[apparmor] aa-enabled

John Johansen john.johansen at canonical.com
Sat Nov 28 18:38:34 UTC 2015 

v3

change conflicting/unknown option warning message slightly
output error string on failure
add binutils dir
add manpage
add makefile
add pot file

---

=== modified file 'Makefile'
--- Makefile	2015-01-24 00:01:14 +0000
+++ Makefile	2015-11-28 17:33:33 +0000
@@ -11,6 +11,7 @@
 DIRS=parser \
      profiles \
      utils \
+     binutils \
      libraries/libapparmor \
      changehat/mod_apparmor \
      changehat/pam_apparmor \

=== added directory 'binutils'
=== added file 'binutils/Makefile'
--- binutils/Makefile	1970-01-01 00:00:00 +0000
+++ binutils/Makefile	2015-11-28 18:18:25 +0000
@@ -0,0 +1,200 @@
+# ----------------------------------------------------------------------
+#    Copyright (c) 2015
+#    Canonical Ltd. (All rights reserved)
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+# ----------------------------------------------------------------------
+NAME=aa-binutils
+all:
+COMMONDIR=../common/
+
+include $(COMMONDIR)/Make.rules
+
+DESTDIR=/
+CONFDIR=/etc/apparmor
+INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
+LOCALEDIR=/usr/share/locale
+MANPAGES=aa-enabled.8
+
+WARNINGS = -Wall
+EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers -Wformat-security -Wunused-parameter
+CPP_WARNINGS =
+ifndef CFLAGS
+CFLAGS	= -g -O2 -pipe
+
+ifdef DEBUG
+CFLAGS += -pg -D DEBUG
+endif
+ifdef COVERAGE
+CFLAGS = -g -pg -fprofile-arcs -ftest-coverage
+endif
+endif #CFLAGS
+
+EXTRA_CFLAGS = ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
+
+#INCLUDEDIR = /usr/src/linux/include
+INCLUDEDIR =
+
+ifdef INCLUDEDIR
+	CFLAGS += -I$(INCLUDEDIR)
+endif
+
+# Internationalization support. Define a package and a LOCALEDIR
+EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
+
+# Compile-time configuration of the location of the config file
+EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\"
+
+SRCS = aa-enabled.c
+HDRS =
+TOOLS = aa-enabled
+
+AALIB = -Wl,-Bstatic -lapparmor  -Wl,-Bdynamic -lpthread
+
+ifdef USE_SYSTEM
+  # Using the system libapparmor so Makefile dependencies can't be used
+  LIBAPPARMOR_A =
+  INCLUDE_APPARMOR =
+  APPARMOR_H =
+else
+  LIBAPPARMOR_SRC = ../libraries/libapparmor/
+  LOCAL_LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include
+  LOCAL_LIBAPPARMOR_LDPATH = $(LIBAPPARMOR_SRC)/src/.libs
+
+  LIBAPPARMOR_A = $(LOCAL_LIBAPPARMOR_LDPATH)/libapparmor.a
+  INCLUDE_APPARMOR = -I$(LOCAL_LIBAPPARMOR_INCLUDE)
+  APPARMOR_H = $(LOCAL_LIBAPPARMOR_INCLUDE)/sys/apparmor.h
+endif
+EXTRA_CFLAGS += $(INCLUDE_APPARMOR)
+
+ifdef V
+  VERBOSE = 1
+endif
+ifndef VERBOSE
+  VERBOSE = 0
+endif
+ifeq ($(VERBOSE),1)
+  BUILD_OUTPUT =
+  Q =
+else
+  BUILD_OUTPUT = > /dev/null 2>&1
+  Q = @
+endif
+export Q VERBOSE BUILD_OUTPUT
+
+po/%.pot: %.c
+	$(MAKE) -C po $(@F) NAME=$* SOURCES=$*.c
+
+# targets arranged this way so that people who don't want full docs can
+# pick specific targets they want.
+arch: 	$(TOOLS)
+
+manpages:	$(MANPAGES)
+
+docs:	manpages
+
+indep: docs
+	$(Q)$(MAKE) -C po all
+
+all:	arch indep
+
+.PHONY: coverage
+coverage:
+	$(MAKE) clean aa-enabled COVERAGE=1
+
+ifndef USE_SYSTEM
+$(LIBAPPARMOR_A):
+	@if [ ! -f $@ ]; then \
+		echo "error: $@ is missing. Pick one of these possible solutions:" 1>&2; \
+		echo "  1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \
+		echo "  2) Build against the system libapparmor by adding USE_SYSTEM=1 to your make command." 1>&2;\
+		return 1; \
+	fi
+endif
+
+aa-enabled: aa-enabled.c $(LIBAPPARMOR_A)
+	$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
+
+.SILENT: check
+.PHONY: check
+check: check_pod_files tests
+
+.SILENT: tests
+tests: aa-enabled $(TESTS)
+	echo "no tests atm"
+
+.PHONY: install-rhel4
+install-rhel4: install-redhat
+
+.PHONY: install-redhat
+install-redhat:
+
+.PHONY: install-suse
+install-suse:
+
+.PHONY: install-slackware
+install-slackware:
+
+.PHONY: install-debian
+install-debian:
+
+.PHONY: install-unknown
+install-unknown:
+
+INSTALLDEPS=arch
+
+ifndef DISTRO
+DISTRO=$(shell if [ -f /etc/slackware-version ] ; then \
+	         echo slackware ; \
+	       elif [ -f /etc/debian_version ] ; then \
+	         echo debian ;\
+	       elif which rpm > /dev/null ; then \
+	         if [ "$(rpm --eval '0%{?suse_version}')" != "0" ] ; then \
+	             echo suse ;\
+	         elif [ "$(rpm --eval '%{_host_vendor}')" = redhat ] ; then \
+	            echo rhel4 ;\
+	         elif [ "$(rpm --eval '0%{?fedora}')" != "0" ] ; then \
+	            echo rhel4 ;\
+	         else \
+	            echo unknown ;\
+	         fi ;\
+	       else \
+	          echo unknown ;\
+	       fi)
+endif
+
+ifdef DISTRO
+INSTALLDEPS+=install-$(DISTRO)
+endif
+
+.PHONY: install
+install: install-indep install-arch
+
+.PHONY: install-arch
+install-arch: $(INSTALLDEPS)
+	install -m 755 -d $(DESTDIR)/sbin
+	install -m 755 ${TOOLS} $(DESTDIR)/sbin
+
+.PHONY: install-indep
+install-indep:
+	$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
+	$(MAKE) install_manpages DESTDIR=${DESTDIR}
+
+ifndef VERBOSE
+.SILENT: clean
+endif
+.PHONY: clean
+clean: pod_clean
+	rm -f core core.* *.o *.s *.a *~ *.gcda *.gcno
+	rm -f gmon.out
+	rm -f $(TOOLS) $(TESTS)
+	rm -f $(NAME)*.tar.gz $(NAME)*.tgz
+	$(MAKE) -s -C po clean
+

