[apparmor] [PATCH] "aa-" prefix for all utils

Kees Cook kees at ubuntu.com
Wed Nov 3 23:23:40 GMT 2010 

Here is a patch to standardize on all utils using the "aa-" prefix instead
of a mix of symlinks to non-prefixed comands, and "apparmor_" prefixed
commands.

This also refactors the manpage generation slightly since we not longer
need special cases for the manpages, and drops aa-eventd from the default
list of tools to install (it also lacks a manpage).

-Kees

=== modified file 'common/Make.rules'
--- common/Make.rules	2010-10-18 19:12:37 +0000
+++ common/Make.rules	2010-11-03 23:20:11 +0000
@@ -169,8 +169,7 @@
 	$(foreach dir, ${MANDIRS}, \
 	     install -d ${DESTDIR}/${MANDIR}/man${dir} ; \
 	     install -m 644 $(filter %.${dir}, ${MANPAGES}) ${DESTDIR}/${MANDIR}/man${dir}; \
-	     $(foreach aa_page, $(filter %.${dir}, ${AA_MANPAGES}), \
-	     	ln -sf $(aa_page) ${DESTDIR}/${MANDIR}/man${dir}/${aa_page:%=aa-%};))
+	)
 
 %.1: %.pod
 	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=1 > $@

=== modified file 'parser/rc.apparmor.functions'
--- parser/rc.apparmor.functions	2010-02-16 20:56:04 +0000
+++ parser/rc.apparmor.functions	2010-11-03 23:11:17 +0000
@@ -77,7 +77,7 @@
 ABSTRACTIONS="-I${PROFILE_DIR}"
 AA_EV_BIN=/usr/sbin/aa-eventd
 AA_EV_PIDFILE=/var/run/aa-eventd.pid
-AA_STATUS=/usr/sbin/apparmor_status
+AA_STATUS=/usr/sbin/aa-status
 SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl
 SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid
 SD_STATUS=/usr/sbin/subdomain_status

=== modified file 'utils/Makefile'
--- utils/Makefile	2010-02-12 16:14:11 +0000
+++ utils/Makefile	2010-11-03 23:19:35 +0000
@@ -27,12 +27,10 @@
 	ln -sf $(COMMONDIR) .
 endif
 
-TOOLS = genprof logprof autodep audit complain enforce \
-	unconfined aa-eventd apparmor_status aa-decode \
-	apparmor_notify
+TOOLS = aa-genprof aa-logprof aa-autodep aa-audit aa-complain aa-enforce \
+	aa-unconfined aa-status aa-decode aa-notify
 
-AA_MANPAGES = autodep.8 complain.8 enforce.8 logprof.8 genprof.8 unconfined.8 audit.8
-MANPAGES    = ${AA_MANPAGES} logprof.conf.5 apparmor_status.8 aa-decode.8 apparmor_notify.8
+MANPAGES = ${TOOLS:=.8} logprof.conf.5
 
 all: ${MANPAGES} ${HTMLMANPAGES}
 	make -C po all
@@ -51,24 +49,12 @@
 	install -d ${CONFDIR}
 	install -m 644 logprof.conf severity.db notify.conf ${CONFDIR}
 	install -d ${BINDIR}
-	ln -sf apparmor_status ${BINDIR}/aa-status
-	ln -sf audit ${BINDIR}/aa-audit
-	ln -sf autodep ${BINDIR}/aa-autodep
-	ln -sf complain ${BINDIR}/aa-complain
-	ln -sf enforce ${BINDIR}/aa-enforce
-	ln -sf genprof ${BINDIR}/aa-genprof
-	ln -sf logprof ${BINDIR}/aa-logprof
-	ln -sf unconfined ${BINDIR}/aa-unconfined
-	ln -sf apparmor_notify ${BINDIR}/aa-notify
 	install -m 755 ${TOOLS} ${BINDIR}
 	install -d ${PERLDIR}
 	install -m 755 SubDomain.pm Repository.pm Config.pm Reports.pm Severity.pm ${PERLDIR}
 	make -C po install DESTDIR=${DESTDIR} NAME=${NAME}
 	mkdir -m 0700 -p $(DESTDIR)/var/log/apparmor
 	make install_manpages DESTDIR=${DESTDIR}
-	# special case for apparmor_status
-	ln -sf apparmor_status.8 ${DESTDIR}/${MANDIR}/man8/aa-status.8
-	ln -sf apparmor_notify.8 ${DESTDIR}/${MANDIR}/man8/aa-notify.8
 
