Hello, Am Montag, 25. Mai 2015 schrieb Christian Boltz: > [ 33-minitools-add--no-reload-parameter.diff ]
I missed aa-cleanprof (do we have too many minitools?), so here's v2: Add --no-reload parameter to minitools Add a --no-reload parameter to aa-audit, aa-cleanprof, aa-complain, aa-disable and aa-enforce. This makes it possible to change the profile flags without reloading the profile. Also change tools.py to honor the --no-reload parameter. References: https://bugs.launchpad.net/apparmor/+bug/1458480 I propose this patch for trunk and 2.9. [ 33-minitools-add--no-reload-parameter.diff ] === modified file utils/aa-audit --- utils/aa-audit 2015-05-25 15:02:32.488225993 +0200 +++ utils/aa-audit 2015-05-25 14:58:04.064999029 +0200 @@ -26,6 +26,7 @@ parser.add_argument('-r', '--remove', action='store_true', help=_('remove audit mode')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) parser.add_argument('--trace', action='store_true', help=_('Show full trace')) +parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it')) args = parser.parse_args() try: === modified file utils/aa-cleanprof --- utils/aa-cleanprof 2014-09-13 21:41:36.318937957 +0200 +++ utils/aa-cleanprof 2015-05-25 15:29:32.353194973 +0200 @@ -24,6 +24,7 @@ parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) parser.add_argument('-s', '--silent', action='store_true', help=_('Silently overwrite with a clean profile')) +parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it')) args = parser.parse_args() clean = apparmor.tools.aa_tools('cleanprof', args) === modified file utils/aa-complain --- utils/aa-complain 2015-05-25 15:02:32.488225993 +0200 +++ utils/aa-complain 2015-05-25 14:58:41.188817768 +0200 @@ -23,6 +23,7 @@ parser = argparse.ArgumentParser(description=_('Switch the given program to complain mode')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) +parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it')) args = parser.parse_args() tool = apparmor.tools.aa_tools('complain', args) === modified file utils/aa-disable --- utils/aa-disable 2015-05-25 15:02:32.488225993 +0200 +++ utils/aa-disable 2015-05-25 14:56:21.385032307 +0200 @@ -23,6 +23,7 @@ parser = argparse.ArgumentParser(description=_('Disable the profile for the given programs')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) +parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not unload the profile after modifying it')) args = parser.parse_args() tool = apparmor.tools.aa_tools('disable', args) === modified file utils/aa-enforce --- utils/aa-enforce 2015-05-25 15:02:32.488225993 +0200 +++ utils/aa-enforce 2015-05-25 14:59:15.838781891 +0200 @@ -23,6 +23,7 @@ parser = argparse.ArgumentParser(description=_('Switch the given program to enforce mode')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) +parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it')) args = parser.parse_args() tool = apparmor.tools.aa_tools('enforce', args) === modified file utils/apparmor/tools.py --- utils/apparmor/tools.py 2015-05-25 15:02:32.489225934 +0200 +++ utils/apparmor/tools.py 2015-05-25 15:02:43.211595821 +0200 @@ -29,6 +29,7 @@ self.profiling = args.program self.check_profile_dir() self.silent = None + self.do_reload = args.do_reload if tool_name in ['audit']: self.remove = args.remove @@ -246,6 +247,9 @@ apparmor.create_symlink('disable', filename) def unload_profile(self, profile): + if not self.do_reload: + return + # FIXME: should ensure profile is loaded before unloading cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-R', profile]) @@ -253,6 +257,9 @@ raise apparmor.AppArmorException(cmd_info[1]) def reload_profile(self, profile): + if not self.do_reload: + return + cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-r', profile]) if cmd_info[0] != 0: Regards, Christian Boltz -- <cboltz> jjohansen: you are making it too easy for kshitij8 ;-) <jjohansen> cboltz: oops sorry, now I'll have to come up with a new task to make him suffer :) <sarnold> review the c++11 conversion? :) * sarnold runs <jjohansen> haha, sarnold I said suffer, not drive him to commit suicide [from #apparmor] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor