On Thu, Dec 03, 2015 at 09:55:31PM +0100, Christian Boltz wrote: > Hello, > > having a list of rule types/classes at several places is annoying and > error-prone. This patch centralizes the list in aa.py. > > This also means ask_the_question() in aa.py will now (in theory) support > 'change_profile' and 'rlimit'. In practise, that doesn't change anything > because logparser.py doesn't support change_profile events yet - and > rlimit doesn't cause any log events. > > Also add some long overdue copyright headers.
Acked-by: Seth Arnold <[email protected]> Thanks > > [ 24-centralize-ruletypes.diff ] > > === modified file ./utils/aa-mergeprof > --- utils/aa-mergeprof 2015-11-19 17:42:26.317879173 +0100 > +++ utils/aa-mergeprof 2015-12-02 22:37:23.198671126 +0100 > @@ -1,6 +1,7 @@ > #! /usr/bin/env python > # ---------------------------------------------------------------------- > # Copyright (C) 2013 Kshitij Gupta <[email protected]> > +# Copyright (C) 2014-2015 Christian Boltz <[email protected]> > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of version 2 of the GNU General Public > @@ -631,7 +632,7 @@ > elif re.search('\d', ans): > default_option = ans > > - for ruletype in ['capability', 'change_profile', 'network', > 'rlimit', 'signal']: > + for ruletype in apparmor.aa.ruletypes: > if other.aa[profile][hat].get(ruletype, False): # needed > until we have proper profile initialization > for rule_obj in other.aa[profile][hat][ruletype].rules: > > === modified file ./utils/apparmor/aa.py > --- utils/apparmor/aa.py 2015-11-29 21:05:50.338348194 +0100 > +++ utils/apparmor/aa.py 2015-12-02 22:29:55.825439595 +0100 > @@ -61,6 +61,8 @@ > from apparmor.rule.signal import SignalRuleset, SignalRule > from apparmor.rule import parse_modifiers, quote_if_needed > > +ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal'] > + > from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast > > # setup module translations > @@ -1677,7 +1679,7 @@ > signal_obj = SignalRule(access, signal, peer, > log_event=aamode) > log_obj[profile][hat]['signal'].add(signal_obj) > > - for ruletype in ['capability', 'network', 'signal']: > + for ruletype in ruletypes: > # XXX aa-mergeprof also has this code - if you change > it, keep aa-mergeprof in sync! > for rule_obj in log_obj[profile][hat][ruletype].rules: > > @@ -2161,8 +2163,6 @@ > # Allow rules covered by denied rules shouldn't be deleted > # only a subset allow rules may actually be denied > > - ruletypes = ['capability', 'change_profile', 'network', 'rlimit', > 'signal'] > - > if include.get(incname, False): > for rule_type in ruletypes: > deleted += > profile[rule_type].delete_duplicates(include[incname][incname][rule_type]) > === modified file ./utils/apparmor/cleanprofile.py > --- utils/apparmor/cleanprofile.py 2015-11-19 17:42:26.317879173 +0100 > +++ utils/apparmor/cleanprofile.py 2015-12-02 22:37:19.298695423 +0100 > @@ -1,5 +1,6 @@ > # ---------------------------------------------------------------------- > # Copyright (C) 2013 Kshitij Gupta <[email protected]> > +# Copyright (C) 2014-2015 Christian Boltz <[email protected]> > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of version 2 of the GNU General Public > @@ -64,7 +65,7 @@ > deleted += > apparmor.delete_duplicates(self.other.aa[program][hat], inc) > > #Clean duplicate rules in other profile > - for ruletype in ['capability', 'change_profile', 'network', > 'rlimit', 'signal']: > + for ruletype in apparmor.ruletypes: > if not self.same_file: > deleted += > self.other.aa[program][hat][ruletype].delete_duplicates(self.profile.aa[program][hat][ruletype]) > else: > >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
