Re: [apparmor] [patch] bump libapparmor1 to libapparmor2
On Mon, Feb 24, 2014 at 11:13:23PM -0800, Steve Beattie wrote: > On Mon, Feb 24, 2014 at 04:23:13PM -0800, Seth Arnold wrote: > > In the course of building updated apparmor 2.8.95 packages for Ubuntu, I > > updated the libtool variables to: > > > > AA_LIB_CURRENT = 2 > > AA_LIB_REVISION = 0 > > AA_LIB_AGE = 0 > > > > To match the new '2' version we need to update the > > libraries/libapparmor/configure.ac to know that this is libapparmor2. > > > > I propose this patch for trunk. > > I'm not happy about the .so version bump, but since that appears to be > what we've done, we need to make the library name consistent. > > > Signed-of-by: Seth Arnold > > Signed-off-by: Steve Beattie Sorry, that should be: Acked-by: Steve Beattie Thanks. -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] bump libapparmor1 to libapparmor2
On Mon, Feb 24, 2014 at 04:23:13PM -0800, Seth Arnold wrote: > In the course of building updated apparmor 2.8.95 packages for Ubuntu, I > updated the libtool variables to: > > AA_LIB_CURRENT = 2 > AA_LIB_REVISION = 0 > AA_LIB_AGE = 0 > > To match the new '2' version we need to update the > libraries/libapparmor/configure.ac to know that this is libapparmor2. > > I propose this patch for trunk. I'm not happy about the .so version bump, but since that appears to be what we've done, we need to make the library name consistent. > Signed-of-by: Seth Arnold Signed-off-by: Steve Beattie > Index: b/libraries/libapparmor/configure.ac > === > --- a/libraries/libapparmor/configure.ac > +++ b/libraries/libapparmor/configure.ac > @@ -5,7 +5,7 @@ > > AC_INIT(configure.ac) > > -AM_INIT_AUTOMAKE(libapparmor1, apparmor_version) > +AM_INIT_AUTOMAKE(libapparmor2, apparmor_version) > > AM_PROG_LEX > AC_PROG_YACC -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] bump libapparmor1 to libapparmor2
In the course of building updated apparmor 2.8.95 packages for Ubuntu, I updated the libtool variables to: AA_LIB_CURRENT = 2 AA_LIB_REVISION = 0 AA_LIB_AGE = 0 To match the new '2' version we need to update the libraries/libapparmor/configure.ac to know that this is libapparmor2. I propose this patch for trunk. Signed-of-by: Seth Arnold Thanks Subject: libapparmor1 -> libapparmor2 in autoconf Author: Seth Arnold The library version has changed to 2: AA_LIB_CURRENT = 2 AA_LIB_REVISION = 0 AA_LIB_AGE = 0 --- libraries/libapparmor/configure.ac |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: b/libraries/libapparmor/configure.ac === --- a/libraries/libapparmor/configure.ac +++ b/libraries/libapparmor/configure.ac @@ -5,7 +5,7 @@ AC_INIT(configure.ac) -AM_INIT_AUTOMAKE(libapparmor1, apparmor_version) +AM_INIT_AUTOMAKE(libapparmor2, apparmor_version) AM_PROG_LEX AC_PROG_YACC signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] complain flag is enough, no symlink needed
On Tue, Feb 25, 2014 at 12:20:33AM +0100, Christian Boltz wrote: > Hello, > > let me compile 20 minutes of discussions into the addition of a # ;-) > > > Change aa-complain / set_complain() to (only) add the complain flag. > We don't need to additionally create a force-complain symlink. Acked-by: Steve Beattie (I could *maybe* see adding a flag to have it create the symlink instead, for use in packaging situations.) > === modified file 'utils/apparmor/aa.py' > --- utils/apparmor/aa.py2014-02-24 19:56:28 + > +++ utils/apparmor/aa.py2014-02-24 23:11:32 + > @@ -257,7 +257,8 @@ > def set_complain(filename, program): > """Sets the profile to complain mode""" > aaui.UI_Info(_('Setting %s to complain mode.') % program) > -create_symlink('force-complain', filename) > +# a force-complain symlink is more packaging-friendly, but breaks caching > +# create_symlink('force-complain', filename) > change_profile_flags(filename, program, 'complain', True) > > def set_enforce(filename, program): > -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [Bug 1180230] Re: glob in aa-genprof repeats same option
