[apparmor] [patch 09/11] utils: split out aa-genprof command [v2]

Christian Boltz apparmor at cboltz.de
Thu Mar 6 21:44:37 UTC 2014 

Hello,

Am Donnerstag, 6. März 2014 schrieb Steve Beattie:
> On Thu, Mar 06, 2014 at 09:41:02AM -0800, Steve Beattie wrote:
> > On Thu, Mar 06, 2014 at 01:29:41PM +0100, Christian Boltz wrote:
> > > Am Mittwoch, 5. März 2014 schrieb Steve Beattie:
> > > > This patch splits out the genprof tool functionality into a
> > > > separate
> > > > command function, merging with the use_autodep function that
> > > > already
> > > > existed.
> > > > 
> > > > Signed-off-by: Steve Beattie <steve at nxnw.org>


> > > NAK - this breaks the --force option (assuming the error message
> > > is correct - I didn't test it)
> > 
> > Not quite. When program is None but profile is not, it indicates
> > that
> > the user passed the profile on the command line and not the program.
> > So --force will still work if you give the program name on the
> > command line.  I agree that the error message should be
> > different/better.

Ah, so the bug was a wrong error message ;-)

BTW: does skipping make sense here, or should we abort with an error 
message instead?

> > I hadn't looked to see if we have a function for digging the program
> > name out of an existing profile, but I suppose that could happen for
> > this situation, and --force would be required in any event. But it's
> > a little weird to pass aa-autodep a profile name rather than a
> > program name/path to begin with.
> 
> How about the attached patch?

Much better :-)

Another minor notice (untested):
The "if self.aa_mountpoint:" check looks superfluous, because reload() 
calls check_for_apparmor()

Anyway,
Acked-by: Christian Boltz <apparmor at cboltz.de>
(with or without the skipping changed to a hard failure)


BTW: reload() (in aa.py) can be used to reload a profile. That should 
fix some of your TODO notes from the other patches ;-)  (even if the way 
the reload is done is not perfect - there's a useless use of cat ;-)


Regards,

Christian Boltz
-- 
> Wireshark has a default format (libpcap), use it.
Yes, that's what mls needs,anything else will not help..in fact over the
years,Im starting to believe that machine dialects are his native
language :-)
[> Cristian Morales Vega and Cristian Rodríguez in opensuse-factory]

More information about the AppArmor mailing list