[apparmor] [PATCH] deep replacement of SubDomain name
Kees Cook
kees at ubuntu.com
Thu Jan 13 18:29:59 UTC 2011
Here's an update to rename another chunk of things that still used
"SubDomain" in some way. This leaves only "subdomain.conf" and the
function names internally.
Additionally, I added a "make check" rule to the utils/Makefile to do a
simple "perl -c" sanity check just for good measure.
-Kees
=== modified file 'parser/COPYING.GPL'
--- parser/COPYING.GPL 2010-07-31 23:00:52 +0000
+++ parser/COPYING.GPL 2011-01-13 17:47:25 +0000
@@ -1,4 +1,4 @@
-This license applies to all source files within the SubDomain parser
+This license applies to all source files within the AppArmor parser
package.
GNU GENERAL PUBLIC LICENSE
=== modified file 'parser/po/subdomain_parser.pot'
--- parser/po/subdomain_parser.pot 2006-04-11 21:52:54 +0000
+++ parser/po/subdomain_parser.pot 2011-01-13 17:43:29 +0000
@@ -411,7 +411,7 @@
#: parser_yacc.y:1461
#, c-format
-msgid "%s: Two SubDomains defined for '%s'.\n"
+msgid "%s: Two profiles defined for '%s'.\n"
msgstr ""
#: ../parser.h:37
=== modified file 'parser/rc.apparmor.functions'
--- parser/rc.apparmor.functions 2010-12-20 20:29:10 +0000
+++ parser/rc.apparmor.functions 2011-01-13 17:42:01 +0000
@@ -116,7 +116,7 @@
}
# This set of patterns to skip needs to be kept in sync with
-# SubDomain.pm::isSkippableFile()
+# AppArmor.pm::isSkippableFile()
# returns 0 if profile should NOT be skipped
# returns 1 on verbose skip
# returns 2 on silent skip
=== modified file 'parser/subdomain.conf'
--- parser/subdomain.conf 2010-12-20 20:29:10 +0000
+++ parser/subdomain.conf 2011-01-13 17:44:09 +0000
@@ -1,6 +1,6 @@
-# subdomain.conf is a shared SubDomain configuration file that is sh sourcable.
+# subdomain.conf is a shared AppArmor configuration file that is sh sourcable.
-################## SubDomain init.d configuration ################
+################## AppArmor init.d configuration ################
# Move this to /etc/sysconfig/apparmor eventually
## Path: System/AppArmor
@@ -25,17 +25,17 @@
#SUBDOMAIN_MODULE_PANIC=XXX
#This option controls how subdomain behaves when the init script attempts
-#to load the SubDomain module and fails. There are 4 options
+#to load the AppArmor module and fails. There are 4 options
#warn - log a failure message. (default behavior)
-#build - attempt to build the SubDomain module is the module can't be loaded.
+#build - attempt to build the AppArmor module is the module can't be loaded.
# If successful
# the module will be built for the running kernel and loaded.
# If the build fails
# a failure message is logged
-#panic - If the SubDomain module fails to load
+#panic - If the AppArmor module fails to load
# a failure message will be logged
# and the machine will drop to runlevel 1 (single user)
-#build-panic - If the SubDomain module fails to load
+#build-panic - If the AppArmor module fails to load
# attempt to build the module
# If building the module fails
# panic (drop to runlevel 1)
=== modified file 'parser/tst/README'
--- parser/tst/README 2010-06-05 01:47:44 +0000
+++ parser/tst/README 2011-01-13 17:41:39 +0000
@@ -1,9 +1,9 @@
-This is the README for the SubDomain parser regression testsuite.
+This is the README for the AppArmor parser regression testsuite.
Running the testsuite
---------------------
Running the tests is pretty easy, a simple 'make tests' should make it
-go, assuming the subdomain parser and perl are installed.
+go, assuming the subdomain parser and perl are installed.
There is a user configuration file 'uservars.conf'. If you wish to test
against a different parser, or use a different set of profiles for the
@@ -19,7 +19,7 @@
It should be relatively easy to extend the suite with other testscripts,
as long as they're written using Test::Simple or can emulate the
-Test::Harness protocol. To add a script, add it to the TESTS variable
+Test::Harness protocol. To add a script, add it to the TESTS variable
in the Makefile, and it will included in the tests to be run.
However, in many cases, it is not necessary to add an entire new
@@ -55,7 +55,7 @@
profile. Values can either be PASS or FAIL; if no comment is found
that matches this pattern, then the profile is assumed to have an
expected parse result of PASS.
