[apparmor] [PATCH] aa-easyprof updates

Seth Arnold seth.arnold at canonical.com
Thu Jul 4 03:04:11 UTC 2013 

On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
> Attached is a patch for aa-easyprof that adds significant functionality over
> what is currently in trunk. I could try to break these out in discrete chunks,

I've got one comment from what I've read so far.. more to follow.

Thanks

> === modified file 'utils/aa-easyprof'
> --- utils/aa-easyprof	2012-08-23 20:53:33 +0000
> +++ utils/aa-easyprof	2013-06-28 13:28:59 +0000
> @@ -1,7 +1,7 @@
>  #! /usr/bin/env python
>  # ------------------------------------------------------------------
>  #
> -#    Copyright (C) 2011-2012 Canonical Ltd.
> +#    Copyright (C) 2011-2013 Canonical Ltd.
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public
> @@ -11,7 +11,6 @@
>  
>  import apparmor.easyprof
>  from apparmor.easyprof import AppArmorException, error
> -import optparse
>  import os
>  import sys
>  
> @@ -23,6 +22,7 @@
>  
>      (opt, args) = apparmor.easyprof.parse_args()
>      binary = None
> +    manifest = None
>  
>      m = usage()
>      if opt.show_policy_group and not opt.policy_groups:
> @@ -34,33 +34,63 @@
>      if len(args) >= 1:
>          binary = args[0]
>  
> -    try:
> -        easyp = apparmor.easyprof.AppArmorEasyProfile(binary, opt)
> -    except AppArmorException as e:
> -        error(e.value)
> -    except Exception:
> -        raise
> -
> -    if opt.list_templates:
> -        apparmor.easyprof.print_basefilenames(easyp.get_templates())
> -        sys.exit(0)
> -    elif opt.template and opt.show_template:
> -        files = [os.path.join(easyp.dirs['templates'], opt.template)]
> -        apparmor.easyprof.print_files(files)
> -        sys.exit(0)
> -    elif opt.list_policy_groups:
> -        apparmor.easyprof.print_basefilenames(easyp.get_policy_groups())
> -        sys.exit(0)
> -    elif opt.policy_groups and opt.show_policy_group:
> -        for g in opt.policy_groups.split(','):
> -            files = [os.path.join(easyp.dirs['policygroups'], g)]
> +    # parse_manifest() returns a list of tuples (binary, options). Create a
> +    # list of these profile tuples to support multiple profiles in one manifest
> +    profiles = []
> +    if opt.manifest:
> +        try:
> +            # should hide this in a common function
> +            if sys.version_info[0] >= 3:
> +                f = open(opt.manifest, "r", encoding="utf-8")
> +            else:
> +                f = open(opt.manifest, "r")
> +            manifest = f.read()
> +        except OSError:
> +            error("Manifest file '%s' does not exist\n" % opt.manifest)

I think the exception's reason should be printed, too -- "does not
exist" could be wrong if the file or directory permissions forbid
reading the file or if there are IO errors.

> +        profiles = apparmor.easyprof.parse_manifest(manifest, opt)
> +    else: # fake up a tuple list when processing command line args
> +        profiles.append( (binary, opt) )

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130703/b43c91a6/attachment-0001.pgp>

More information about the AppArmor mailing list