Max Timchenko has proposed merging lp:~maxvt/apparmor/aa-status-in-json into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~maxvt/apparmor/aa-status-in-json/+merge/290073
Add a JSON output option to aa-status
Automated infrastructure management tools, such as Chef, Puppet, and so
on, could use a way to check AppArmor status that is both high-level
(meaning it does not rely on kernel interfaces in /proc) and machine-
readable (meaning it does not require the complexity of parsing output
of tools originally intended for human consumption).
Adding a JSON variant of the standard aa-status output achieves both.
Test with:
- aa-status --pretty-json
- aa-status --json
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~maxvt/apparmor/aa-status-in-json into lp:apparmor.
=== modified file 'utils/aa-status'
--- utils/aa-status 2016-03-18 20:29:47 +0000
+++ utils/aa-status 2016-03-24 18:07:40 +0000
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-import re, os, sys, errno
+import re, os, sys, errno, json
# PLEASE NOTE: we try to keep aa-status as minimal as possible, for
# environments where installing all of the python utils and python
@@ -82,6 +82,42 @@
if profiles == {}:
sys.exit(2)
+def cmd_json(pretty_output=False):
+ '''Outputs multiple data points about loaded profile set in a machine-readable JSON format'''
+ global verbose
+ profiles = get_profiles()
+ processes = get_processes(profiles)
+
+ i = {
+ 'version': '1',
+ 'profiles': {},
+ 'processes': {}
+ }
+
+ for status in ('enforce', 'complain'):
+ filtered_profiles = filter_profiles(profiles, status)
+ for item in filtered_profiles:
+ i['profiles'][item] = status
+
+ for status in ('enforce', 'complain', 'unconfined'):
+ filtered_processes = filter_processes(processes, status)
+ for (pid, process) in filtered_processes:
+ if process not in i['processes']:
+ i['processes'][process] = []
+
+ i['processes'][process].append({
+ 'pid': pid,
+ 'status': status
+ })
+
+ if pretty_output:
+ sys.stdout.write(json.dumps(i, sort_keys=True, indent=4, separators=(',', ': ')))
+ else:
+ sys.stdout.write(json.dumps(i))
+
+def cmd_pretty_json():
+ cmd_json(True)
+
def get_profiles():
'''Fetch loaded profiles'''
@@ -182,6 +218,8 @@
--profiled prints the number of loaded policies
--enforced prints the number of loaded enforcing policies
--complaining prints the number of loaded non-enforcing policies
+ --json displays multiple data points in machine-readable JSON format
+ --pretty-json same data as --json, formatted for human consumption as well
--verbose (default) displays multiple data points about loaded policy set
--help this message
''' % sys.argv[0])
@@ -205,6 +243,8 @@
'--profiled' : cmd_profiled,
'--enforced' : cmd_enforced,
'--complaining' : cmd_complaining,
+ '--json' : cmd_json,
+ '--pretty-json' : cmd_pretty_json,
'--verbose' : cmd_verbose,
'-v' : cmd_verbose,
'--help' : print_usage,
=== modified file 'utils/aa-status.pod'
--- utils/aa-status.pod 2013-09-19 19:17:39 +0000
+++ utils/aa-status.pod 2016-03-24 18:07:40 +0000
@@ -75,6 +75,16 @@
displays multiple data points about loaded AppArmor policy
set (the default action if no arguments are given).
+=item --json
+
+displays multiple data points about loaded AppArmor policy
+set in a JSON format, fit for machine consumption.
+
+=item --pretty-json
+
+same as --json, formatted to be readable by humans as well
+as by machines.
+
=item --help
displays a short usage statement.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
