[apparmor] [PATCH] aa-easyprof updates, take 2
Jamie Strandboge
jamie at canonical.com
Mon Jul 8 01:46:31 UTC 2013
Hi,
Attached is a patch to address Seth's comments, and a few more fixes. After
submitting the last patch, we discussed the JSON structure[1] a bit more, and
realized that it needed a refinement. In particular, rather than having
manifest['security'] contain the profile objects (keyed by 'profile_name'), we
should move the profile objects in to their own profiles dictionary,
manifest['security']['profiles'], such that this dictionary contains all the
profile objects. It doesn't do anything for us now, but is a better format in
case we want to add new toplevel keys in the future. The full changes are as
follows:
- don't add vendor directory to self.templates and self.policy_groups
- utils/aa-easyprof: adjust error message for manifest read failure
- utils/aa-easyprof: adjust to use EnvironmentError on failed read of the
manifest
- utils/apparmor/easyprof.py: clean up set_template()
- utils/apparmor/easyprof.py: read_paths should use 'rk'
- utils/test/test-aa-easyprof.py: adjust tests for above
- utils/apparmor/easyprof.py
+ valid_path should verify os.path.normpath(path) == (path)
+ adjust valid_profile_name() to start with alpha-numeric and allow Debian
source package names and version, plus '_'
+ adjust tests for above
- update valid_variable() to check for valid_path if '/' is in the value
- adjust valid_path() to have a relative_ok flag (default to False)
- adjust valid_path() to verify path is same as normalized path
- add some valid_path() test cases
- adjust to always quote template vars in policy output
- add a couple tests that have spaces in the binary and template var
- update manifest JSON structure to use
m['security']['profiles']['profile_name'] instead of
m['security']['profile_name']
Attached is:
0001-aa-easyprof-additions.patch - the original patch I sent last week
0002-aa-easyprof-additions-pt2.patch - the changes on top of last week's patch
aa-easyprof-additions-full.patch - the above two patches combined into one set
[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-aa-easyprof-additions.patch
Type: text/x-patch
Size: 92935 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-aa-easyprof-additions-pt2.patch
Type: text/x-patch
Size: 45463 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aa-easyprof-additions-full.patch
Type: text/x-patch
Size: 109329 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0001.pgp>
More information about the AppArmor
mailing list