[apparmor] [patch] Change aa.py ask_the_questions() to use the aa-mergeprof code for capabilities

Steve Beattie steve at nxnw.org
Tue Jun 2 23:42:40 UTC 2015


On Mon, May 25, 2015 at 11:50:47AM +0200, Christian Boltz wrote:
> Hello,
> 
> Am Montag, 25. Mai 2015 schrieb Christian Boltz:
> > [ 27-logprof-use-mergeprof-code-for-capability.diff ]
> 
> I should run "make check" more often :-/
> 
> I overlooked a "self.aa." (and didn't run into it in my manual tests), 
> so here's v2 with this fixed.
> 
> This patch replaces the code in aa.py ask_the_questions() that handles 
> capabilities with the ask_the_questions() code from aa-mergeprof.
> 
> This means to convert the capability log events to a CapabilityRuleset
> stored in the (new) log_obj hasher, and then let the code from
> aa-mergeprof operate on this hasher.
> 
> Most of the code after the "aa-mergeprof also has this code" comment is
> a direct copy of the aa-mergeprof code, with the following changes:
> - filter for profile mode (enforce/complain)
> - set default button (allow or deny) based on profile mode
> - keep seen_events counter happy (even if it isn't displayed anywhere)
> - replace apparmor.aa.foo with just foo
> 
> The user interface is mostly unchanged, with two exceptions:
> - options always displayed, even if there is only one option
> - some slightly changed texts
> 
> [ 27-logprof-use-mergeprof-code-for-capability.diff ]

Acked-by: Steve Beattie <steve at nxnw.org>

> BTW: I'm not sure if filtering and having different default buttons
> based on the profile mode makes sense, except for "historical reasons".
> Opinions?

Yeah, I don't recall or understand why things were done that way
either.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150602/eebe63a9/attachment-0001.pgp>


More information about the AppArmor mailing list