[apparmor] [PATCH] aa-easyprof updates

Jamie Strandboge jamie at canonical.com
Fri Jul 5 14:59:44 UTC 2013 

On 07/03/2013 10:04 PM, Seth Arnold wrote:
> On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
>> Attached is a patch for aa-easyprof that adds significant functionality over
>> what is currently in trunk. I could try to break these out in discrete chunks,
> 
> I've got one comment from what I've read so far.. more to follow.
> 
> Thanks
> 
>> === modified file 'utils/aa-easyprof'
>> --- utils/aa-easyprof	2012-08-23 20:53:33 +0000
>> +++ utils/aa-easyprof	2013-06-28 13:28:59 +0000
>> @@ -1,7 +1,7 @@
>>  #! /usr/bin/env python
>>  # ------------------------------------------------------------------
>>  #
>> -#    Copyright (C) 2011-2012 Canonical Ltd.
>> +#    Copyright (C) 2011-2013 Canonical Ltd.
>>  #
>>  #    This program is free software; you can redistribute it and/or
>>  #    modify it under the terms of version 2 of the GNU General Public
>> @@ -11,7 +11,6 @@
>>  
>>  import apparmor.easyprof
>>  from apparmor.easyprof import AppArmorException, error
>> -import optparse
>>  import os
>>  import sys
>>  
>> @@ -23,6 +22,7 @@
>>  
>>      (opt, args) = apparmor.easyprof.parse_args()
>>      binary = None
>> +    manifest = None
>>  
>>      m = usage()
>>      if opt.show_policy_group and not opt.policy_groups:
>> @@ -34,33 +34,63 @@
>>      if len(args) >= 1:
>>          binary = args[0]
>>  
>> -    try:
>> -        easyp = apparmor.easyprof.AppArmorEasyProfile(binary, opt)
>> -    except AppArmorException as e:
>> -        error(e.value)
>> -    except Exception:
>> -        raise
>> -
>> -    if opt.list_templates:
>> -        apparmor.easyprof.print_basefilenames(easyp.get_templates())
>> -        sys.exit(0)
>> -    elif opt.template and opt.show_template:
>> -        files = [os.path.join(easyp.dirs['templates'], opt.template)]
>> -        apparmor.easyprof.print_files(files)
>> -        sys.exit(0)
>> -    elif opt.list_policy_groups:
>> -        apparmor.easyprof.print_basefilenames(easyp.get_policy_groups())
>> -        sys.exit(0)
>> -    elif opt.policy_groups and opt.show_policy_group:
>> -        for g in opt.policy_groups.split(','):
>> -            files = [os.path.join(easyp.dirs['policygroups'], g)]
>> +    # parse_manifest() returns a list of tuples (binary, options). Create a
>> +    # list of these profile tuples to support multiple profiles in one manifest
>> +    profiles = []
>> +    if opt.manifest:
>> +        try:
>> +            # should hide this in a common function
>> +            if sys.version_info[0] >= 3:
>> +                f = open(opt.manifest, "r", encoding="utf-8")
>> +            else:
>> +                f = open(opt.manifest, "r")
>> +            manifest = f.read()
>> +        except OSError:
>> +            error("Manifest file '%s' does not exist\n" % opt.manifest)
> 
> I think the exception's reason should be printed, too -- "does not
> exist" could be wrong if the file or directory permissions forbid
> reading the file or if there are IO errors.
> 

ACK. Updated to use:
  error("Could not read '%s'\n" % opt.manifest)


-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130705/b56f6b9f/attachment.pgp>

More information about the AppArmor mailing list