[apparmor] patch for aa-logprof -f given a special file

Christian Boltz apparmor at cboltz.de
Tue Nov 4 23:49:31 UTC 2014 

Hello,

Am Dienstag, 4. November 2014 schrieb Steve Beattie:
> On Tue, Nov 04, 2014 at 03:15:40PM -0500, Peter Maloney wrote:
> > The perl tools allowed using aa-logprof -f <(...), but the python
> > ones don't. I find it very useful to use with grep to shorten the
> > list of questions for modifying a specific profile, without
> > bothering with updating other profiles with lots of spam you don't
> > care about. And in this particular case I was using head to try to
> > find out which line somewhere makes aa-logprof crash with another
> > problem I'm working on.
> > 
> > Would you please accept this patch to change it so it will allow
> > special files again?
> 
> Ah yep, that's a good catch. Thanks, I'll apply it.

I know halloween was some days ago, but let me give you "Saures" 
nevertheless ;-)


Using the latest aa-logprof with your patch already included:

# aa-logprof -f /
Reading log entries from /.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/logparser.py", line 333, in read_log
    self.LOG = open_file_read(self.filename)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/common.py", line 171, in open_file_read
    return open_file_anymode('r', path, encoding)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/common.py", line 184, in open_file_anymode
    orig = codecs.open(path, mode, encoding, errors=errorhandling)
  File "/usr/lib64/python3.4/codecs.py", line 896, in open
    file = builtins.open(filename, mode, buffering)
IsADirectoryError: [Errno 21] Is a directory: '/'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "aa-logprof", line 52, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 2266, in do_logprof_pass
    log = log_reader.read_log(logmark)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/logparser.py", line 335, in read_log
    raise AppArmorException('Can not read AppArmor logfile: ' + self.filename)
apparmor.common.AppArmorException: 'Can not read AppArmor logfile: /'


That's nice, isn't it? ;-)

I propose the following pumpkin^Wpatch (in addition to your patch):

=== modified file 'utils/aa-logprof'
--- utils/aa-logprof    2014-11-04 20:55:26 +0000
+++ utils/aa-logprof    2014-11-04 23:33:43 +0000
@@ -35,6 +35,8 @@
 if filename:
     if not os.path.exists(filename):
         raise apparmor.AppArmorException(_('The logfile %s does not exist. Please check the path') % filename)
+    elif os.path.isdir(filename):
+        raise apparmor.AppArmorException(_('%s is a directory. Please specify a file as logfile') % filename)
     else:
         apparmor.filename = filename
 

BTW: aa-genprof has similar code, so it also needs a patch:

=== modified file 'utils/aa-genprof'
--- utils/aa-genprof    2014-10-08 20:07:18 +0000
+++ utils/aa-genprof    2014-11-04 23:37:49 +0000
@@ -65,8 +65,10 @@
 
 
 if filename:
-    if not os.path.isfile(filename):
+    if not os.path.exists(filename):
         raise apparmor.AppArmorException(_('The logfile %s does not exist. Please check the path') % filename)
+    elif os.path.isdir(filename):
+        raise apparmor.AppArmorException(_('%s is a directory. Please specify a file as logfile') % filename)
     else:
         apparmor.filename = filename
 

(hmm, maybe we should move those checks into aa.py?)


Regards,

Christian Boltz
-- 
Look at Debian... its stable, works on a variety of platforms.... and
development is racing along at the speed of a turtle with 3 broken legs.
[Joseph M. Gaffney in opensuse]

More information about the AppArmor mailing list