-
+
- #=TODO -- marks the test as being for a future item to implement and
thus are expected testsuite failures and hsould be ignored.
=== added directory 'utils/Immunix'
=== renamed file 'utils/SubDomain.pm' => 'utils/Immunix/AppArmor.pm'
--- utils/SubDomain.pm 2011-01-13 17:13:34 +0000
+++ utils/Immunix/AppArmor.pm 2011-01-13 17:37:07 +0000
@@ -18,7 +18,7 @@
# you may find current contact information at www.novell.com.
# ----------------------------------------------------------------------
-package Immunix::SubDomain;
+package Immunix::AppArmor;
use strict;
use warnings;
@@ -1590,7 +1590,7 @@
CMD_GLOBEXT => "Glob w/(E)xt",
CMD_ADDHAT => "(A)dd Requested Hat",
CMD_USEDEFAULT => "(U)se Default Hat",
- CMD_SCAN => "(S)can system log for SubDomain events",
+ CMD_SCAN => "(S)can system log for AppArmor events",
CMD_HELP => "(H)elp",
CMD_VIEW_PROFILE => "(V)iew Profile",
CMD_USE_PROFILE => "(U)se Profile",
=== renamed file 'utils/Config.pm' => 'utils/Immunix/Config.pm'
=== renamed file 'utils/Reports.pm' => 'utils/Immunix/Reports.pm'
=== renamed file 'utils/Repository.pm' => 'utils/Immunix/Repository.pm'
=== renamed file 'utils/Severity.pm' => 'utils/Immunix/Severity.pm'
=== modified file 'utils/Makefile'
--- utils/Makefile 2011-01-13 17:13:34 +0000
+++ utils/Makefile 2011-01-13 18:19:08 +0000
@@ -26,8 +26,12 @@
ln -sf $(COMMONDIR) .
endif
-TOOLS = aa-genprof aa-logprof aa-autodep aa-audit aa-complain aa-enforce \
- aa-unconfined aa-status aa-decode aa-notify
+MODDIR = Immunix
+PERLTOOLS = aa-genprof aa-logprof aa-autodep aa-audit aa-complain aa-enforce \
+ aa-unconfined aa-status aa-notify
+TOOLS = ${PERLTOOLS} aa-decode
+MODULES = ${MODDIR}/AppArmor.pm ${MODDIR}/Repository.pm \
+ ${MODDIR}/Config.pm ${MODDIR}/Severity.pm
MANPAGES = ${TOOLS:=.8} logprof.conf.5
@@ -38,10 +42,10 @@
DESTDIR=/
BINDIR=${DESTDIR}/usr/sbin
CONFDIR=${DESTDIR}/etc/apparmor
-PERLDIR=${DESTDIR}/usr/lib/perl5/vendor_perl/Immunix
+PERLDIR=${DESTDIR}/usr/lib/perl5/vendor_perl/${MODDIR}
po/${NAME}.pot: ${TOOLS}
- make -C po ${NAME}.pot NAME=${NAME} SOURCES="${TOOLS} SubDomain.pm Repository.pm Config.pm"
+ make -C po ${NAME}.pot NAME=${NAME} SOURCES="${TOOLS} ${MODULES}"
.PHONY: install
install: ${MANPAGES} ${HTMLMANPAGES}
@@ -51,7 +55,7 @@
ln -sf aa-status ${BINDIR}/apparmor_status
install -m 755 ${TOOLS} ${BINDIR}
install -d ${PERLDIR}
- install -m 755 SubDomain.pm Repository.pm Config.pm Severity.pm ${PERLDIR}
+ install -m 755 ${MODULES} ${PERLDIR}
make -C po install DESTDIR=${DESTDIR} NAME=${NAME}
make install_manpages DESTDIR=${DESTDIR}
ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
@@ -63,3 +67,7 @@
rm -f Make.rules
make -C po clean
+check:
+ for i in ${MODULES} ${PERLTOOLS} ; do \
+ perl -c $$i || exit 1; \
+ done
=== modified file 'utils/aa-audit'
--- utils/aa-audit 2010-12-20 20:29:10 +0000
+++ utils/aa-audit 2011-01-13 17:36:51 +0000
@@ -22,7 +22,7 @@
use FindBin;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Data::Dumper;
@@ -50,7 +50,7 @@
$profiledir = get_full_path($profiledir);
unless (-d $profiledir) {
- UI_Important("Can't find subdomain profiles in $profiledir.");
+ UI_Important("Can't find AppArmor profiles in $profiledir.");
exit 1;
}
=== modified file 'utils/aa-autodep'
--- utils/aa-autodep 2010-12-20 20:29:10 +0000
+++ utils/aa-autodep 2011-01-13 17:36:51 +0000
@@ -22,7 +22,7 @@
use FindBin;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Data::Dumper;
@@ -57,7 +57,7 @@
$profiledir = get_full_path($profiledir);
unless (-d $profiledir) {
