[apparmor] [patch] Fix name_to_prof_filename() error behaviour

Kshitij Gupta kgupta8592 at gmail.com
Sun Aug 2 18:43:19 UTC 2015 

Hello,

On Mon, Jul 20, 2015 at 12:21 AM, Christian Boltz <apparmor at cboltz.de>
wrote:

> Hello,
>
> in some cases, the return value of name_to_prof_filename() is undefined.
> This happens when deleting the to-be-confined binary while running
> aa-genprof and leads to a not-too-helpful
>     File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 265, in
> enforce
>               prof_filename, name = name_to_prof_filename(path)
>         TypeError: 'NoneType' object is not iterable
>
> (reported by maslen on IRC)
>
> This patch makes sure name_to_prof_filename() always returns None, None
> (instead of undefined aka just None) so that at least the caller can
> successfully split it into two None values.
>
> For the exotic aa-genprof usecase given above, this at least improves
> the error message to
>     Can't find $binary_name
> (raised by enforce() via fatal_error())
>
>
> The patch also changes fatal_error() to display the traceback first, and
> the human-readable message at the end, which makes it more likely that
> the user actually notices the human-readable message.
>
This is the style followed by Python too I suppose for their traces.

>


> I propose this patch for trunk and 2.9.
>
>
> [ 80-name_to_prof_filename-better-error-behaviour.diff ]
>
> --- utils/apparmor/aa.py        2015-07-19 13:08:29.274534429 +0200
> +++ ./utils/apparmor/aa.py      2015-07-19 20:45:05.298955097 +0200
> @@ -150,8 +150,8 @@
>      # Get the traceback to the message
>      tb_stack = traceback.format_list(traceback.extract_stack())
>      tb_stack = ''.join(tb_stack)
> -    # Append the traceback to message
> -    message = message + '\n' + tb_stack
> +    # Add the traceback to message
> +    message = tb_stack + '\n\n' + message
>      debug_logger.error(message)
>      caller = inspect.stack()[1][3]
>
> @@ -257,8 +257,8 @@
>              prof_filename = get_profile_filename(bin_path)
>              if os.path.isfile(prof_filename):
>                  return (prof_filename, bin_path)
> -            else:
> -                return None, None
> +
> +    return None, None
>
>  def complain(path):
>      """Sets the profile to complain mode if it exists"""
>
>
>
> Thanks for the patch.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com> for both trunk and 2.9.


> Regards,
>
> Christian Boltz
> --
> >kann mir jemand sagen, wie ich aus einer aktuellen WindowMaker-Ober-
> >fläche ne neue Sitzung starte, ohne die aktuelle Oberfläche zu beenden?
> Ahem, Sitzung? Geh' ins Klo, setz dich nieder und ...
> Oder was meinst du mit "Sitzung"?
> [> Udo Gerhards und David Haller in suse-linux]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>



-- 
Regards,

Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150803/b0c90c6e/attachment.html>

More information about the AppArmor mailing list