On Mon, Nov 17, 2014 at 01:18:11PM -0800, Steve Beattie wrote:
> Update patch follows. It adds a header such that sample results look like:
>
> [unix]
> [
> [Raw_Unix_Rule]
> audit = False
> deny = False
> raw rule = unix peer=(label=@{profile_name}),
> [Raw_Unix_Rule]
> audit = False
> deny = False
> raw rule = unix (receive) peer=(label=unconfined),
> [Raw_Unix_Rule]
> audit = False
> deny = False
> raw rule = unix (create),
> [Raw_Unix_Rule]
> audit = False
> deny = False
> raw rule = unix (getattr, getopt, setopt, shutdown),
> ]
> [ptrace]
> [
> [Raw_Ptrace_Rule]
> audit = False
> deny = False
> raw rule = ptrace (readby),
> [Raw_Ptrace_Rule]
> audit = False
> deny = False
> raw rule = ptrace (tracedby),
> [Raw_Ptrace_Rule]
> audit = False
> deny = False
> raw rule = ptrace (read) peer=@{profile_name},
> ]
>
> It also fixes a situation where, when the list or tuple is empty, it would
> output:
>
> [@{DOVECOT_MAILSTORE}]
> [
> [--- empty ---]
> ]
>
> and instead corrects it to just output:
>
> [@{DOVECOT_MAILSTORE}]
> [--- empty ---]
>
> It also reduces the indention for lists and tuples by one to one, as it
> was causing the raw rules to be overly indented.
>
> Signed-off-by: Steve Beattie <st...@nxnw.org>
Poke, any feedback on this? Thanks.
> ---
> utils/apparmor/common.py | 16 +++++++++-------
> utils/apparmor/rules.py | 8 ++++++++
> 2 files changed, 17 insertions(+), 7 deletions(-)
>
> Index: b/utils/apparmor/common.py
> ===================================================================
> --- a/utils/apparmor/common.py
> +++ b/utils/apparmor/common.py
> @@ -20,6 +20,7 @@ import subprocess
> import sys
> import termios
> import tty
> +import apparmor.rules as rules
>
> DEBUGGING = False
>
> @@ -93,14 +94,15 @@ def recursive_print(src, dpth = 0, key =
> if empty:
> print (tabs + '[--- empty ---]')
> elif isinstance(src, list) or isinstance(src, tuple):
> - empty = True
> - print (tabs + "[")
> - for litem in src:
> - recursive_print(litem, dpth + 2)
> - empty = False
> - if empty:
> + if len(src) == 0:
> print (tabs + '[--- empty ---]')
> - print (tabs + "]")
> + else:
> + print (tabs + "[")
> + for litem in src:
> + recursive_print(litem, dpth + 1)
> + print (tabs + "]")
> + elif isinstance(src, rules._Raw_Rule):
> + src.recursive_print(dpth)
> else:
> if key:
> print (tabs + '%s = %s' % (key, src))
> Index: b/utils/apparmor/rules.py
> ===================================================================
> --- a/utils/apparmor/rules.py
> +++ b/utils/apparmor/rules.py
> @@ -56,6 +56,14 @@ class _Raw_Rule(object):
> 'deny ' if self.deny else '',
> self.rule)
>
> + def recursive_print(self, depth):
> + tabs = ' ' * depth * 4
> + print('%s[%s]' % (tabs, type(self).__name__))
> + tabs += ' ' * 4
> + print('%saudit = %s' % (tabs, self.audit))
> + print('%sdeny = %s' % (tabs, self.deny))
> + print('%sraw rule = %s' % (tabs, self.rule))
> +
> class Raw_DBUS_Rule(_Raw_Rule):
> pass
>
--
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
