[apparmor] [patch] load variables in ask_the_questions()

Christian Boltz apparmor at cboltz.de
Sun May 8 16:25:58 UTC 2016


Hello,

variables can be used in several rule types (from the existing *Rule
classes: change_profile, dbus, ptrace, signal). It seems nobody uses
variables with those rules, otherwise we'd have received a bugreport ;-)

I noticed this while working on FileRule, where usage of variables is
more common. The file code in bzr (not using a *Rule class) already
loads the variables, so old versions don't need changes for file rule
handling.

However, change_profile in 2.10 is affected. Therefore I propose this
patch for trunk and 2.10.


[ 79-load-variables-in-ask_the_questions.diff ]

--- utils/apparmor/aa.py        2016-05-08 14:10:06.824929772 +0200
+++ utils/apparmor/aa.py        2016-05-08 15:16:06.066231136 +0200
@@ -1,6 +1,6 @@
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
-#    Copyright (C) 2014-2015 Christian Boltz <apparmor at cboltz.de>
+#    Copyright (C) 2014-2016 Christian Boltz <apparmor at cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -1529,6 +1539,10 @@
                 UI_SelectUpdatedRepoProfile(profile, p)
 
             found += 1
+
+            sev_db.unload_variables()
+            sev_db.load_variables(get_profile_filename(profile))
+
             # Sorted list of hats with the profile name coming first
             hats = list(filter(lambda key: key != profile, sorted(log_dict[aamode][profile].keys())))
             if log_dict[aamode][profile].get(profile, False):
--- utils/aa-mergeprof  2016-05-08 14:10:06.824929772 +0200
+++ utils/aa-mergeprof  2016-05-08 15:16:20.066149892 +0200
@@ -1,7 +1,7 @@
 #! /usr/bin/env python
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
-#    Copyright (C) 2014-2015 Christian Boltz <apparmor at cboltz.de>
+#    Copyright (C) 2014-2016 Christian Boltz <apparmor at cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public@@ -18,7 +18,7 @@
@@ -18,7 +18,7 @@
 import os
 
 import apparmor.aa
-from apparmor.aa import available_buttons, combine_name, delete_duplicates, is_known_rule, match_includes
+from apparmor.aa import available_buttons, combine_name, delete_duplicates, get_profile_filename, is_known_rule, match_includes
 import apparmor.aamode
 from apparmor.common import AppArmorException
 from apparmor.regex import re_match_include
@@ -284,6 +284,9 @@
         if not sev_db:
             sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown'))
 
+        sev_db.unload_variables()
+        sev_db.load_variables(get_profile_filename(profile))
+
         for hat in sorted(other.aa[profile].keys()):
             #Add the includes from the other profile to the user profile
             done = False



Regards,

Christian Boltz
-- 
> The wiki is as much yours as it is ours, and if you think that
> someone deserves recognition by naming them, you don't need
> anybody's permission.
Then I must put my thanks to Bill Gates somewhere. he made me use
Linux.  :-)          [> Peter Flodin and houghi in opensuse-wiki]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160508/118efced/attachment.pgp>


More information about the AppArmor mailing list