This patch was commited to 2.8 branch and trunk, and later changed to use grep instead of ~~~. AppArmor 2.8.3 contains the fix. ** Changed in: apparmor Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of AppArmor Developers, which is a bug assignee. https://bugs.launchpad.net/bugs/1180230 Title: glob in aa-genprof repeats same option Status in AppArmor Linux application security framework: Fix Released Bug description: When using glob, the glob does not check if the entries mentioned previously is repeated or not. Using a simple check to match against the previous entry will solve this and prevent such long pointless lists. | [(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts | | Profile: /usr/sbin/mtr | Path: /etc/gai.conf | Mode: r | Severity: unknown | | | 1 - #include | 2 - #include | 3 - /etc/gai.conf | 4 - /etc/* | 5 - /** | 6 - /** | 7 - /** | 8 - /** | 9 - /** | 10 - /** | 11 - /** | 12 - /** | 13 - /** | 14 - /** | [15 - /**] | | [(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts I'm assuming this is a problem with the AppArmor library based in Perl. I'm trying to work a way to fix it. (BTW, my first bug report ever.) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1180230/+subscriptions -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] complain flag is enough, no symlink needed
Hello, let me compile 20 minutes of discussions into the addition of a # ;-) Change aa-complain / set_complain() to (only) add the complain flag. We don't need to additionally create a force-complain symlink. === modified file 'utils/apparmor/aa.py' --- utils/apparmor/aa.py2014-02-24 19:56:28 + +++ utils/apparmor/aa.py2014-02-24 23:11:32 + @@ -257,7 +257,8 @@ def set_complain(filename, program): """Sets the profile to complain mode""" aaui.UI_Info(_('Setting %s to complain mode.') % program) -create_symlink('force-complain', filename) +# a force-complain symlink is more packaging-friendly, but breaks caching +# create_symlink('force-complain', filename) change_profile_flags(filename, program, 'complain', True) def set_enforce(filename, program): Regards, Christian Boltz -- Ich habe ein update für 2.0.1 released, welches die Änderung im Makefile auf die alte Version zurück"portiert" (Was für ein großes Wort für zwei Anführungsstriche). [Ratti in fontlinge-devel - nach Änderung von zwei »'« zu »"« in einem Makefile] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] utils: fix cmd reference in apparmor/tools.py
Hello, Am Montag, 24. Februar 2014 schrieb Steve Beattie: > This patch fixes up the parser command invocation via > apparmor/common.py:cmd(), as it handles stdout/stderr redirection, > and the redirection that was being attempted were being handed as > arguments to the parser. Nice, good catch! > (As an aside, we generally try to avoid invoking the shell when > running external commands, to avoid shell quoting issues.) > > Signed-off-by: Steve Beattie > --- > utils/apparmor/tools.py |5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > Index: b/utils/apparmor/tools.py > === > --- a/utils/apparmor/tools.py > +++ b/utils/apparmor/tools.py > @@ -16,7 +16,7 @@ import sys > > import apparmor.aa as apparmor > import apparmor.ui as aaui > -from apparmor.common import user_perm > +from apparmor.common import user_perm, cmd > > # setup module translations > from apparmor.translations import init_translation > @@ -118,8 +118,7 @@ class aa_tools: > # One simply does not walk in here! > raise apparmor.AppArmorException('Unknown > tool: %s' % self.name) > > -cmd_info = apparmor.cmd([apparmor.parser, > filename, '-I%s' % apparmor.profile_dir, '-R 2>&1', '1>/dev/null']) - >#cmd_info = apparmor.cmd(['cat', filename, '|', > apparmor.parser, '-I%s'%apparmor.profile_dir, '-R 2>&1', > '1>/dev/null']) +cmd_info = cmd([apparmor.parser, > '-I%s' % apparmor.profile_dir, '-R', filename]) > > if cmd_info[0] != 0: > raise apparmor.AppArmorException(cmd_info[1]) Acked-by: Christian Boltz Regards, Christian Boltz -- Früher habe ich auch gerne CDs gekauft [...] Aber ich habe gelernt, daß ich damit nicht Musiker fördere, sondern nur koksende Sony-Spacken, die mir zum Dank für meine Investition [...] ein Rootkit auf meine Karre installieren, gleich neben den Staatstrojaner. [http://blog.koehntopp.de/archives/3154-Nicht-Urheberrecht-ist-das-Kernthema.html] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] libapparmor README
