Max Timchenko has proposed merging lp:~maxvt/apparmor/aa-status-in-json into lp:apparmor.
Requested reviews: AppArmor Developers (apparmor-dev) For more details, see: https://code.launchpad.net/~maxvt/apparmor/aa-status-in-json/+merge/290073 Add a JSON output option to aa-status Automated infrastructure management tools, such as Chef, Puppet, and so on, could use a way to check AppArmor status that is both high-level (meaning it does not rely on kernel interfaces in /proc) and machine- readable (meaning it does not require the complexity of parsing output of tools originally intended for human consumption). Adding a JSON variant of the standard aa-status output achieves both. Test with: - aa-status --pretty-json - aa-status --json -- Your team AppArmor Developers is requested to review the proposed merge of lp:~maxvt/apparmor/aa-status-in-json into lp:apparmor.
=== modified file 'utils/aa-status' --- utils/aa-status 2016-03-18 20:29:47 +0000 +++ utils/aa-status 2016-03-24 18:07:40 +0000 @@ -10,7 +10,7 @@ # # ------------------------------------------------------------------ -import re, os, sys, errno +import re, os, sys, errno, json # PLEASE NOTE: we try to keep aa-status as minimal as possible, for # environments where installing all of the python utils and python @@ -82,6 +82,42 @@ if profiles == {}: sys.exit(2) +def cmd_json(pretty_output=False): + '''Outputs multiple data points about loaded profile set in a machine-readable JSON format''' + global verbose + profiles = get_profiles() + processes = get_processes(profiles) + + i = { + 'version': '1', + 'profiles': {}, + 'processes': {} + } + + for status in ('enforce', 'complain'): + filtered_profiles = filter_profiles(profiles, status) + for item in filtered_profiles: + i['profiles'][item] = status + + for status in ('enforce', 'complain', 'unconfined'): + filtered_processes = filter_processes(processes, status) + for (pid, process) in filtered_processes: + if process not in i['processes']: + i['processes'][process] = [] + + i['processes'][process].append({ + 'pid': pid, + 'status': status + }) + + if pretty_output: + sys.stdout.write(json.dumps(i, sort_keys=True, indent=4, separators=(',', ': '))) + else: + sys.stdout.write(json.dumps(i)) + +def cmd_pretty_json(): + cmd_json(True) + def get_profiles(): '''Fetch loaded profiles''' @@ -182,6 +218,8 @@ --profiled prints the number of loaded policies --enforced prints the number of loaded enforcing policies --complaining prints the number of loaded non-enforcing policies + --json displays multiple data points in machine-readable JSON format + --pretty-json same data as --json, formatted for human consumption as well --verbose (default) displays multiple data points about loaded policy set --help this message ''' % sys.argv[0]) @@ -205,6 +243,8 @@ '--profiled' : cmd_profiled, '--enforced' : cmd_enforced, '--complaining' : cmd_complaining, + '--json' : cmd_json, + '--pretty-json' : cmd_pretty_json, '--verbose' : cmd_verbose, '-v' : cmd_verbose, '--help' : print_usage, === modified file 'utils/aa-status.pod' --- utils/aa-status.pod 2013-09-19 19:17:39 +0000 +++ utils/aa-status.pod 2016-03-24 18:07:40 +0000 @@ -75,6 +75,16 @@ displays multiple data points about loaded AppArmor policy set (the default action if no arguments are given). +=item --json + +displays multiple data points about loaded AppArmor policy +set in a JSON format, fit for machine consumption. + +=item --pretty-json + +same as --json, formatted to be readable by humans as well +as by machines. + =item --help displays a short usage statement.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor