[apparmor] [patch] fix audit toggle for capability (when asking in logprof)
Steve Beattie
steve at nxnw.org
Sat Nov 15 00:28:57 UTC 2014
On Tue, Nov 11, 2014 at 09:53:32PM +0100, Christian Boltz wrote:
> while integrating the capability_rules class in aa.py, I noticed a bug:
>
> When aa-logprof asks for adding capability rules, it also offers the
> Audi(t) option. Unfortunately, this option does nothing ;-)
>
> This patch fixes ask_the_question() so that it really ;-) allows to
> switch the audit flag on and off. It also initializes the "audit"
> variable to make sure the next capability doesn't inherit the audit flag
> used for the previous capability.
Acked-by: Steve Beattie <steve at nxnw.org>, thanks.
> [ aa.py-audit-capability.diff ]
>
> === modified file 'utils/apparmor/aa.py'
> --- utils/apparmor/aa.py 2014-11-09 00:33:40 +0000
> +++ utils/apparmor/aa.py 2014-11-11 20:44:47 +0000
> @@ -1561,6 +1570,7 @@
> q.headers += [_('Severity'), severity]
>
> audit_toggle = 0
> + audit = ''
>
> q.functions = ['CMD_ALLOW', 'CMD_DENY', 'CMD_IGNORE_ENTRY', 'CMD_AUDIT_NEW',
> 'CMD_ABORT', 'CMD_FINISHED']
> @@ -1586,16 +1598,17 @@
> done = True
> break
>
> - if ans == 'CMD_AUDIT':
> + if ans.startswith('CMD_AUDIT'):
> audit_toggle = not audit_toggle
> - audit = ''
> if audit_toggle:
> - q.functions = ['CMD_ALLOW', 'CMD_DENY', 'CMD_IGNORE_ENTRY', 'CMD_AUDIT_OFF',
> - 'CMD_ABORT', 'CMD_FINISHED']
> - audit = 'audit'
> + audit = 'audit '
> + audit_cmd = 'CMD_AUDIT_OFF'
> else:
> - q.functions = ['CMD_ALLOW', 'CMD_DENY', 'CMD_IGNORE_ENTRY', 'CMD_AUDIT_NEW',
> - 'CMD_ABORT', 'CMD_FINISHED', ]
> + audit = ''
> + audit_cmd = 'CMD_AUDIT_NEW'
> +
> + q.functions = ['CMD_ALLOW', 'CMD_DENY', 'CMD_IGNORE_ENTRY', audit_cmd,
> + 'CMD_ABORT', 'CMD_FINISHED', ]
>
> q.headers = [_('Profile'), combine_name(profile, hat),
> _('Capability'), audit + capability,
>
>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141114/00e04bcc/attachment.pgp>
More information about the AppArmor
mailing list