[apparmor] [patch] introduce AppArmorBug exceptions
Christian Boltz
apparmor at cboltz.de
Sun Nov 9 22:05:38 UTC 2014
Hello,
while developing the capability rule class, I added lots of error
handling, including several checks for "things that should never
happen"[tm], and raise an exception in those cases.
"Things that should never happen" includes what it says, for example:
- a (broken) log contains operation="capable" ... capname="" - we really
don't want to propose "capability ," for that ;-)
- someone manipulated the rule object in an invalid way (aka "bug")
- someone manually adds a capability with empty or whitespace-only name
to the rule object - without checking, this would result in a
"capability ," rule which is obviously too broad
I'd like to have a separate exception class for these things to
a) clearly separate them from "expected" exceptions (for example invalid
lines in a profile is more or less "expected")
b) allow us to disable backtraces for the "expected" AppArmorExceptions,
while still having full debug output for unexpected issues
The naming of the new exception type is an interesting question - I'd
just use "AppArmorBug", but Kshitij hopes we can use something like
AppArmorSledgeHammerException or SledgehammerBug ;-)
Opinions? ;-)
=== modified file 'utils/apparmor/common.py'
--- utils/apparmor/common.py 2014-10-14 10:54:39 +0000
+++ utils/apparmor/common.py 2014-11-09 21:48:19 +0000
@@ -35,6 +35,15 @@
def __str__(self):
return repr(self.value)
+class AppArmorBug(Exception):
+ '''This class represents AppArmor exceptions "that should never happen"'''
+ def __init__(self, value):
+ self.value = value
+
+ def __str__(self):
+ return repr(self.value)
+
+
#
# Utility functions
#
Regards,
Christian Boltz
--
2 min spaeter... "Hach, so sind sie meine Jungens..." Lach... :-)
Echt, wie die kleinen Bengels... Und nu kommt nicht mit "Mama,
der hat aber angefangen und sich nicht an die Etikette gehalten".
[Jessica Bleche in suse-linux]
More information about the AppArmor
mailing list