[apparmor] [patch] change aa-cleanprof to use reload_profile()

Christian Boltz apparmor at cboltz.de
Mon May 25 16:39:09 UTC 2015 

Hello,

aa-cleanprof (actually clean_profile() in tools.py) used reload_base()
from aa.py which sends the parser output to /dev/null. This had two
effects:
- aa-cleanprof ignored the --no-reload parameter
- there was no error message because reload_base() /dev/null's the
  parser output

This patch changes clean_profile() to use reload_profile() from tools.py
(which honors the --no-reload option).

Also add a TODO note to aa.py reload_base(), the (AFAIK only) winner of
the 'useless use of cat' award in the AppArmor code.
We should really change it to use reload_profile(), even if that means
moving the function from tools.py to aa.py or common.py. And it should
not /dev/null the apparmor_parser output. ;-)


[ 39-aa-cleanprof-use-reload_profile.diff ]

=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-05-25 18:10:56.809214154 +0200
+++ utils/apparmor/aa.py        2015-05-25 18:25:10.038065718 +0200
@@ -4124,6 +4124,7 @@
 
     prof_filename = get_profile_filename(bin_path)
 
+    # XXX use reload_profile() from tools.py instead (and don't hide output in /dev/null)
     subprocess.call("cat '%s' | %s -I%s -r >/dev/null 2>&1" % (prof_filename, parser, profile_dir), shell=True)
 
 def reload(bin_path):
=== modified file utils/apparmor/tools.py
--- utils/apparmor/tools.py     2015-05-25 18:03:19.395002160 +0200
+++ utils/apparmor/tools.py     2015-05-25 18:23:10.795080622 +0200
@@ -234,14 +234,14 @@
                     ans, arg = q.promptUser()
                     if ans == 'CMD_SAVE_CHANGES':
                         apparmor.write_profile_ui_feedback(program)
-                        apparmor.reload_base(program)
+                        self.reload_profile(filename)
                     elif ans == 'CMD_VIEW_CHANGES':
                         #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '')
                         newprofile = apparmor.serialize_profile(apparmor.aa[program], program, '')
                         apparmor.display_changes_with_comments(filename, newprofile)
             else:
                 apparmor.write_profile_ui_feedback(program)
-                apparmor.reload_base(program)
+                self.reload_profile(filename)
         else:
             raise apparmor.AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program)
 



Regards,

Christian Boltz
-- 
It is the old problem of data protection vs. data security. The data
in the journal is well protected. Protected from getting used by me.
[Stefan Seyfried in opensuse-factory]

More information about the AppArmor mailing list