[apparmor] [patch] Let 'make check' work without logprof.conf

Christian Boltz apparmor at cboltz.de
Tue Oct 20 19:47:06 UTC 2015


Hello,

this patch checks if the cfg object is empty (happens if logprof.conf
doesn't exist). If so, it adds some empty sections to prevent various
failures in code that expects those sections to exist.

Another source of failures was using cfg['section']['setting']. The
patch changes various places to cfg['section'].get('setting') to prevent
those failures. (Those places all have a 'or ...' fallback.)

Finally, find_first_file() in config.py crashed if file_list was Null.
This is fixed by adding an "if file_list:" check before trying to
split() it.

With all those changes applied, 'make check' will work even if
/etc/apparmor/logprof.conf doesn't exist.


The patch also fixes the default value for inactive_profiledir
(I missed aa.py when I changed it to /usr/share/apparmor/extra-profiles/)


References: https://bugs.launchpad.net/apparmor/+bug/1393979



[ 99-let-make-check-work-without-configfile.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-10-20 20:25:44.251781214 +0200
+++ utils/apparmor/aa.py        2015-10-20 21:25:12.319785415 +0200
@@ -359,7 +359,7 @@
     pattern2 = re.compile('^\s*(\/\S+)')
     reqs = []
 
-    ldd = conf.find_first_file(cfg['settings']['ldd']) or '/usr/bin/ldd'
+    ldd = conf.find_first_file(cfg['settings'].get('ldd')) or '/usr/bin/ldd'
     if not os.path.isfile(ldd) or not os.access(ldd, os.EX_OK):
         raise AppArmorException('Can\'t find ldd')
 
@@ -4382,18 +4382,21 @@
 conf = apparmor.config.Config('ini', CONFDIR)
 cfg = conf.read_config('logprof.conf')
 
-#print(cfg['settings'])
-#if 'default_owner_prompt' in cfg['settings']:
+# prevent various failures if logprof.conf doesn't exist
+if not cfg.sections():
+    cfg.add_section('settings')
+    cfg.add_section('required_hats')
+
 if cfg['settings'].get('default_owner_prompt', False):
     cfg['settings']['default_owner_prompt'] = ''
 
-profile_dir = conf.find_first_dir(cfg['settings']['profiledir']) or '/etc/apparmor.d'
+profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
 if not os.path.isdir(profile_dir):
     raise AppArmorException('Can\'t find AppArmor profiles')
 
-extra_profile_dir = conf.find_first_dir(cfg['settings']['inactive_profiledir']) or '/etc/apparmor/profiles/extras/'
+extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
 
-parser = conf.find_first_file(cfg['settings']['parser']) or '/sbin/apparmor_parser'
+parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
 if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
     raise AppArmorException('Can\'t find apparmor_parser')
 
=== modified file ./utils/apparmor/config.py
--- utils/apparmor/config.py    2014-09-10 22:00:36.616976000 +0200
+++ utils/apparmor/config.py    2015-10-20 21:08:25.223330633 +0200
@@ -114,10 +114,11 @@
     def find_first_file(self, file_list):
         """Returns name of first matching file None otherwise"""
         filename = None
-        for f in file_list.split():
-            if os.path.isfile(f):
-                filename = f
-                break
+        if file_list:
+            for f in file_list.split():
+                if os.path.isfile(f):
+                    filename = f
+                    break
         return filename
 
     def find_first_dir(self, dir_list):



Regards,

Christian Boltz
-- 
Jetzt bringt das KDE schon ein eigenes shutdown mit? Ist ja ein kHammer!
(und morgen müssen wir kkernel (von klinux) und kinit installieren, was
dann mit kbash und kperl das knetzwerk, kindernet, papache, kquid und
kostfix knochfährt und dann das kX.org köffnet und kkde kanzeigt, kurz:
Kunix! SKNR.)   [Steffen Dettmer in suse-linux]




More information about the AppArmor mailing list