On Mon, Feb 24, 2014 at 10:04:59PM +0100, Christian Boltz wrote: > this patch updates the bugtracker link in the libapparmor README. Acked-by: Steve Beattie -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] libapparmor README
Hello, this patch updates the bugtracker link in the libapparmor README. === modified file 'libraries/libapparmor/README' --- libraries/libapparmor/README2008-05-19 22:48:31 + +++ libraries/libapparmor/README2014-02-24 20:45:19 + @@ -1,1 +1,3 @@ -What little documentation exists is in src/aalogparse.h. Please file bugs using http://bugzilla.novell.com under the AppArmor product. +What little documentation exists is in src/aalogparse.h. + +Please file bugs using https://bugs.launchpad.net/apparmor/+filebug Regards, Christian Boltz -- By the way, it's a sign of how good the distribution is that we're arguing about the name and not dealing with problems in the essence of the thing. Even the overloaded servers are what an old boss of mine would have called a "success problem." [Randall Schulz in opensuse] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] utils: split out disable functionality in apparmor/tools.py
This patch splits out the disable functionality from the apparmor/tools.py:act() method into a separate cmd_disable() method. The intent is to unwind the logic in act() into smaller, more digestible chunks, while sharing commonality via helper functions (e.g. the added get_next_to_profile() function). A secondary driver of this change is that the tools fail when used against the trunk profiles, due to act() forcing all the profiles to be read and the tools not understanding the recently added dbus rules (they were intentionally ignored as part of scoping the rewrite). Unfortunately, this is not a solution for aa-enforce, aa-complain, etc. as they are expected to know enough about profiles to understand and update profile flags. I should note that one side effect is that this patch effectively neuters the -r (revert) option for aa-disable. I don't really like that option (I'd rather point people at using aa-enforce to undo aa-disable). I can submit a patch that either removes the option or adds the functionality if we desire it. (The patch is a little larger than I'd hoped, to deal with the removal of the 'p' variable due to lifting get_next_to_profile() into a separate function.) Signed-off-by: Steve Beattie --- utils/aa-disable|4 +-- utils/apparmor/tools.py | 56 +--- 2 files changed, 36 insertions(+), 24 deletions(-) Index: b/utils/apparmor/tools.py === --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -55,12 +55,12 @@ class aa_tools: if not os.path.isdir(self.disabledir): raise apparmor.AppArmorException("Can't find AppArmor disable directory %s" % self.disabledir) -def act(self): +def get_next_to_profile(self): for p in self.profiling: if not p: continue -program = None +program = p if os.path.exists(p): program = apparmor.get_full_path(p).strip() else: @@ -68,16 +68,18 @@ class aa_tools: if which: program = apparmor.get_full_path(which) +yield program + +def act(self): +for program in self.get_next_to_profile(): + apparmor.read_profiles() -#If program does not exists on the system but its profile does -if not program and apparmor.profile_exists(p): -program = p if not program or not(os.path.exists(program) or apparmor.profile_exists(program)): if program and not program.startswith('/'): program = aaui.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '') else: -aaui.UI_Info(_("%s does not exist, please double-check the path.") % p) +aaui.UI_Info(_("%s does not exist, please double-check the path.") % program) sys.exit(1) if self.name == 'autodep' and program and os.path.exists(program): @@ -85,21 +87,13 @@ class aa_tools: elif program and apparmor.profile_exists(program): if self.name == 'cleanprof': -self.clean_profile(program, p) +self.clean_profile(program) else: filename = apparmor.get_profile_filename(program) if not os.path.isfile(filename) or apparmor.is_skippable_file(filename): -aaui.UI_Info(_('Profile for %s not found, skipping') % p) - -elif self.name == 'disable': -if not self.revert: -aaui.UI_Info(_('Disabling %s.') % program) -self.disable_profile(filename) -else: -aaui.UI_Info(_('Enabling %s.') % program) -self.enable_profile(filename) +aaui.UI_Info(_('Profile for %s not found, skipping') % program) elif self.name == 'audit': if not self.remove: @@ -124,13 +118,32 @@ class aa_tools: raise apparmor.AppArmorException(cmd_info[1]) else: -if '/' not in p: -aaui.UI_Info(_("Can't find %s in the system path list. If the name of the application\nis correct, please run 'which %s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % (p, p)) +if '/' not in program: +aaui.UI_Info(_("Can't find %s in the system path list. If the name of the application\nis correct, please run 'which %s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full pa
