[apparmor] [patch] [4/7] Copy code to ask for adding hats to aa.py ask_the_questions()
Seth Arnold
seth.arnold at canonical.com
Tue Jan 17 20:58:03 UTC 2017
On Sun, Jan 15, 2017 at 04:24:46PM +0100, Christian Boltz wrote:
> Hello,
>
> $subject.
>
> Everything below "if aamode == 'merge':" is an exact copy of the code in
> aa-mergeprof (with whitespace changed).
>
> aa-logprof and aa-mergeprof will continue to ignore events from unknown
> hats and subprofiles.
>
> RFC: does this make sense, or should aa-logprof and aa-mergeprof also
> ask to add hats/subprofiles it finds in audit.log?
> Note that this question already contains an interesting problem - from
> the log, we don't know if a hat or a subprofile was requested, so we can
> either ask the user or default to one of them (which one?).
You've always got the most interesting[tm] questions. :)
I'm surprised aa-mergeprof reads the logs at all. I'd expect it to merge
whatever hats are both input profiles.
aa-logprof is where things get complicated; if the profile doesn't have
any hats but the logs shows hats, there's either one of two things:
- The profile in aa-logprof is vastly out of sync with what's being
enforced at the time of the log entries
- The profile is in learning mode rather than enforce mode, and thus the
changehats never fail.
In both cases, prompting the user seems like the right answer.
Did I overlook anything?
Thanks
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
>
>
> [ 04-aa.py-ask-for-adding-hats-in-merge-mode.diff ]
>
> === modified file ./utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2017-01-15 14:56:54.892510474 +0100
> +++ utils/apparmor/aa.py 2017-01-15 14:59:02.779898965 +0100
> @@ -1514,11 +1514,43 @@
> for hat in hats:
>
> if not aa[profile].get(hat).get('file'):
> - # Ignore log events for a non-existing profile or child profile. Such events can occour
> - # after deleting a profile or hat manually, or when processing a foreign log.
> - # (Checking for 'file' is a simplified way to check if it's a profile_storage() struct.)
> - debug_logger.debug("Ignoring events for non-existing profile %s" % combine_name(profile, hat))
> - continue
> + if aamode != 'merge':
> + # Ignore log events for a non-existing profile or child profile. Such events can occour
> + # after deleting a profile or hat manually, or when processing a foreign log.
> + # (Checking for 'file' is a simplified way to check if it's a profile_storage() struct.)
> + debug_logger.debug("Ignoring events for non-existing profile %s" % combine_name(profile, hat))
> + continue
> +
> + ans = ''
> + while ans not in ['CMD_ADDHAT', 'CMD_ADDSUBPROFILE', 'CMD_DENY']:
> + q = aaui.PromptQuestion()
> + q.headers += [_('Profile'), profile]
> +
> + if log_dict[aamode][profile][hat]['profile']:
> + q.headers += [_('Requested Subprofile'), hat]
> + q.functions.append('CMD_ADDSUBPROFILE')
> + else:
> + q.headers += [_('Requested Hat'), hat]
> + q.functions.append('CMD_ADDHAT')
> +
> + q.functions += ['CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED']
> +
> + q.default = 'CMD_DENY'
> +
> + ans = q.promptUser()[0]
> +
> + if ans == 'CMD_FINISHED':
> + return
> +
> + if ans == 'CMD_DENY':
> + continue # don't ask about individual rules if the user doesn't want the additional subprofile/hat
> +
> + if log_dict[aamode][profile][hat]['profile']:
> + aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing subprofile')
> + aa[profile][hat]['profile'] = True
> + else:
> + aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing hat')
> + aa[profile][hat]['profile'] = False
>
> #Add the includes from the other profile to the user profile
> done = False
>
>
>
> Regards,
>
> Christian Boltz
> --
> > You only read the second paragraph, didn't you?
> Why do you write emails where one has to read the stuff
> between the first and the last word?
> [> Stephan Kulow and Dirk Mueller in opensuse-packaging]
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170117/043bd9a7/attachment.pgp>
More information about the AppArmor
mailing list