[apparmor] [PATCH 3/8] utils: Add confdir env variable to aa.py for in-tree testing
Christian Boltz
apparmor at cboltz.de
Sun Feb 12 18:55:31 UTC 2017
Hello,
Am Mittwoch, 8. Februar 2017, 22:01:40 CET schrieb Tyler Hicks:
> Instead of hard-coding the location of logprof.conf and other utils
> related configuration files to /etc/apparmor/, this patch looks for
> the "APPARMOR_PY_CONFDIR" environment variable and, when set, uses
> its value for the configuration directory.
>
> This allows for the make check target to use the in-tree config file,
> profiles, and parser by default. To override this behavior, the
> USE_SYSTEM make variable needs to be set like so:
>
> $ make USE_SYSTEM=1 -C utils check
>
> The APPARMOR_PY_CONFDIR should be considered somewhat user-facing,
> although undocumented at this time.
I'm not the biggest fan of env variables, so I'm a bit undecided on this
patch.
Pro:
- the env variable is an easy solution
- It makes it easy to test aa-logprof, aa-complain etc. with a different
config dir. Otherwise we'd have to add commandline parameters similar
to what 5/8 does in aa-easyprof.
Cons:
- undocumented env vars are not nice[tm]
- env variables are less "visible" than commandline parameters, so if
someone "accidently" has them set, it will make debugging more funny.
An alternative solution would be to move the global code in aa.py into
def init_aa( <various optional parameters> )
This would mean every user of aa.py has to call that function (at least
if using a function that depends on the configfile), but it would also
prevent executing some code (like reading the config file) when "just"
importing apparmor.aa.
BTW: Honoring the env variable in the tests would be acceptable - I'm
not too keen to handle a --system or --local option in all test-*.py
As I said, I'm still undecided, so please try to convince me that the
env variable is the better choice ;-)
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Cc: Christian Boltz <apparmor at cboltz.de>
> ---
> utils/apparmor/aa.py | 2 +-
> utils/test/Makefile | 6 ++++--
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
> index eecf8c7..9450baa 100644
> --- a/utils/apparmor/aa.py
> +++ b/utils/apparmor/aa.py
> @@ -73,7 +73,7 @@ _ = init_translation()
> # Setup logging incase of debugging is enabled
> debug_logger = DebugLogger('aa')
>
> -CONFDIR = '/etc/apparmor'
> +CONFDIR = os.getenv('APPARMOR_PY_CONFDIR', '/etc/apparmor')
As Seth already noted, the env variable could be empty.
Let me add that it could include crap, for exampe
APPARMOR_PY_CONFDIR=/you/will/never/find/me
I didn't test what happens in such cases, but maybe some sanity check
might be a good idea.
Besides this (and my general concerns about using an env variable), the
patch looks good.
Regards,
Christian Boltz
--
> > > > Boah. Du liest Doku... cool. Wie ist das so? :-)
> > > Ist ganz interessant ;-)
> > Sind da auch Bilder drin? Von Mädchen?
> *LoL* Bisher hab ich noch keine gefunden ;-)
Dann find ich Doku doof. [> Christian Boltz und Ratti]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170212/42d51078/attachment.pgp>
More information about the AppArmor
mailing list