[apparmor] [patch] aa-notify -p / better error message for wrong group

John Johansen john.johansen at canonical.com
Wed Oct 19 18:24:18 UTC 2011 

On 10/16/2011 06:58 AM, Christian Boltz wrote:
> Hello,
> 
> Am Sonntag, 16. Oktober 2011 schrieb Seth Arnold:
>> On Sat, Oct 15, 2011 at 3:57 PM, Christian Boltz wrote:
>>> the error message in aa-notify -p if a user is not member of the
>>> group defined in notify.conf isn't too helpful.
>>>
>>> This patch adds a hint what needs to be changed to get aa-notify
>>> -p working.
> 
>> I'm not convinced it _needs_ a new error message, but you did go to
>> the effort of writing a patch, so it couldn't be just idle hands.
> 
> The reason to write the patch: I'm lazy ;-)
> 
> Someone on the opensuse-de mailinglist asked about apparmor desktop 
> notifications, and I told him to use "sudo aa-notify -p --display $DISPLAY".
> The response was: "I only get the error message '$user must be in admin 
> group'", so I had to write another mail.
> 
> With the enhanced error message, it will be obvious what needs to be 
> done. That's more user friendly and also means I have to answer less
> mails ;-)
> 
>> However, I think the error message should use the $conf variable (in
> 
> Good point.
> 
>> case we ever clean up our /etc/ use it'd be nice if the error messages
>> Just Worked). And I think it should be line-wrapped before 80
>> columns. (Immediately before the filename is probably best.)
> 
> OK.
> 
> Revised patch:
> 
> === modified file 'utils/aa-notify'
> --- utils/aa-notify     2011-10-12 11:08:25 +0000
> +++ utils/aa-notify     2011-10-16 13:53:23 +0000
> @@ -151,7 +151,7 @@
>      if (defined($prefs{use_group})) {
>          my ($name, $passwd, $gid, $members) = getgrnam($prefs{use_group});
>          if (not defined($members) or not defined($login) or (not grep { $_ eq $login } split(/ /, $members) and $login ne "root")) {
> -            _error("'$login' must be in '$prefs{use_group}' group. Aborting");
> +            _error("'$login' must be in '$prefs{use_group}' group. Aborting.\nAsk your admin to add you to this group or to change the group in\n$conf if you want to use aa-notify.");
>          }
>      }
>  }
> 
> 
Acked-by: John Johansen <john.johansen at canonical.com>

More information about the AppArmor mailing list