[apparmor] [patch] Update aa-mergeprof to use the NetworkRule(set) class layout

[Steve Beattie]

On Mon, May 25, 2015 at 12:53:50AM +0200, Christian Boltz wrote:
> Hello,
> 
> Am Sonntag, 17. Mai 2015 schrieb Christian Boltz:
> > [ 08-mergeprof-network-rule.diff ]
> 
> While thinking about patch 26, I noticed that aa-mergeprof isn't a good
> home for available_buttons(). Here's the updated patch that adds the
> function to aa.py instead.
> 
> Besides moving the function (and adding an import to aa-mergeprof),
> nothing was changed in the patch.
> 
> Update aa-mergeprof to use the NetworkRule(set) class layout
> 
> aa-mergeprof still used the old aa[profile][hat][allow]['netdomain']
> which no longer gets populated. This resulted in not asking for merging
> any network rules.
> 
> This patch changes ask_the_question() to the NetworkRule(set) layout.
> Besides that,
> - don't ask for network rules that are already covered.
>   Using is_known_rule() also fixes
>   https://bugs.launchpad.net/apparmor/+bug/1382241
> - include the audit keyword in the "Network Family" headline
>   (I'd prefer to just use the get_clean() rule, but that's another topic)
> - hide "(A)llow" when merging a deny rule
> - as a side effect of using NetworkRule, fix crashes for 'network,' and
>   'network foo,' rules
> 
> To avoid having to repeat the list of available "buttons" and the logic
> to update that list, add a available_buttons() function that returns the
> list of available buttons depending on rule_obj.deny and rule_obj.audit
> to aa.py, and import it into mergeprof.
> 
> I tested all changes manually.
> 
> [ 08-mergeprof-network-rule.diff ]

Acked-by: Steve Beattie <steve at nxnw.org>. Thanks!

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150528/19f5e6a8/attachment.pgp>