 .PHONY: clean
 .SILENT: clean

=== renamed file 'utils/audit' => 'utils/aa-audit'
=== renamed file 'utils/audit.pod' => 'utils/aa-audit.pod'
=== renamed file 'utils/autodep' => 'utils/aa-autodep'
=== renamed file 'utils/autodep.pod' => 'utils/aa-autodep.pod'
=== renamed file 'utils/complain' => 'utils/aa-complain'
=== renamed file 'utils/complain.pod' => 'utils/aa-complain.pod'
=== renamed file 'utils/enforce' => 'utils/aa-enforce'
=== renamed file 'utils/enforce.pod' => 'utils/aa-enforce.pod'
=== renamed file 'utils/genprof' => 'utils/aa-genprof'
=== renamed file 'utils/genprof.pod' => 'utils/aa-genprof.pod'
=== renamed file 'utils/logprof' => 'utils/aa-logprof'
=== renamed file 'utils/logprof.pod' => 'utils/aa-logprof.pod'
=== renamed file 'utils/apparmor_notify' => 'utils/aa-notify'
--- utils/apparmor_notify	2010-09-09 17:40:38 +0000
+++ utils/aa-notify	2010-11-03 23:09:57 +0000
@@ -276,8 +276,8 @@
     # Look for other daemon instances of this script and kill them. This
     # can happen on logout and back in (in which case $notify_exe fails
     # anyway). 'ps xw' should output something like:
-    #  9987 ?        Ss     0:01 /usr/bin/perl ./bin/apparmor_notify -p
-    # 10170 ?        Ss     0:00 /usr/bin/perl ./bin/apparmor_notify -p
+    #  9987 ?        Ss     0:01 /usr/bin/perl ./bin/aa-notify -p
+    # 10170 ?        Ss     0:00 /usr/bin/perl ./bin/aa-notify -p
     open(PS,"$ps_exe xw|") or die "Unable to run '$ps_exe':$!\n";
     while(<PS>) {
         chomp;
@@ -319,7 +319,7 @@
     my $seconds = 5;
     our $time_to_die = 0;
 
-    print "Starting apparmor_notify\n";
+    print "Starting aa-notify\n";
     kill_running_daemons();
 
     # Daemonize, but not if in debug mode
@@ -450,7 +450,7 @@
             }
         }
     }
-    print STDERR "Stopping apparmor_notify\n";
+    print STDERR "Stopping aa-notify\n";
 }
 
 sub show_since {
@@ -517,18 +517,18 @@
 
 sub _warn {
     my $msg = $_[0];
-    print STDERR "apparmor_notify: WARN: $msg\n";
+    print STDERR "aa-notify: WARN: $msg\n";
 }
 sub _error {
     my $msg = $_[0];
-    print STDERR "apparmor_notify: ERROR: $msg\n";
+    print STDERR "aa-notify: ERROR: $msg\n";
     exitscript(1);
 }
 
 sub _debug {
     $opt_d or return;
     my $msg = $_[0];
-    print STDERR "apparmor_notify: DEBUG: $msg\n";
+    print STDERR "aa-notify: DEBUG: $msg\n";
 }
 
 sub exitscript {
@@ -539,7 +539,7 @@
 
 sub usage {
     my $s = <<'EOF';
-USAGE: apparmor_notify [OPTIONS]
+USAGE: aa-notify [OPTIONS]
 
 Display AppArmor notifications or messages for DENIED entries.
 