Re: [apparmor] [patch] new profile tools - handling of "(F)inish"
On Feb 25, 2014 12:15 AM, "Christian Boltz" wrote: > > Hello, > > [patch v2, see below] > > Am Montag, 27. Januar 2014 schrieb Christian Boltz: > > currently, selecting (F)inish in the new profile tools basically means > > aborting without saving anything. However, we already have Abo(r)t > > for that ;-) > > > > (F)inish should ask the user if he wants to save the changed profiles > > before exiting. > > > > The attached patch does this (except for two places, where I just > > added a TODO instead of real code ;-) - probably solvable by > > copy&paste) > > Ignore the "except ..." part - that's fixed in the v2 patch ;-) > > > I don't really like that I had to remove the central handling of > > (F)inish in ui.py and add it to several places in aa.py. OTOH calling > > confirm_and_finish() from ui.py a) isn't that easy and b) would mix > > program logic into ui.py - I'm not sure if this is a good idea. > > > > Hmm, maybe we should also move the handling for Abo(r)t to aa.py and > > make ui.py totally dump to be consistent, even if this means to add > > some duplicated lines? > > > > Or add a small function to aa.py as wrapper for UI_PromptUser that > > - always adds (F)inish and Abo(r)t > > - handles those two > > - and returns any other answer to the calling function > > ? > > This function could then be used for all user prompts, with the > > exception of the "save profile / view diff" prompt. > > > > Opinions? > Sounds good. And as for save profile prompt, it needs some work as discussed. > > Here's an updated version of the patch that applies to current bzr trunk. > > === modified file 'utils/apparmor/aa.py' > --- utils/apparmor/aa.py2014-02-24 18:20:11 + > +++ utils/apparmor/aa.py2014-02-24 18:42:03 + > @@ -498,6 +498,10 @@ > > ans = '' > while 'CMD_USE_PROFILE' not in ans and 'CMD_CREATE_PROFILE' not in ans: > +if ans == 'CMD_FINISHED': > +save_profiles() > +return; > + > ans, arg = aaui.UI_PromptUser(q) > p = profile_hash[options[arg]] > q['selected'] = options.index(options[arg]) > @@ -990,6 +994,10 @@ > > ans = aaui.UI_PromptUser(q) > > +if ans == 'CMD_FINISHED': > +save_profiles() > +return; > + > transitions[context] = ans > > if ans == 'CMD_ADDHAT': > @@ -1251,6 +1259,11 @@ > q['functions'] += build_x_functions(default, options, exec_toggle) > ans = '' > continue > + > +if ans == 'CMD_FINISHED': > +save_profiles() > +return; > + > if ans == 'CMD_nx' or ans == 'CMD_nix': > arg = exec_target > ynans = 'n' > @@ -1550,6 +1563,11 @@ > done = False > while not done: > ans, selected = aaui.UI_PromptUser(q) > + > +if ans == 'CMD_FINISHED': > +save_profiles() > +return; > + > # Ignore the log entry > if ans == 'CMD_IGNORE_ENTRY': > done = True > @@ -1794,6 +1812,10 @@ > > ans, selected = aaui.UI_PromptUser(q) > > +if ans == 'CMD_FINISHED': > +save_profiles() > +return; > + > if ans == 'CMD_IGNORE_ENTRY': > done = True > break > @@ -1945,6 +1967,11 @@ > done = False > while not done: > ans, selected = aaui.UI_PromptUser(q) > + > +if ans == 'CMD_FINISHED': > +save_profiles() > +return; I don't like the ";" there after return. Besides that it looks good. Not tested but I believe you did. Acked-by: Kshitij Gupta, maybe remove the semicolon (Matter of taste). > + > if ans == 'CMD_IGNORE_ENTRY': > done = True > break > > === modified file 'utils/apparmor/ui.py' > --- utils/apparmor/ui.py2014-02-13 18:01:03 + > +++ utils/apparmor/ui.py2014-02-24 18:32:40 + > @@ -288,10 +288,6 @@ > if cmd == 'CMD_ABORT': > confirm_and_abort() > cmd = 'XXXINVALIDXXX' > -elif cmd == 'CMD_FINISHED': > -if not params: > -confirm_and_finish() > -cmd = 'XXXINVALIDXXX' > return (cmd, arg) > > def confirm_and_abort(): > @@ -317,9 +313,6 @@ > })
