[apparmor] [patch] [34/38] logprof, mergeprof: cleanup superfluous rules when user adds a new rule
Christian Boltz
apparmor at cboltz.de
Fri Aug 12 21:06:33 UTC 2016
Hello,
when an user adds a new rule to a profile, cleanup / delete existing
rules that are covered by the new rule, and report the number of deleted
rules.
[ 34-logprof-cleanup-duplicates-on-add.diff ]
=== modified file ./utils/aa-mergeprof
--- utils/aa-mergeprof 2016-08-08 23:55:34.096316427 +0200
+++ utils/aa-mergeprof 2016-08-11 22:56:37.215202376 +0200
@@ -393,9 +411,11 @@
else:
rule_obj =
selection_to_rule_obj(rule_obj, selection)
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_DENY':
if re_match_include(selection):
@@ -408,8 +428,10 @@
rule_obj =
selection_to_rule_obj(rule_obj, selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset
raw rule after manually modifying rule_obj
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_GLOB':
if not re_match_include(selection):
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2016-08-09 01:27:25.244323439 +0200
+++ utils/apparmor/aa.py 2016-08-11 22:54:49.815524051 +0200
@@ -1638,9 +1638,11 @@
else:
rule_obj =
selection_to_rule_obj(rule_obj, selection)
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_DENY':
if re_match_include(selection):
@@ -1653,8 +1655,10 @@
rule_obj =
selection_to_rule_obj(rule_obj, selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset
raw rule after manually modifying rule_obj
- aa[profile][hat]
[ruletype].add(rule_obj)
+ deleted = aa[profile][hat]
[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to
profile.') % rule_obj.get_clean())
+ if deleted:
+ aaui.UI_Info(_('Deleted %s
previous matching profile entries.') % deleted)
elif ans == 'CMD_GLOB':
if not re_match_include(selection):
Regards,
Christian Boltz
--
The mission statement is simply 'world domination',
but we don't tell anybody. :-)
[Juergen Weigert in opensuse-project]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/a1a4f6e9/attachment-0001.pgp>
More information about the AppArmor
mailing list