[apparmor] [patch] Add debug info to profile_storage()
John Johansen
john.johansen at canonical.com
Tue Oct 20 20:13:54 UTC 2015
On 07/20/2015 12:22 PM, Christian Boltz wrote:
> Hello,
>
> for debugging, it's helpful to know which part of the code initialized a
> profile_storage and for which profile and hat this was done.
>
> This patch adds an 'info' array with that information, adds the
> corresponding parameters to profile_storage() and changes the callers to
> deliver some useful content.
>
>
like kshitij, I'm not thrilled with the extra storage, nor do I care for
the extra parameters.
But I am all for debug, and it has proven helpful to you so
Acked-by: John Johansen <john.johansen at canonical.com>
>
> [ 81-profile_storage-debug-info.diff ]
>
> --- utils/apparmor/aa.py 2015-07-20 20:51:34.293945699 +0200
> +++ ./utils/apparmor/aa.py 2015-07-20 20:49:44.595427905 +0200
> @@ -402,7 +402,7 @@
> return {local_profile: extras[local_profile]}
> return dict()
>
> -def profile_storage():
> +def profile_storage(profilename, hat, details):
> # keys used in aa[profile][hat]:
> # a) rules (as dict): alias, include, lvar
> # b) rules (as hasher): allow, deny
> @@ -415,6 +415,9 @@
>
> profile = hasher()
>
> + # profile['info'] isn't used anywhere, but can be helpful in debugging.
> + profile['info'] = {'profile': profilename, 'hat': hat, 'details': details}
> +
> profile['capability'] = CapabilityRuleset()
> profile['change_profile'] = ChangeProfileRuleset()
> profile['network'] = NetworkRuleset()
> @@ -431,7 +434,7 @@
>
> def create_new_profile(localfile, is_stub=False):
> local_profile = hasher()
> - local_profile[localfile] = profile_storage()
> + local_profile[localfile] = profile_storage('NEW', localfile, 'create_new_profile()')
> local_profile[localfile]['flags'] = 'complain'
> local_profile[localfile]['include']['abstractions/base'] = 1
>
> @@ -1465,7 +1468,7 @@
> if ynans == 'y':
> hat = exec_target
> if not aa[profile].get(hat, False):
> - aa[profile][hat] = profile_storage()
> + aa[profile][hat] = profile_storage(profile, hat, 'handle_children()')
> aa[profile][hat]['profile'] = True
>
> if profile != hat:
> @@ -1588,7 +1591,7 @@
> hats = [profile] + hats
>
> for hat in hats:
> - log_obj[profile][hat] = profile_storage()
> + log_obj[profile][hat] = profile_storage(profile, hat, 'ask_the_questions()')
>
> for capability in sorted(log_dict[aamode][profile][hat]['capability'].keys()):
> capability_obj = CapabilityRule(capability, log_event=aamode)
> @@ -2564,7 +2593,7 @@
> if do_include:
> profile = file
> hat = file
> - profile_data[profile][hat] = profile_storage()
> + profile_data[profile][hat] = profile_storage(profile, hat, 'parse_profile_data() do_include %s' % file)
>
> for lineno, line in enumerate(data):
> line = line.strip()
> @@ -2582,7 +2611,7 @@
> raise AppArmorException('Profile %(profile)s defined twice in %(file)s, last found in line %(line)s' %
> { 'file': file, 'line': lineno + 1, 'profile': combine_name(profile, hat) })
>
> - profile_data[profile][hat] = profile_storage()
> + profile_data[profile][hat] = profile_storage(profile, hat, 'parse_profile_data() profile_start %s' % file)
>
> if attachment:
> profile_data[profile][hat]['attachment'] = attachment
> @@ -2987,7 +3016,7 @@
> # if hat is already known, the filelist check some lines below will error out.
> # nevertheless, just to be sure, don't overwrite existing profile_data.
> if not profile_data[profile].get(hat, False):
> - profile_data[profile][hat] = profile_storage()
> + profile_data[profile][hat] = profile_storage(profile, hat, 'parse_profile_data() hat_def %s' % file)
>
> flags = matches.group('flags')
>
> @@ -3036,7 +3066,7 @@
> if re.search(hatglob, parsed_prof):
> for hat in cfg['required_hats'][hatglob].split():
> if not profile_data[parsed_prof].get(hat, False):
> - profile_data[parsed_prof][hat] = profile_storage()
> + profile_data[parsed_prof][hat] = profile_storage(parsed_prof, hat, 'parse_profile_data() required_hats %s' % file)
>
> # End of file reached but we're stuck in a profile
> if profile and not do_include:
>
>
> Regards,
>
> Christian Boltz
>
More information about the AppArmor
mailing list