Re: [apparmor] [patch] common.py: add debugging, py2 compat fix
On Feb 25, 2014 12:47 AM, "Steve Beattie" wrote: > > On Mon, Feb 24, 2014 at 07:58:57PM +0100, Christian Boltz wrote: > > Hello, > > > > this patch fixes two (unrelated) issues in common.py: > > - it adds some debug logging in valid_path() > > - it fixes a py2 incompability in DebugLogger.__init__ > > > > > > === modified file 'utils/apparmor/common.py' > > --- utils/apparmor/common.py2014-02-12 23:54:00 + > > +++ utils/apparmor/common.py2014-02-24 18:55:21 + > > @@ -112,6 +112,7 @@ > > return False > > > > if '"' in path: # We double quote elsewhere > > +debug("%s (contains quote)" % (m)) > > return False > > > > try: > > @@ -228,7 +229,7 @@ > > try: > > logging.basicConfig(filename=self.logfile, level=self.debug_level, > > format='%(asctime)s - %(name)s - %(message)s\n') > > -except OSError: > > +except IOError: > > Does logging in python3 throw an OSError? Perhaps 'except (IOError, > OSError)' which will catch either exception class would be better? > > Python 3 merged OSError and IOError ( they changed the exception hierarchy). So IOError works for both. Acked-by: Kshitij Gupta @cboltz: Please commit the patch. :) > -- > Steve Beattie > > http://NxNW.org/~steve/ > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] common.py: add debugging, py2 compat fix
On Mon, Feb 24, 2014 at 07:58:57PM +0100, Christian Boltz wrote: > Hello, > > this patch fixes two (unrelated) issues in common.py: > - it adds some debug logging in valid_path() > - it fixes a py2 incompability in DebugLogger.__init__ > > > === modified file 'utils/apparmor/common.py' > --- utils/apparmor/common.py2014-02-12 23:54:00 + > +++ utils/apparmor/common.py2014-02-24 18:55:21 + > @@ -112,6 +112,7 @@ > return False > > if '"' in path: # We double quote elsewhere > +debug("%s (contains quote)" % (m)) > return False > > try: > @@ -228,7 +229,7 @@ > try: > logging.basicConfig(filename=self.logfile, > level=self.debug_level, > format='%(asctime)s - %(name)s - > %(message)s\n') > -except OSError: > +except IOError: Does logging in python3 throw an OSError? Perhaps 'except (IOError, OSError)' which will catch either exception class would be better? -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] common.py: add debugging, py2 compat fix
Hello, this patch fixes two (unrelated) issues in common.py: - it adds some debug logging in valid_path() - it fixes a py2 incompability in DebugLogger.__init__ === modified file 'utils/apparmor/common.py' --- utils/apparmor/common.py2014-02-12 23:54:00 + +++ utils/apparmor/common.py2014-02-24 18:55:21 + @@ -112,6 +112,7 @@ return False if '"' in path: # We double quote elsewhere +debug("%s (contains quote)" % (m)) return False try: @@ -228,7 +229,7 @@ try: logging.basicConfig(filename=self.logfile, level=self.debug_level, format='%(asctime)s - %(name)s - %(message)s\n') -except OSError: +except IOError: # Unable to open the default logfile, so create a temporary logfile and tell use about it import tempfile templog = tempfile.NamedTemporaryFile('w', prefix='apparmor', suffix='.log', delete=False) Regards, Christian Boltz -- *pieps* Die Verkehrshinweise: Im Netzwerkkabel von Marc 100 MB Stau wegen einer Vollsperrung der Ausfahrt Festplatte. Bitte warten Sie auf dem Rasthof FTP-Server. *pieps* [Christian Boltz, gefunden von D. Haller] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] utils: fix cmd reference in apparmor/tools.py
This patch fixes up the parser command invocation via apparmor/common.py:cmd(), as it handles stdout/stderr redirection, and the redirection that was being attempted were being handed as arguments to the parser. (As an aside, we generally try to avoid invoking the shell when running external commands, to avoid shell quoting issues.) Signed-off-by: Steve Beattie --- utils/apparmor/tools.py |5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Index: b/utils/apparmor/tools.py === --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -16,7 +16,7 @@ import sys import apparmor.aa as apparmor import apparmor.ui as aaui -from apparmor.common import user_perm +from apparmor.common import user_perm, cmd # setup module translations from apparmor.translations import init_translation @@ -118,8 +118,7 @@ class aa_tools: # One simply does not walk in here! raise apparmor.AppArmorException('Unknown tool: %s' % self.name) -cmd_info = apparmor.cmd([apparmor.parser, filename, '-I%s' % apparmor.profile_dir, '-R 2>&1', '1>/dev/null']) -#cmd_info = apparmor.cmd(['cat', filename, '|', apparmor.parser, '-I%s'%apparmor.profile_dir, '-R 2>&1', '1>/dev/null']) +cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-R', filename]) if cmd_info[0] != 0: raise apparmor.AppArmorException(cmd_info[1]) -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] new profile tools - handling of "(F)inish"