- UI_Important(sprintf(gettext('Can\'t find subdomain profiles in %s.'), $profiledir));
+ UI_Important(sprintf(gettext('Can\'t find AppArmor profiles in %s.'), $profiledir));
exit 1;
}
=== modified file 'utils/aa-complain'
--- utils/aa-complain 2010-12-20 20:29:10 +0000
+++ utils/aa-complain 2011-01-13 17:36:51 +0000
@@ -22,7 +22,7 @@
use FindBin;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Data::Dumper;
@@ -50,7 +50,7 @@
$profiledir = get_full_path($profiledir);
unless (-d $profiledir) {
- UI_Important("Can't find subdomain profiles in $profiledir.");
+ UI_Important("Can't find AppArmor profiles in $profiledir.");
exit 1;
}
=== modified file 'utils/aa-enforce'
--- utils/aa-enforce 2010-12-20 20:29:10 +0000
+++ utils/aa-enforce 2011-01-13 17:36:51 +0000
@@ -22,7 +22,7 @@
use FindBin;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Data::Dumper;
@@ -50,7 +50,7 @@
$profiledir = get_full_path($profiledir);
unless (-d $profiledir) {
- UI_Important("Can't find subdomain profiles in $profiledir.");
+ UI_Important("Can't find AppArmor profiles in $profiledir.");
exit 1;
}
=== modified file 'utils/aa-genprof'
--- utils/aa-genprof 2010-12-20 20:29:10 +0000
+++ utils/aa-genprof 2011-01-13 17:36:51 +0000
@@ -21,7 +21,7 @@
use strict;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Data::Dumper;
@@ -49,14 +49,14 @@
my $sd_mountpoint = check_for_subdomain();
unless ($sd_mountpoint) {
- fatal_error(gettext("SubDomain does not appear to be started. Please enable SubDomain and try again."));
+ fatal_error(gettext("AppArmor does not appear to be started. Please enable AppArmor and try again."));
}
# let's convert it to full path...
$profiledir = get_full_path($profiledir);
unless (-d $profiledir) {
- fatal_error "Can't find subdomain profiles in $profiledir.";
+ fatal_error "Can't find AppArmor profiles in $profiledir.";
}
# what are we profiling?
@@ -163,7 +163,7 @@
}
}
-UI_Info(gettext("Reloaded SubDomain profiles in enforce mode."));
+UI_Info(gettext("Reloaded AppArmor profiles in enforce mode."));
UI_Info(sprintf(gettext('Finished generating profile for %s.'), $fqdbin));
exit 0;
=== modified file 'utils/aa-logprof'
--- utils/aa-logprof 2010-12-20 20:29:10 +0000
+++ utils/aa-logprof 2011-01-13 17:36:51 +0000
@@ -24,7 +24,7 @@
use Locale::gettext;
use POSIX;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
# force $PATH to be sane
$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";
@@ -53,7 +53,7 @@
$profiledir = get_full_path($profiledir);
unless (-d $profiledir) {
- fatal_error "Can't find subdomain profiles in $profiledir.";
+ fatal_error "Can't find AppArmor profiles in $profiledir.";
}
# load all the include files
=== modified file 'utils/aa-repo.pl'
--- utils/aa-repo.pl 2010-12-20 20:29:10 +0000
+++ utils/aa-repo.pl 2011-01-13 17:36:51 +0000
@@ -103,7 +103,7 @@
use strict;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Immunix::Repository;
use Data::Dumper;
=== modified file 'utils/aa-unconfined'
--- utils/aa-unconfined 2010-12-20 20:29:10 +0000
+++ utils/aa-unconfined 2011-01-13 17:36:51 +0000
@@ -25,7 +25,7 @@
use strict;
use Getopt::Long;
-use Immunix::SubDomain;
+use Immunix::AppArmor;
use Locale::gettext;
use POSIX;
@@ -51,7 +51,7 @@
my $subdomainfs = check_for_subdomain();
-die gettext("SubDomain does not appear to be started. Please enable SubDomain and try again.") . "\n"
+die gettext("AppArmor does not appear to be started. Please enable AppArmor and try again.") . "\n"
unless $subdomainfs;
my @pids;
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list