing audit mode from %s.') % output_name) > + apparmor.change_profile_flags(profile, program, 'audit', not > self.remove) > + > + # FIXME: this should be a profile_reload function/method > + cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, > '-r', profile]) > > if cmd_info[0] != 0: > raise apparmor.AppArmorException(cmd_info[1]) > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
