[apparmor] [patch] Change log_dict to use profile_storage() and simplify log translation

Christian Boltz apparmor at cboltz.de
Sun Feb 21 21:18:37 UTC 2016


Hello,

Am Montag, 22. Februar 2016, 02:07:42 CET schrieb Kshitij Gupta:
> On Fri, Dec 25, 2015 at 8:57 PM, Christian Boltz wrote:

> > [ 45-change-log_dict-to-profile_storage.diff ]
> > 
> > === modified file ./utils/apparmor/aa.py
> > --- utils/apparmor/aa.py        2015-12-25 15:10:26.931746576 +0100
> > +++ utils/apparmor/aa.py        2015-12-25 15:12:17.323014813 +0100

> >                  for ruletype in ruletypes:
> > -                    # XXX aa-mergeprof also has this code - if you
> > change it, keep aa-mergeprof in sync!
> > -                    for rule_obj in
> > log_obj[profile][hat][ruletype].rules: -
> > -                        if rule_obj.log_event != aamode:  # XXX
> > does it really make sense to handle enforce and complain mode
> > changes in different rounds?
> > -                            continue
> > +                    for rule_obj in
> > log_dict[aamode][profile][hat][ruletype].rules:
> > +                        # XXX aa-mergeprof also has this code - if
> > you change it, keep aa-mergeprof in sync!
> 
> sure it still does after the above change? Plus what does the *this
> code* even refer to?

To the code starting at this comment, until...

> >                          if is_known_rule(aa[profile][hat],
> >                          ruletype,
> > 
> > rule_obj):
> >                              continue
> > 
> > @@ -1789,8 +1762,8 @@
> > 
> >                      # END of code (mostly) shared with aa-mergeprof

... this comment.

The patch didn't change anything in between, so it should still be in sync.


For the records: remaining pending "old" patches are:

- 46-serialize_profile_from_old_profile-fix-wrong-access-to-write_prof_data.msg
  Fix wrong usage of write_prof_data in serialize_profile_from_old_profile()

- the DBUS series (except 1/9)

- document-empty-quotes-in-variables.msg
  Document empty quotes ("") as empty value of a variable

- profiles-smbd-cap-sys_admin.msg
  smbd profile needs capability sys_admin


Regards,

Christian Boltz
-- 
Ich bezweifle, dass jeder 1984 gelesen hat. Denn dann wüsten die
Kommentatoren, dass das Gros der Bürger gar nicht überwacht, sondern
einfach nur verdummt wurde. Privatfernsehen wurde übrigens in
Deutschland zum 1. Januar 1984 eingeführt. [Peter Brülls zu
http://blog.koehntopp.de/archives/3237-Kleine-Kinder-spielen-verstecken.html]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160221/68b8032c/attachment.pgp>


More information about the AppArmor mailing list