[apparmor] [patch] fix minitools to work with multiple profiles at once
Steve Beattie
steve at nxnw.org
Fri Feb 27 00:53:14 UTC 2015
Hi,
On Fri, Feb 20, 2015 at 11:52:43PM +0100, Christian Boltz wrote:
> this patch fixes the minitools (aa-audit, aa-complain, aa-enforce,
> aa-autodep) to work with multiple profiles at once.
>
> The "trick" to fix the minitools is to call read_profiles() outside of
> the for loop.
>
> References: https://bugs.launchpad.net/apparmor/+bug/1378095
>
> I propose this patch for trunk and the 2.9 branch.
Acked-by: Steve Beattie <steve at nxnw.org> for trunk and 2.9.
(Please use '--fixes lp:1378095' when committing, it'll make things easier
for me when writing the 2.9.2 release notes. Thanks)
> [ tools-fix-multi-profile.diff ]
>
> === modified file 'utils/apparmor/tools.py'
> --- utils/apparmor/tools.py 2014-10-07 13:06:01 +0000
> +++ utils/apparmor/tools.py 2015-02-20 21:55:40 +0000
> @@ -83,12 +83,12 @@
> yield (program, profile)
>
> def act(self):
> + apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
> if program is None:
> program = profile
>
> - apparmor.read_profiles()
> -
> if not program or not(os.path.exists(program) or apparmor.profile_exists(program)):
> if program and not program.startswith('/'):
> program = aaui.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '')
> @@ -148,9 +148,10 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_enforce(self):
> + apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
>
> - apparmor.read_profiles()
> output_name = profile if program is None else program
>
> if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
> @@ -166,9 +167,10 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_complain(self):
> + apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
>
> - apparmor.read_profiles()
> output_name = profile if program is None else program
>
> if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
> @@ -184,9 +186,10 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_audit(self):
> + apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
>
> - apparmor.read_profiles()
> output_name = profile if program is None else program
>
> if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
> @@ -207,13 +210,13 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_autodep(self):
> + apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
> if not program:
> aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % profile)
> continue
>
> - apparmor.read_profiles()
> -
> apparmor.check_qualifiers(program)
>
> if os.path.exists(apparmor.get_profile_filename(program)) and not self.force:
>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150226/4831d598/attachment-0001.pgp>
More information about the AppArmor
mailing list