[apparmor] [PATCH] aa-disable

Steve Beattie steve at nxnw.org
Tue Feb 8 00:22:02 UTC 2011 

On Mon, Feb 07, 2011 at 05:47:08PM -0600, Jamie Strandboge wrote:
> aa-enforce and aa-complain exist to put a profile into enforce or
> complain mode respectively. The /etc/apparmor.d/disable directory
> already exists to drop files into it to disable profile load via
> apparmor_parser (and therefore via the apparmor initscript). What
> doesn't exist is aa-disable to add a file to the disable/ directory and
> unload the profile. This patch does that. This version of aa-disable is
> based on aa-complain (in fact doing a diff between aa-complain and
> aa-disable might make review easier) and works as well as aa-enforce and
> aa-complain. In other words, aa-disable has the same limitations of not
> handling the specified binary properly if the specified attachment does
> not match the path naming scheme (eg, the profile doesn't use the
> conventional path.to.binary naming scheme, globbing is used for
> attachment within the profile, etc).
> 
> aa-disable.patch:
> * add aa-disable
> * add aa-disable.pod
> * update utils/Makefile
> 
> aa-disable_docs.patch:
> * update various utils/*.pod files to also reference aa-disable, if they
> already referenced aa-enforce and/or aa-complain

Acked-By: Steve Beattie <sbeattie at ubuntu.com>

On Mon, Feb 07, 2011 at 05:54:56PM -0600, Jamie Strandboge wrote:
> I forgot to mention, since I couldn't find in source test cases for the
> aa-* utilities, I added an aa-disable test to QRT[1].
> 
> [1]http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/1112

Thanks for adding this, you're correct that there are no in-tree
regression tests for the utilities. It's been a long-standing desire
of mine to add some, but it's non-trivial (granted, it's easier for
the aa-complain/aa-enable/aa-disable tools).

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110207/905fc2b8/attachment.pgp>

More information about the AppArmor mailing list