Hello,
Am Sonntag, 29. November 2015 schrieb Tyler Hicks:
> aa-easyprof is used to generate profiles and the lack of an
> abstraction file during profile generation should not be an error
> condition.
>
> Leave the handling of the abstraction file for the parser. It will
> fail if the file does not exist when the profile is being compiled.
>
> https://launchpad.net/bugs/1521031
I understand why you want this change, and agree that raising an
exception in aa-easyprof is too heavy. OTOH, I don't like to silently
ignore missing abstractions.
What about printing a warning message? It won't hurt in build
environments (I'd guess nobody reads warnings - if something is serious,
it's an error ;-) but if someone calls aa-easyprof manually, it can
still be helpful.
> --- a/utils/apparmor/easyprof.py
> +++ b/utils/apparmor/easyprof.py
> @@ -507,8 +507,6 @@ class AppArmorEasyProfile:
> def gen_abstraction_rule(self, abstraction):
> '''Generate an abstraction rule'''
> p = os.path.join(self.aa_topdir, "abstractions", abstraction)
> - if not os.path.exists(p):
> - raise AppArmorException("%s does not exist" % p)
better:
warn("%s does not exist" % p)
You'll need to import warn() from apparmor.common. Actually
apparmor.easyprof also has a warn() function - I seriously recommend to
de-duplicate it and import it from apparmor.common.
Speaking about de-duplicating - there are quite some functions in
apparmor.easyprof that are also in apparmor.common. Often with nearly
the same code, but it seems apparmor.commen received more bugfixes ;-)
(comparing both files with meld is the easiest way to see the common
code)
Regards,
Christian Boltz
--
Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to
produce bigger and better idiots. So far, the Universe is winning.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
