[apparmor] [patch] Add --no-reload parameter to minitools

Kshitij Gupta kgupta8592 at gmail.com
Sun May 31 14:27:50 UTC 2015 

Hello,

On Mon, May 25, 2015 at 7:08 PM, Christian Boltz <apparmor at cboltz.de> wrote:

> Hello,
>
> Am Montag, 25. Mai 2015 schrieb Christian Boltz:
> > [ 33-minitools-add--no-reload-parameter.diff ]
>
> I missed aa-cleanprof (do we have too many minitools?), so here's v2:
>
What do you suggest? Splitting tools(much of code is shared) or a list of
tools using minitools embedded in code?

>
>
> Add --no-reload parameter to minitools
>
> Add a --no-reload parameter to aa-audit, aa-cleanprof, aa-complain,
> aa-disable and aa-enforce. This makes it possible to change the profile
> flags without reloading the profile.
>
> Also change tools.py to honor the --no-reload parameter.
>
> References: https://bugs.launchpad.net/apparmor/+bug/1458480
>
>
> I propose this patch for trunk and 2.9.
>
>
>
> [ 33-minitools-add--no-reload-parameter.diff ]
>
> === modified file utils/aa-audit
> --- utils/aa-audit      2015-05-25 15:02:32.488225993 +0200
> +++ utils/aa-audit      2015-05-25 14:58:04.064999029 +0200
> @@ -26,6 +26,7 @@
>  parser.add_argument('-r', '--remove', action='store_true', help=_('remove
> audit mode'))
>  parser.add_argument('program', type=str, nargs='+', help=_('name of
> program'))
>  parser.add_argument('--trace', action='store_true', help=_('Show full
> trace'))
> +parser.add_argument('--no-reload', dest='do_reload',
> action='store_false', default=True, help=_('Do not reload the profile after
> modifying it'))
>  args = parser.parse_args()
>
>  try:
> === modified file utils/aa-cleanprof
> --- utils/aa-cleanprof  2014-09-13 21:41:36.318937957 +0200
> +++ utils/aa-cleanprof  2015-05-25 15:29:32.353194973 +0200
> @@ -24,6 +24,7 @@
>  parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
>  parser.add_argument('program', type=str, nargs='+', help=_('name of
> program'))
>  parser.add_argument('-s', '--silent', action='store_true',
> help=_('Silently overwrite with a clean profile'))
> +parser.add_argument('--no-reload', dest='do_reload',
> action='store_false', default=True, help=_('Do not reload the profile after
> modifying it'))

 args = parser.parse_args()
>
>  clean = apparmor.tools.aa_tools('cleanprof', args)
> === modified file utils/aa-complain
> --- utils/aa-complain   2015-05-25 15:02:32.488225993 +0200
> +++ utils/aa-complain   2015-05-25 14:58:41.188817768 +0200
> @@ -23,6 +23,7 @@
>  parser = argparse.ArgumentParser(description=_('Switch the given program
> to complain mode'))
>  parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
>  parser.add_argument('program', type=str, nargs='+', help=_('name of
> program'))
> +parser.add_argument('--no-reload', dest='do_reload',
> action='store_false', default=True, help=_('Do not reload the profile after
> modifying it'))
>  args = parser.parse_args()
>
>  tool = apparmor.tools.aa_tools('complain', args)
> === modified file utils/aa-disable
> --- utils/aa-disable    2015-05-25 15:02:32.488225993 +0200
> +++ utils/aa-disable    2015-05-25 14:56:21.385032307 +0200
> @@ -23,6 +23,7 @@
>  parser = argparse.ArgumentParser(description=_('Disable the profile for
> the given programs'))
>  parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
>  parser.add_argument('program', type=str, nargs='+', help=_('name of
> program'))
> +parser.add_argument('--no-reload', dest='do_reload',
> action='store_false', default=True, help=_('Do not unload the profile after
> modifying it'))
>  args = parser.parse_args()
>
>  tool = apparmor.tools.aa_tools('disable', args)
> === modified file utils/aa-enforce
> --- utils/aa-enforce    2015-05-25 15:02:32.488225993 +0200
> +++ utils/aa-enforce    2015-05-25 14:59:15.838781891 +0200
> @@ -23,6 +23,7 @@
>  parser = argparse.ArgumentParser(description=_('Switch the given program
> to enforce mode'))
>  parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
>  parser.add_argument('program', type=str, nargs='+', help=_('name of
> program'))
> +parser.add_argument('--no-reload', dest='do_reload',
> action='store_false', default=True, help=_('Do not reload the profile after
> modifying it'))
>  args = parser.parse_args()
>
>  tool = apparmor.tools.aa_tools('enforce', args)
> === modified file utils/apparmor/tools.py
> --- utils/apparmor/tools.py     2015-05-25 15:02:32.489225934 +0200
> +++ utils/apparmor/tools.py     2015-05-25 15:02:43.211595821 +0200
> @@ -29,6 +29,7 @@
>          self.profiling = args.program
>          self.check_profile_dir()
>          self.silent = None
> +        self.do_reload = args.do_reload
>
>          if tool_name in ['audit']:
>              self.remove = args.remove
> @@ -246,6 +247,9 @@
>          apparmor.create_symlink('disable', filename)
>
>      def unload_profile(self, profile):
> +        if not self.do_reload:
> +            return
>
I had to go back up to see what do_reload stored for that if condition, I
guess I need more caffeine.

+
>
         # FIXME: should ensure profile is loaded before unloading
>          cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir,
> '--base', apparmor.profile_dir, '-R', profile])
>
> @@ -253,6 +257,9 @@
>              raise apparmor.AppArmorException(cmd_info[1])
>
>      def reload_profile(self, profile):
> +        if not self.do_reload:
> +            return
> +
>          cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir,
> '--base', apparmor.profile_dir, '-r', profile])
>
>          if cmd_info[0] != 0:
>
>
>
> Thanks for the quick follow-up on the bugreport, you beat me at it.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>.

Thanks.

Regards,

Kshitij Gupta


> Regards,
>
> Christian Boltz
> --
> <cboltz> jjohansen: you are making it too easy for kshitij8 ;-)
> <jjohansen> cboltz: oops sorry, now I'll have to come up with a new task
>             to make him suffer :)
> <sarnold> review the c++11 conversion? :)
> * sarnold runs
> <jjohansen> haha, sarnold I said suffer, not drive him to commit suicide
> [from #apparmor]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150531/df20da0b/attachment.html>

More information about the AppArmor mailing list