Hello, aa-cleanprof (actually clean_profile() in tools.py) used reload_base() from aa.py which sends the parser output to /dev/null. This had two effects: - aa-cleanprof ignored the --no-reload parameter - there was no error message because reload_base() /dev/null's the parser output
This patch changes clean_profile() to use reload_profile() from tools.py (which honors the --no-reload option). Also add a TODO note to aa.py reload_base(), the (AFAIK only) winner of the 'useless use of cat' award in the AppArmor code. We should really change it to use reload_profile(), even if that means moving the function from tools.py to aa.py or common.py. And it should not /dev/null the apparmor_parser output. ;-) [ 39-aa-cleanprof-use-reload_profile.diff ] === modified file utils/apparmor/aa.py --- utils/apparmor/aa.py 2015-05-25 18:10:56.809214154 +0200 +++ utils/apparmor/aa.py 2015-05-25 18:25:10.038065718 +0200 @@ -4124,6 +4124,7 @@ prof_filename = get_profile_filename(bin_path) + # XXX use reload_profile() from tools.py instead (and don't hide output in /dev/null) subprocess.call("cat '%s' | %s -I%s -r >/dev/null 2>&1" % (prof_filename, parser, profile_dir), shell=True) def reload(bin_path): === modified file utils/apparmor/tools.py --- utils/apparmor/tools.py 2015-05-25 18:03:19.395002160 +0200 +++ utils/apparmor/tools.py 2015-05-25 18:23:10.795080622 +0200 @@ -234,14 +234,14 @@ ans, arg = q.promptUser() if ans == 'CMD_SAVE_CHANGES': apparmor.write_profile_ui_feedback(program) - apparmor.reload_base(program) + self.reload_profile(filename) elif ans == 'CMD_VIEW_CHANGES': #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '') newprofile = apparmor.serialize_profile(apparmor.aa[program], program, '') apparmor.display_changes_with_comments(filename, newprofile) else: apparmor.write_profile_ui_feedback(program) - apparmor.reload_base(program) + self.reload_profile(filename) else: raise apparmor.AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program) Regards, Christian Boltz -- It is the old problem of data protection vs. data security. The data in the journal is well protected. Protected from getting used by me. [Stefan Seyfried in opensuse-factory] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor