[apparmor] [patch] utils: remove aa-enforce '--remove' option
Seth Arnold
seth.arnold at canonical.com
Mon Mar 3 22:40:40 UTC 2014
On Mon, Mar 03, 2014 at 02:09:15PM -0800, Steve Beattie wrote:
> This patch removes the '--remove' option on aa-enforce as well as from
> the man page. It also removes the test entry that contains it, but I
> don't think this is entirely correct because I think the second half
> of the test is dependent on the (now deleted) first half of the test.
>
> (It also removes a missed reference to --revert in the aa-disable man
> page.)
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Nice, thanks!
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> utils/aa-disable.pod | 2 --
> utils/aa-enforce | 7 ++++---
> utils/aa-enforce.pod | 7 -------
> utils/test/minitools_test.py | 5 -----
> 4 files changed, 4 insertions(+), 17 deletions(-)
>
> Index: b/utils/aa-disable.pod
> ===================================================================
> --- a/utils/aa-disable.pod
> +++ b/utils/aa-disable.pod
> @@ -43,8 +43,6 @@ profile from being loaded on AppArmor st
> The I<aa-enforce> and I<aa-complain> utilities may be used to to change
> this behavior.
>
> -The I<--revert> option can be used to enable the profile.
> -
> =head1 BUGS
>
> If you find any bugs, please report them at
> Index: b/utils/aa-enforce
> ===================================================================
> --- a/utils/aa-enforce
> +++ b/utils/aa-enforce
> @@ -22,11 +22,12 @@ _ = init_translation()
>
> parser = argparse.ArgumentParser(description=_('Switch the given program to enforce mode'))
> parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
> -parser.add_argument('-r', '--remove', action='store_true', help=_('switch to complain mode'))
> parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
> args = parser.parse_args()
> -# Flipping the remove flag since complain = !enforce
> -args.remove = not args.remove
> +# Set the remove flag since complain = !enforce
> +# XXX remove this entirely once conversion to individual cmd methods
> +# on the Tool class are implemented
> +args.remove = True
>
> enforce = apparmor.tools.aa_tools('complain', args)
>
> Index: b/utils/aa-enforce.pod
> ===================================================================
> --- a/utils/aa-enforce.pod
> +++ b/utils/aa-enforce.pod
> @@ -36,10 +36,6 @@ B<-d --dir / path/to/profiles>
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> -B<-r --remove>
> -
> - Removes the enforce mode for the profile.
> -
> =head1 DESCRIPTION
>
> B<aa-enforce> is used to set one or more profiles to I<enforce> mode.
> @@ -49,9 +45,6 @@ unloads and disables a profile.
> The default mode for a security policy is enforce and the I<aa-complain>
> utility must be run to change this behavior.
>
> -The I<--remove> option can be used to remove the enforce mode for the profile,
> -setting it to complain mode.
> -
> =head1 BUGS
>
> If you find any bugs, please report them at
> Index: b/utils/test/minitools_test.py
> ===================================================================
> --- a/utils/test/minitools_test.py
> +++ b/utils/test/minitools_test.py
> @@ -77,11 +77,6 @@ class Test(unittest.TestCase):
>
> def test_enforce(self):
> #Set ntpd profile to complain mode and check if it was correctly set
> - subprocess.check_output('%s ./../aa-enforce -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
> -
> - self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
> - self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
> -
>
> #Set ntpd profile to enforce mode and check if it was correctly set
> subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140303/0b356c1e/attachment.pgp>
More information about the AppArmor
mailing list