[apparmor] [patch] aa-notify -p / better error message for wrong group

Christian Boltz apparmor at cboltz.de
Sun Oct 16 13:58:11 UTC 2011


Hello,

Am Sonntag, 16. Oktober 2011 schrieb Seth Arnold:
> On Sat, Oct 15, 2011 at 3:57 PM, Christian Boltz wrote:
> > the error message in aa-notify -p if a user is not member of the
> > group defined in notify.conf isn't too helpful.
> > 
> > This patch adds a hint what needs to be changed to get aa-notify
> > -p working.

> I'm not convinced it _needs_ a new error message, but you did go to
> the effort of writing a patch, so it couldn't be just idle hands.

The reason to write the patch: I'm lazy ;-)

Someone on the opensuse-de mailinglist asked about apparmor desktop 
notifications, and I told him to use "sudo aa-notify -p --display $DISPLAY".
The response was: "I only get the error message '$user must be in admin 
group'", so I had to write another mail.

With the enhanced error message, it will be obvious what needs to be 
done. That's more user friendly and also means I have to answer less
mails ;-)

> However, I think the error message should use the $conf variable (in

Good point.

> case we ever clean up our /etc/ use it'd be nice if the error messages
> Just Worked). And I think it should be line-wrapped before 80
> columns. (Immediately before the filename is probably best.)

OK.

Revised patch:

=== modified file 'utils/aa-notify'
--- utils/aa-notify     2011-10-12 11:08:25 +0000
+++ utils/aa-notify     2011-10-16 13:53:23 +0000
@@ -151,7 +151,7 @@
     if (defined($prefs{use_group})) {
         my ($name, $passwd, $gid, $members) = getgrnam($prefs{use_group});
         if (not defined($members) or not defined($login) or (not grep { $_ eq $login } split(/ /, $members) and $login ne "root")) {
-            _error("'$login' must be in '$prefs{use_group}' group. Aborting");
+            _error("'$login' must be in '$prefs{use_group}' group. Aborting.\nAsk your admin to add you to this group or to change the group in\n$conf if you want to use aa-notify.");
         }
     }
 }




Regards,

Christian Boltz
-- 
[...] dabei habe ich extra mutt benutzt! :-) Taugt wohl auch nichts,
das Teil... *duck + renn* [Thomas Hertweck in suse-linux]




More information about the AppArmor mailing list