[apparmor] [patch] Add debug info to profile_storage()
Christian Boltz
apparmor at cboltz.de
Mon Jul 20 19:22:55 UTC 2015
Hello,
for debugging, it's helpful to know which part of the code initialized a
profile_storage and for which profile and hat this was done.
This patch adds an 'info' array with that information, adds the
corresponding parameters to profile_storage() and changes the callers to
deliver some useful content.
[ 81-profile_storage-debug-info.diff ]
--- utils/apparmor/aa.py 2015-07-20 20:51:34.293945699 +0200
+++ ./utils/apparmor/aa.py 2015-07-20 20:49:44.595427905 +0200
@@ -402,7 +402,7 @@
return {local_profile: extras[local_profile]}
return dict()
-def profile_storage():
+def profile_storage(profilename, hat, details):
# keys used in aa[profile][hat]:
# a) rules (as dict): alias, include, lvar
# b) rules (as hasher): allow, deny
@@ -415,6 +415,9 @@
profile = hasher()
+ # profile['info'] isn't used anywhere, but can be helpful in debugging.
+ profile['info'] = {'profile': profilename, 'hat': hat, 'details': details}
+
profile['capability'] = CapabilityRuleset()
profile['change_profile'] = ChangeProfileRuleset()
profile['network'] = NetworkRuleset()
@@ -431,7 +434,7 @@
def create_new_profile(localfile, is_stub=False):
local_profile = hasher()
- local_profile[localfile] = profile_storage()
+ local_profile[localfile] = profile_storage('NEW', localfile, 'create_new_profile()')
local_profile[localfile]['flags'] = 'complain'
local_profile[localfile]['include']['abstractions/base'] = 1
@@ -1465,7 +1468,7 @@
if ynans == 'y':
hat = exec_target
if not aa[profile].get(hat, False):
- aa[profile][hat] = profile_storage()
+ aa[profile][hat] = profile_storage(profile, hat, 'handle_children()')
aa[profile][hat]['profile'] = True
if profile != hat:
@@ -1588,7 +1591,7 @@
hats = [profile] + hats
for hat in hats:
- log_obj[profile][hat] = profile_storage()
+ log_obj[profile][hat] = profile_storage(profile, hat, 'ask_the_questions()')
for capability in sorted(log_dict[aamode][profile][hat]['capability'].keys()):
capability_obj = CapabilityRule(capability, log_event=aamode)
@@ -2564,7 +2593,7 @@
if do_include:
profile = file
hat = file
- profile_data[profile][hat] = profile_storage()
+ profile_data[profile][hat] = profile_storage(profile, hat, 'parse_profile_data() do_include %s' % file)
for lineno, line in enumerate(data):
line = line.strip()
@@ -2582,7 +2611,7 @@
raise AppArmorException('Profile %(profile)s defined twice in %(file)s, last found in line %(line)s' %
{ 'file': file, 'line': lineno + 1, 'profile': combine_name(profile, hat) })
- profile_data[profile][hat] = profile_storage()
+ profile_data[profile][hat] = profile_storage(profile, hat, 'parse_profile_data() profile_start %s' % file)
if attachment:
profile_data[profile][hat]['attachment'] = attachment
@@ -2987,7 +3016,7 @@
# if hat is already known, the filelist check some lines below will error out.
# nevertheless, just to be sure, don't overwrite existing profile_data.
if not profile_data[profile].get(hat, False):
- profile_data[profile][hat] = profile_storage()
+ profile_data[profile][hat] = profile_storage(profile, hat, 'parse_profile_data() hat_def %s' % file)
flags = matches.group('flags')
@@ -3036,7 +3066,7 @@
if re.search(hatglob, parsed_prof):
for hat in cfg['required_hats'][hatglob].split():
if not profile_data[parsed_prof].get(hat, False):
- profile_data[parsed_prof][hat] = profile_storage()
+ profile_data[parsed_prof][hat] = profile_storage(parsed_prof, hat, 'parse_profile_data() required_hats %s' % file)
# End of file reached but we're stuck in a profile
if profile and not do_include:
Regards,
Christian Boltz
--
Zwei Informatikstudenten treffen sich auf dem Campus. Sagt der eine:
"Hey, woher hast du das schöne neue Fahrrad?"
Antwortet der andere: "Nun, ich lief gestern durch den Park, als eine
wunderschöne Blondine auf dem Fahrrad vor mir anhielt, sich nackt auszog
und sagte: Nimm dir was du willst!"
Sagt der erste: "Gute Wahl, die Kleider hätten bestimmt nicht gepasst."
[Bernd Tannenbaum in suse-linux]
More information about the AppArmor
mailing list