[apparmor] [patch] Add --no-reload parameter to minitools

Christian Boltz apparmor at cboltz.de
Mon May 25 13:38:41 UTC 2015 

Hello,

Am Montag, 25. Mai 2015 schrieb Christian Boltz:
> [ 33-minitools-add--no-reload-parameter.diff ]

I missed aa-cleanprof (do we have too many minitools?), so here's v2:


Add --no-reload parameter to minitools

Add a --no-reload parameter to aa-audit, aa-cleanprof, aa-complain, 
aa-disable and aa-enforce. This makes it possible to change the profile 
flags without reloading the profile.

Also change tools.py to honor the --no-reload parameter.

References: https://bugs.launchpad.net/apparmor/+bug/1458480


I propose this patch for trunk and 2.9.



[ 33-minitools-add--no-reload-parameter.diff ]

=== modified file utils/aa-audit
--- utils/aa-audit      2015-05-25 15:02:32.488225993 +0200
+++ utils/aa-audit      2015-05-25 14:58:04.064999029 +0200
@@ -26,6 +26,7 @@
 parser.add_argument('-r', '--remove', action='store_true', help=_('remove audit mode'))
 parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
 parser.add_argument('--trace', action='store_true', help=_('Show full trace'))
+parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it'))
 args = parser.parse_args()
 
 try:
=== modified file utils/aa-cleanprof
--- utils/aa-cleanprof  2014-09-13 21:41:36.318937957 +0200
+++ utils/aa-cleanprof  2015-05-25 15:29:32.353194973 +0200
@@ -24,6 +24,7 @@
 parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
 parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
 parser.add_argument('-s', '--silent', action='store_true', help=_('Silently overwrite with a clean profile'))
+parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it'))
 args = parser.parse_args()
 
 clean = apparmor.tools.aa_tools('cleanprof', args)
=== modified file utils/aa-complain
--- utils/aa-complain   2015-05-25 15:02:32.488225993 +0200
+++ utils/aa-complain   2015-05-25 14:58:41.188817768 +0200
@@ -23,6 +23,7 @@
 parser = argparse.ArgumentParser(description=_('Switch the given program to complain mode'))
 parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
 parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
+parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it'))
 args = parser.parse_args()
 
 tool = apparmor.tools.aa_tools('complain', args)
=== modified file utils/aa-disable
--- utils/aa-disable    2015-05-25 15:02:32.488225993 +0200
+++ utils/aa-disable    2015-05-25 14:56:21.385032307 +0200
@@ -23,6 +23,7 @@
 parser = argparse.ArgumentParser(description=_('Disable the profile for the given programs'))
 parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
 parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
+parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not unload the profile after modifying it'))
 args = parser.parse_args()
 
 tool = apparmor.tools.aa_tools('disable', args)
=== modified file utils/aa-enforce
--- utils/aa-enforce    2015-05-25 15:02:32.488225993 +0200
+++ utils/aa-enforce    2015-05-25 14:59:15.838781891 +0200
@@ -23,6 +23,7 @@
 parser = argparse.ArgumentParser(description=_('Switch the given program to enforce mode'))
 parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
 parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
+parser.add_argument('--no-reload', dest='do_reload', action='store_false', default=True, help=_('Do not reload the profile after modifying it'))
 args = parser.parse_args()
 
 tool = apparmor.tools.aa_tools('enforce', args)
=== modified file utils/apparmor/tools.py
--- utils/apparmor/tools.py     2015-05-25 15:02:32.489225934 +0200
+++ utils/apparmor/tools.py     2015-05-25 15:02:43.211595821 +0200
@@ -29,6 +29,7 @@
         self.profiling = args.program
         self.check_profile_dir()
         self.silent = None
+        self.do_reload = args.do_reload
 
         if tool_name in ['audit']:
             self.remove = args.remove
@@ -246,6 +247,9 @@
         apparmor.create_symlink('disable', filename)
 
     def unload_profile(self, profile):
+        if not self.do_reload:
+            return
+
         # FIXME: should ensure profile is loaded before unloading
         cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-R', profile])
 
@@ -253,6 +257,9 @@
             raise apparmor.AppArmorException(cmd_info[1])
 
     def reload_profile(self, profile):
+        if not self.do_reload:
+            return
+
         cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-r', profile])
 
         if cmd_info[0] != 0:



Regards,

Christian Boltz
-- 
<cboltz> jjohansen: you are making it too easy for kshitij8 ;-)
<jjohansen> cboltz: oops sorry, now I'll have to come up with a new task
            to make him suffer :)
<sarnold> review the c++11 conversion? :)
* sarnold runs
<jjohansen> haha, sarnold I said suffer, not drive him to commit suicide
[from #apparmor]

More information about the AppArmor mailing list