[apparmor] [patch] load variables in ask_the_questions()

Seth Arnold seth.arnold at canonical.com
Mon May 9 19:10:52 UTC 2016


On Sun, May 08, 2016 at 06:25:58PM +0200, Christian Boltz wrote:
> variables can be used in several rule types (from the existing *Rule
> classes: change_profile, dbus, ptrace, signal). It seems nobody uses
> variables with those rules, otherwise we'd have received a bugreport ;-)
> 
> I noticed this while working on FileRule, where usage of variables is
> more common. The file code in bzr (not using a *Rule class) already
> loads the variables, so old versions don't need changes for file rule
> handling.
> 
> However, change_profile in 2.10 is affected. Therefore I propose this
> patch for trunk and 2.10.
> 

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> 
> [ 79-load-variables-in-ask_the_questions.diff ]
> 
> --- utils/apparmor/aa.py        2016-05-08 14:10:06.824929772 +0200
> +++ utils/apparmor/aa.py        2016-05-08 15:16:06.066231136 +0200
> @@ -1,6 +1,6 @@
>  # ----------------------------------------------------------------------
>  #    Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
> -#    Copyright (C) 2014-2015 Christian Boltz <apparmor at cboltz.de>
> +#    Copyright (C) 2014-2016 Christian Boltz <apparmor at cboltz.de>
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public
> @@ -1529,6 +1539,10 @@
>                  UI_SelectUpdatedRepoProfile(profile, p)
>  
>              found += 1
> +
> +            sev_db.unload_variables()
> +            sev_db.load_variables(get_profile_filename(profile))
> +
>              # Sorted list of hats with the profile name coming first
>              hats = list(filter(lambda key: key != profile, sorted(log_dict[aamode][profile].keys())))
>              if log_dict[aamode][profile].get(profile, False):
> --- utils/aa-mergeprof  2016-05-08 14:10:06.824929772 +0200
> +++ utils/aa-mergeprof  2016-05-08 15:16:20.066149892 +0200
> @@ -1,7 +1,7 @@
>  #! /usr/bin/env python
>  # ----------------------------------------------------------------------
>  #    Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
> -#    Copyright (C) 2014-2015 Christian Boltz <apparmor at cboltz.de>
> +#    Copyright (C) 2014-2016 Christian Boltz <apparmor at cboltz.de>
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public@@ -18,7 +18,7 @@
> @@ -18,7 +18,7 @@
>  import os
>  
>  import apparmor.aa
> -from apparmor.aa import available_buttons, combine_name, delete_duplicates, is_known_rule, match_includes
> +from apparmor.aa import available_buttons, combine_name, delete_duplicates, get_profile_filename, is_known_rule, match_includes
>  import apparmor.aamode
>  from apparmor.common import AppArmorException
>  from apparmor.regex import re_match_include
> @@ -284,6 +284,9 @@
>          if not sev_db:
>              sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown'))
>  
> +        sev_db.unload_variables()
> +        sev_db.load_variables(get_profile_filename(profile))
> +
>          for hat in sorted(other.aa[profile].keys()):
>              #Add the includes from the other profile to the user profile
>              done = False
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160509/31b59d0d/attachment.pgp>


More information about the AppArmor mailing list