=== renamed file 'utils/apparmor_notify.pod' => 'utils/aa-notify.pod'
--- utils/apparmor_notify.pod	2010-05-12 08:46:22 +0000
+++ utils/aa-notify.pod	2010-11-03 23:10:10 +0000
@@ -23,20 +23,20 @@
 
 =head1 NAME
 
-apparmor_notify - display information about logged AppArmor messages.
+aa-notify - display information about logged AppArmor messages.
 
 =head1 SYNOPSIS
 
-B<apparmor_notify> [option]
+B<aa-notify> [option]
 
 =head1 DESCRIPTION
 
-B<apparmor_notify> will display a summary or provide desktop notifications
+B<aa-notify> will display a summary or provide desktop notifications
 for AppArmor DENIED messages.
 
 =head1 OPTIONS
 
-B<apparmor_notify> accepts the following arguments:
+B<aa-notify> accepts the following arguments:
 
 =over 4
 
@@ -78,13 +78,13 @@
 
 =head1 CONFIGURATION
 
-System-wide configuration for B<apparmor_notify> is done via
+System-wide configuration for B<aa-notify> is done via
 /etc/apparmor/notify.conf:
 
   # set to 'yes' to enable AppArmor DENIED notifications
   show_notifications="yes"
 
-  # only people in use_group can use apparmor_notify
+  # only people in use_group can use aa-notify
   use_group="admin"
 
 Per-user configuration is done via ~/.apparmor/notify.conf:
@@ -94,7 +94,7 @@
 
 =head1 BUGS
 
-B<apparmor_notify> needs to be able to read the logfiles containing the
+B<aa-notify> needs to be able to read the logfiles containing the
 AppArmor DENIED messages.
 
 If you find any additional bugs, please report them to Launchpad at

=== renamed file 'utils/apparmor_status' => 'utils/aa-status'
=== renamed file 'utils/apparmor_status.pod' => 'utils/aa-status.pod'
--- utils/apparmor_status.pod	2007-05-24 04:59:06 +0000
+++ utils/aa-status.pod	2010-11-03 23:09:12 +0000
@@ -24,16 +24,16 @@
 
 =head1 NAME
 
-apparmor_status - display various information about the current AppArmor
+aa-status - display various information about the current AppArmor
 policy.
 
 =head1 SYNOPSIS
 
-B<apparmor_status> [option]
+B<aa-status> [option]
 
 =head1 DESCRIPTION
 
-B<apparmor_status> will report various aspects of the current state of
+B<aa-status> will report various aspects of the current state of
 AppArmor confinement. By default, it displays the same information as if
 the I<--verbose> argument were given. A sample of what this looks like
 is:
@@ -52,7 +52,7 @@
 
 =head1 OPTIONS
 
-B<apparmor_status> accepts only one argument at a time out of:
+B<aa-status> accepts only one argument at a time out of:
 
 =over 4
 
@@ -85,11 +85,11 @@
 
 =head1 BUGS
 
-B<apparmor_status> must be run as root to read the state of the loaded
+B<aa-status> must be run as root to read the state of the loaded
 policy from the apparmor module. It uses the /proc filesystem to determine
 which processes are confined and so is susceptible to race conditions.
 
-Upon exiting, B<apparmor_status> will set its return value to the
+Upon exiting, B<aa-status> will set its return value to the
 following values:
 
 =item 0

=== renamed file 'utils/unconfined' => 'utils/aa-unconfined'
=== renamed file 'utils/unconfined.pod' => 'utils/aa-unconfined.pod'
=== modified file 'utils/notify.conf'
--- utils/notify.conf	2010-09-09 17:31:45 +0000
+++ utils/notify.conf	2010-11-03 23:10:20 +0000
@@ -11,5 +11,5 @@
 # Set to 'no' to disable AppArmor notifications globally
 show_notifications="yes"
 
-# Only people in use_group can use apparmor-notify
+# Only people in use_group can use aa-notify
 use_group="admin"


-- 
Kees Cook
Ubuntu Security Team

More information about the AppArmor mailing list