[apparmor] [PATCH] aa-easyprof updates, take 2

Jamie Strandboge jamie at canonical.com
Mon Jul 8 01:46:31 UTC 2013 

Hi,

Attached is a patch to address Seth's comments, and a few more fixes. After
submitting the last patch, we discussed the JSON structure[1] a bit more, and
realized that it needed a refinement. In particular, rather than having
manifest['security'] contain the profile objects (keyed by 'profile_name'), we
should move the profile objects in to their own profiles dictionary,
manifest['security']['profiles'], such that this dictionary contains all the
profile objects. It doesn't do anything for us now, but is a better format in
case we want to add new toplevel keys in the future. The full changes are as
follows:
 - don't add vendor directory to self.templates and self.policy_groups
 - utils/aa-easyprof: adjust error message for manifest read failure
 - utils/aa-easyprof: adjust to use EnvironmentError on failed read of the
   manifest
 - utils/apparmor/easyprof.py: clean up set_template()
 - utils/apparmor/easyprof.py: read_paths should use 'rk'
 - utils/test/test-aa-easyprof.py: adjust tests for above
 - utils/apparmor/easyprof.py
   + valid_path should verify os.path.normpath(path) == (path)
   + adjust valid_profile_name() to start with alpha-numeric and allow Debian
     source package names and version, plus '_'
   + adjust tests for above
 - update valid_variable() to check for valid_path if '/' is in the value
 - adjust valid_path() to have a relative_ok flag (default to False)
 - adjust valid_path() to verify path is same as normalized path
 - add some valid_path() test cases
 - adjust to always quote template vars in policy output
 - add a couple tests that have spaces in the binary and template var
 - update manifest JSON structure to use
   m['security']['profiles']['profile_name'] instead of
   m['security']['profile_name']


Attached is:
0001-aa-easyprof-additions.patch - the original patch I sent last week
0002-aa-easyprof-additions-pt2.patch - the changes on top of last week's patch

aa-easyprof-additions-full.patch - the above two patches combined into one set

[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest

-- 
Jamie Strandboge                 http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-aa-easyprof-additions.patch
Type: text/x-patch
Size: 92935 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-aa-easyprof-additions-pt2.patch
Type: text/x-patch
Size: 45463 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aa-easyprof-additions-full.patch
Type: text/x-patch
Size: 109329 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130707/2040d390/attachment-0001.pgp>

More information about the AppArmor mailing list