=== added file 'binutils/aa-enabled.c'
--- binutils/aa-enabled.c	1970-01-01 00:00:00 +0000
+++ binutils/aa-enabled.c	2015-11-28 17:34:45 +0000
@@ -0,0 +1,89 @@
+/*
+ *   Copyright (C) 2015 Canonical Ltd.
+ *
+ *   This program is free software; you can redistribute it and/or
+ *    modify it under the terms of version 2 of the GNU General Public
+ *   License published by the Free Software Foundation.
+ */
+
+#include <errno.h>
+#include <locale.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libintl.h>
+#define _(s) gettext(s)
+
+#include <sys/apparmor.h>
+
+#ifndef PACKAGE
+#define PACKAGE ""
+#define LOCALEDIR ""
+#endif
+
+void print_help(const char *command)
+{
+	printf(_("%s: [options]\n"
+		 "  options:\n"
+		 "  -q | --quiet        Don't print out any messages\n"
+		 "  -h | --help         Print help\n"),
+	       command);
+	exit(1);
+}
+
+int main(int argc, char **argv)
+{
+	int enabled;
+	int quiet = 0;
+	int err = 0;
+
+	setlocale(LC_MESSAGES, "");
+	bindtextdomain(PACKAGE, LOCALEDIR);
+	textdomain(PACKAGE);
+
+	if (argc > 2) {
+		printf(_("unknown or incompatible options\n"));
+		print_help(argv[0]);
+	} else if (argc == 2) {
+		if (strcmp(argv[1], "--quiet") == 0 ||
+		    strcmp(argv[1], "-q") == 0) {
+			quiet = 1;
+		} else if (strcmp(argv[1], "--help") == 0 ||
+			   strcmp(argv[1], "-h") == 0) {
+			print_help(argv[0]);
+		} else {
+			printf(_("unknown option '%s'\n"), argv[1]);
+			print_help(argv[0]);
+		}
+	}
+
+	enabled = aa_is_enabled();
+	err = errno;
+	if (enabled) {
+		if (!quiet)
+			printf(_("Yes\n"));
+		return 0;
+	}
+
+	if (!quiet) {
+		switch(err) {
+		case ENOSYS:
+			printf(_("No - not available on this system.\n"));
+			break;
+		case ECANCELED:
+			printf(_("No - disabled at boot.\n"));
+			break;
+		case ENOENT:
+			printf(_("Maybe - policy interface not available.\n"));
+			break;
+		case EPERM:
+		case EACCES:
+			printf(_("Maybe - insufficient permissions to determine availability.\n"));
+			break;
+		default:
+		  printf(_("Error - '%s'\n"), strerror(err));
+		}
+	}
+
+	return err;
+}

