[apparmor] [patch] Change aa.py ask_the_questions() to use the aa-mergeprof code for capabilities
steve at nxnw.org
Tue Jun 2 23:42:40 UTC 2015
On Mon, May 25, 2015 at 11:50:47AM +0200, Christian Boltz wrote:
> Am Montag, 25. Mai 2015 schrieb Christian Boltz:
> > [ 27-logprof-use-mergeprof-code-for-capability.diff ]
> I should run "make check" more often :-/
> I overlooked a "self.aa." (and didn't run into it in my manual tests),
> so here's v2 with this fixed.
> This patch replaces the code in aa.py ask_the_questions() that handles
> capabilities with the ask_the_questions() code from aa-mergeprof.
> This means to convert the capability log events to a CapabilityRuleset
> stored in the (new) log_obj hasher, and then let the code from
> aa-mergeprof operate on this hasher.
> Most of the code after the "aa-mergeprof also has this code" comment is
> a direct copy of the aa-mergeprof code, with the following changes:
> - filter for profile mode (enforce/complain)
> - set default button (allow or deny) based on profile mode
> - keep seen_events counter happy (even if it isn't displayed anywhere)
> - replace apparmor.aa.foo with just foo
> The user interface is mostly unchanged, with two exceptions:
> - options always displayed, even if there is only one option
> - some slightly changed texts
> [ 27-logprof-use-mergeprof-code-for-capability.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>
> BTW: I'm not sure if filtering and having different default buttons
> based on the profile mode makes sense, except for "historical reasons".
Yeah, I don't recall or understand why things were done that way
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the AppArmor