Hello, [patch v2, see below] Am Montag, 27. Januar 2014 schrieb Christian Boltz: > currently, selecting (F)inish in the new profile tools basically means > aborting without saving anything. However, we already have Abo(r)t > for that ;-) > > (F)inish should ask the user if he wants to save the changed profiles > before exiting. > > The attached patch does this (except for two places, where I just > added a TODO instead of real code ;-) - probably solvable by > copy&paste) Ignore the "except ..." part - that's fixed in the v2 patch ;-) > I don't really like that I had to remove the central handling of > (F)inish in ui.py and add it to several places in aa.py. OTOH calling > confirm_and_finish() from ui.py a) isn't that easy and b) would mix > program logic into ui.py - I'm not sure if this is a good idea. > > Hmm, maybe we should also move the handling for Abo(r)t to aa.py and > make ui.py totally dump to be consistent, even if this means to add > some duplicated lines? > > Or add a small function to aa.py as wrapper for UI_PromptUser that > - always adds (F)inish and Abo(r)t > - handles those two > - and returns any other answer to the calling function > ? > This function could then be used for all user prompts, with the > exception of the "save profile / view diff" prompt. > > Opinions? Here's an updated version of the patch that applies to current bzr trunk. === modified file 'utils/apparmor/aa.py' --- utils/apparmor/aa.py2014-02-24 18:20:11 + +++ utils/apparmor/aa.py2014-02-24 18:42:03 + @@ -498,6 +498,10 @@ ans = '' while 'CMD_USE_PROFILE' not in ans and 'CMD_CREATE_PROFILE' not in ans: +if ans == 'CMD_FINISHED': +save_profiles() +return; + ans, arg = aaui.UI_PromptUser(q) p = profile_hash[options[arg]] q['selected'] = options.index(options[arg]) @@ -990,6 +994,10 @@ ans = aaui.UI_PromptUser(q) +if ans == 'CMD_FINISHED': +save_profiles() +return; + transitions[context] = ans if ans == 'CMD_ADDHAT': @@ -1251,6 +1259,11 @@ q['functions'] += build_x_functions(default, options, exec_toggle) ans = '' continue + +if ans == 'CMD_FINISHED': +save_profiles() +return; + if ans == 'CMD_nx' or ans == 'CMD_nix': arg = exec_target ynans = 'n' @@ -1550,6 +1563,11 @@ done = False while not done: ans, selected = aaui.UI_PromptUser(q) + +if ans == 'CMD_FINISHED': +save_profiles() +return; + # Ignore the log entry if ans == 'CMD_IGNORE_ENTRY': done = True @@ -1794,6 +1812,10 @@ ans, selected = aaui.UI_PromptUser(q) +if ans == 'CMD_FINISHED': +save_profiles() +return; + if ans == 'CMD_IGNORE_ENTRY': done = True break @@ -1945,6 +1967,11 @@ done = False while not done: ans, selected = aaui.UI_PromptUser(q) + +if ans == 'CMD_FINISHED': +save_profiles() +return; + if ans == 'CMD_IGNORE_ENTRY': done = True break === modified file 'utils/apparmor/ui.py' --- utils/apparmor/ui.py2014-02-13 18:01:03 + +++ utils/apparmor/ui.py2014-02-24 18:32:40 + @@ -288,10 +288,6 @@ if cmd == 'CMD_ABORT': confirm_and_abort() cmd = 'XXXINVALIDXXX' -elif cmd == 'CMD_FINISHED': -if not params: -confirm_and_finish() -cmd = 'XXXINVALIDXXX' return (cmd, arg) def confirm_and_abort(): @@ -317,9 +313,6 @@ }) ypath, yarg = GetDataFromYast() -def confirm_and_finish(): -sys.stdout.write(_('FINISHING...\n')) -sys.exit(0) def Text_PromptUser(question): title = question['title'] Regards, Christian Boltz -- Wenn ich mir ein System installiere, welches dieses oder jenes oder welches "für mich" tut (gegen mich?), dann kann ich gleich Windows nehmen. Das fährt sich so gut, wie ein elektronischer Chauffeur das eben kann: Nämlich bis die Elektronik ein Dixi-Klo mit 'ner Garage verwechselt: Eckig und die Tür war offen.