=== added file 'binutils/aa-enabled.pod'
--- binutils/aa-enabled.pod	1970-01-01 00:00:00 +0000
+++ binutils/aa-enabled.pod	2015-11-25 10:30:22 +0000
@@ -0,0 +1,62 @@
+# This publication is intellectual property of Canonical Ltd. Its contents
+# can be duplicated, either in part or in whole, provided that a copyright
+# label is visibly located on each copy.
+#
+# All information found in this book has been compiled with utmost
+# attention to detail. However, this does not guarantee complete accuracy.
+# Neither Canonical Ltd, the authors, nor the translators shall be held
+# liable for possible errors or the consequences thereof.
+#
+# Many of the software and hardware descriptions cited in this book
+# are registered trademarks. All trade names are subject to copyright
+# restrictions and may be registered trade marks. Canonical Ltd
+# essentially adheres to the manufacturer's spelling.
+#
+# Names of products and trademarks appearing in this book (with or without
+# specific notation) are likewise subject to trademark and trade protection
+# laws and may thus fall under copyright restrictions.
+#
+
+
+=pod
+
+=head1 NAME
+
+aa-enabled - test whether apparmor is enabled
+
+=head1 SYNOPSIS
+
+B<aa-enabled> [options]
+
+=head1 DESCRIPTION
+
+B<aa-enabled> is used to determine if apparmor is enabled and enforcing
+policy.
+
+=head1 OPTIONS
+B<aa-enabled> accepts the following arguments:
+
+=over 4
+
+=item -h, --help
+
+Display a brief usage guide.
+
+=item -q, --quiet
+
+Do not output anything to stdout. This option is intended to be used by
+scripts that can test use the exit code to determine if apparmor is
+enabled.
+
+=back
+
+=head1 BUGS
+
+If you find any bugs, please report them at
+L<https://bugs.launchpad.net/apparmor/+filebug>.
+
+=head1 SEE ALSO
+
+apparmor(7), apparmor.d(5), and L<http://wiki.apparmor.net>.
+
+=cut

=== added directory 'binutils/po'
=== added file 'binutils/po/Makefile'
--- binutils/po/Makefile	1970-01-01 00:00:00 +0000
+++ binutils/po/Makefile	2015-11-28 18:20:34 +0000
@@ -0,0 +1,19 @@
+# ----------------------------------------------------------------------
+#    Copyright (C) 2015 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+# ----------------------------------------------------------------------
+all:
+
+# As translations get added, they will automatically be included, unless
+# the lang is explicitly added to DISABLED_LANGS; e.g. DISABLED_LANGS=en es
+
+DISABLED_LANGS=
+
+COMMONDIR=../../common
+include $(COMMONDIR)/Make-po.rules
+
+XGETTEXT_ARGS+=--language=C --keyword=_ $(shell if [ -f ${NAME}.pot ] ; then echo -n -j ; fi)
+

=== added file 'binutils/po/aa-enabled.pot'
--- binutils/po/aa-enabled.pot	1970-01-01 00:00:00 +0000
+++ binutils/po/aa-enabled.pot	2015-11-28 18:23:11 +0000
@@ -0,0 +1,67 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Canonical Ltd
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: apparmor at lists.ubuntu.com\n"
+"POT-Creation-Date: 2015-11-28 10:23-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+"Language-Team: LANGUAGE <LL at li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../aa-enabled.c:26
+#, c-format
+msgid ""
+"%s: [options]\n"
+"  options:\n"
+"  -q | --quiet        Don't print out any messages\n"
+"  -h | --help         Print help\n"
+msgstr ""
+
+#: ../aa-enabled.c:45
+#, c-format
+msgid "unknown or incompatible options\n"
+msgstr ""
+
+#: ../aa-enabled.c:55
+#, c-format
+msgid "unknown option '%s'\n"
+msgstr ""
+
+#: ../aa-enabled.c:64
+#, c-format
+msgid "Yes\n"
+msgstr ""
+
+#: ../aa-enabled.c:71
+#, c-format
+msgid "No - not available on this system.\n"
+msgstr ""
+
+#: ../aa-enabled.c:74
+#, c-format
+msgid "No - disabled at boot.\n"
+msgstr ""
+
+#: ../aa-enabled.c:77
+#, c-format
+msgid "Maybe - policy interface not available.\n"
+msgstr ""
+
+#: ../aa-enabled.c:81
+#, c-format
+msgid "Maybe - insufficient permissions to determine availability.\n"
+msgstr ""
+
+#: ../aa-enabled.c:84
+#, c-format
+msgid "Error - '%s'\n"
+msgstr ""

=== modified file 'common/Make-po.rules'
--- common/Make-po.rules	2011-05-20 20:34:29 +0000
+++ common/Make-po.rules	2015-11-28 18:22:58 +0000
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 # Copyright (c) 1999-2008 NOVELL (All rights reserved)
-# Copyright 2009-2010 Canonical Ltd.
+# Copyright 2009-2015 Canonical Ltd.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of version 2 of the GNU General Public 
@@ -21,7 +21,7 @@
 # exist
 LOCALEDIR=/usr/share/locale
 
-XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor at lists.ubuntu.com -d ${NAME}
+XGETTEXT_ARGS=--copyright-holder="Canonical Ltd" --msgid-bugs-address=apparmor at lists.ubuntu.com -d ${NAME}
 
 # When making the .pot file, it's expected that the parent Makefile will
 # pass in the list of sources in the SOURCES variable

More information about the AppArmor mailing list