[apparmor] [patch 08/11] utils: split out aa-audit function
Seth Arnold
seth.arnold at canonical.com
Thu Mar 6 07:18:21 UTC 2014
On Wed, Mar 05, 2014 at 05:44:42PM -0800, Steve Beattie wrote:
> This patch moves the audit functionality to an audit specific command
> function.
>
> As an aside, the -r option is left in place here, because aa-audit
> is a bit orthogonal to aa-enforce, aa-complain, and aa-disable.
Hah, good catch, I wouldn't have had that foresight. :)
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> utils/aa-audit | 5 +++--
> utils/apparmor/tools.py | 30 +++++++++++++++++++++++-------
> 2 files changed, 26 insertions(+), 9 deletions(-)
>
> Index: b/utils/aa-audit
> ===================================================================
> --- a/utils/aa-audit
> +++ b/utils/aa-audit
> @@ -29,9 +29,10 @@ parser.add_argument('--trace', action='s
> args = parser.parse_args()
>
> try:
> - audit = apparmor.tools.aa_tools('audit', args)
> + tool = apparmor.tools.aa_tools('audit', args)
> +
> + tool.cmd_audit()
>
> - audit.act()
> except Exception as e:
> if not args.trace:
> print(e.value + "\n")
> Index: b/utils/apparmor/tools.py
> ===================================================================
> --- a/utils/apparmor/tools.py
> +++ b/utils/apparmor/tools.py
> @@ -115,13 +115,6 @@ class aa_tools:
> if not os.path.isfile(filename) or apparmor.is_skippable_file(filename):
> aaui.UI_Info(_('Profile for %s not found, skipping') % program)
>
> - elif self.name == 'audit':
> - if not self.remove:
> - aaui.UI_Info(_('Setting %s to audit mode.') % program)
> - else:
> - aaui.UI_Info(_('Removing audit mode from %s.') % program)
> - apparmor.change_profile_flags(filename, program, 'audit', not self.remove)
> -
> else:
> # One simply does not walk in here!
> raise apparmor.AppArmorException('Unknown tool: %s' % self.name)
> @@ -189,6 +182,29 @@ class aa_tools:
>
> # FIXME: this should be a profile_reload function/method
> cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-r', profile])
> +
> + if cmd_info[0] != 0:
> + raise apparmor.AppArmorException(cmd_info[1])
> +
> + def cmd_audit(self):
> + for (program, profile) in self.get_next_to_profile():
> +
> + apparmor.read_profiles()
> + output_name = profile if program is None else program
> +
> + if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
> + aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
> + continue
> +
> + # keep this to allow toggling 'audit' flags
> + if not self.remove:
> + aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
> + else:
> + aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
> + apparmor.change_profile_flags(profile, program, 'audit', not self.remove)
> +
> + # FIXME: this should be a profile_reload function/method
> + cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-r', profile])
>
> if cmd_info[0] != 0:
> raise apparmor.AppArmorException(cmd_info[1])
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140305/d9f36b0c/attachment.pgp>
More information about the AppArmor
mailing list