[apparmor] [patch] utils: remove aa-disable non-functional '-r' option
Seth Arnold
seth.arnold at canonical.com
Mon Mar 3 20:31:39 UTC 2014
On Mon, Mar 03, 2014 at 08:33:50AM -0800, Steve Beattie wrote:
> On Fri, Feb 28, 2014 at 09:34:51PM +0100, Christian Boltz wrote:
> > Am Montag, 24. Februar 2014 schrieb Steve Beattie:
> > > I should note that one side effect is that this patch effectively
> > > neuters the -r (revert) option for aa-disable. I don't really like
> > > that option (I'd rather point people at using aa-enforce to undo
> > > aa-disable). I can submit a patch that either removes the option or
> > > adds the functionality if we desire it.
> >
> > The -r option was probably inspired by the -r option of aa-complain and
> > aa-audit, but I understand your POV that it might be confusing in a
> > triple-state case (enforce/complain/disabled).
> >
> > Anyway, either remove the -r option or make sure it's working ;-)
>
> Here's the patch to remove the -r option for aa-disable, as well as the
> test and manpage documentation for it. Thanks!
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
Nice.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> Signed-off-by: Steve Beattie <steve at nxnw.org>
> ---
> utils/aa-disable | 1 -
> utils/aa-disable.pod | 4 ----
> utils/apparmor/tools.py | 1 -
> utils/test/minitools_test.py | 6 ------
> 4 files changed, 12 deletions(-)
>
> Index: b/utils/aa-disable
> ===================================================================
> --- a/utils/aa-disable
> +++ b/utils/aa-disable
> @@ -22,7 +22,6 @@ _ = init_translation()
>
> parser = argparse.ArgumentParser(description=_('Disable the profile for the given programs'))
> parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
> -parser.add_argument('-r', '--revert', action='store_true', help=_('enable the profile for the given programs'))
> parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
> args = parser.parse_args()
>
> Index: b/utils/aa-disable.pod
> ===================================================================
> --- a/utils/aa-disable.pod
> +++ b/utils/aa-disable.pod
> @@ -35,10 +35,6 @@ B<-d --dir /path/to/profiles>
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> -B<-r --revert>
> -
> - Enables the profile and loads it.
> -
> =head1 DESCRIPTION
>
> B<aa-disable> is used to I<disable> one or more profiles.
> Index: b/utils/test/minitools_test.py
> ===================================================================
> --- a/utils/test/minitools_test.py
> +++ b/utils/test/minitools_test.py
> @@ -97,12 +97,6 @@ class Test(unittest.TestCase):
>
> self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename)
>
> - #Enable the ntpd profile and check if it was correctly re-enabled
> - subprocess.check_output('%s ./../aa-disable -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
> -
> - self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove a symlink for %s from disable'%local_profilename)
> -
> -
> def test_autodep(self):
> pass
>
> Index: b/utils/apparmor/tools.py
> ===================================================================
> --- a/utils/apparmor/tools.py
> +++ b/utils/apparmor/tools.py
> @@ -33,7 +33,6 @@ class aa_tools:
> if tool_name in ['audit', 'complain']:
> self.remove = args.remove
> elif tool_name == 'disable':
> - self.revert = args.revert
> self.disabledir = apparmor.profile_dir + '/disable'
> self.check_disable_dir()
> elif tool_name == 'autodep':
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140303/5b0ac3a0/attachment-0001.pgp>
More information about the AppArmor
mailing list