[apparmor] [patch] More strict profile_storage()
Seth Arnold
seth.arnold at canonical.com
Mon Jun 5 21:50:24 UTC 2017
On Mon, Jun 05, 2017 at 11:20:33PM +0200, Christian Boltz wrote:
> Hello,
>
> this patch makes the profile_storage() data structure more strict. It
> - initializes everything inside a profile with proper values
> - makes the profile storage a dict() instead of a hasher(), which means
> it will complain loudly when trying to access non-existing elements
> (hasher() was more forgiving, but this also meant hiding bugs)
>
> The patch also fixes a minor issue related to the more strict 'repo'
> profile property in serialize_profile().
>
>
> Note that I propose this patch only for trunk.
>
> In theory it should also work on 2.11, but I won't take that risk.
>
> 2.10.x and older are guaranteed to crash in
> serialize_profile_from_old_profile() when (v)iew changes for a profile
> with child profiles is used. The switch to FileRule removed that broken
> code :-)
>
> I use this patch since (at least) several months locally, so there's a
> chance it doesn't break anything ;-)
>
>
> [ 01-strict-profile-storage.diff ]
Oh yeah! :D
I'd still rather see this using a class with fields, something where
you stand a chance of having python tell you "hey that field doesn't
exist" when you typo something, but removing the vast magic of hasher()
is already a fantastic step.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
>
> === modified file ./utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2015-12-26 16:47:30.614839586 +0100
> +++ utils/apparmor/aa.py 2015-12-26 16:46:25.451187459 +0100
> @@ -453,10 +453,7 @@
> # d) other: external, flags, name, profile, attachment, initial_comment, filename, info,
> # profile_keyword, header_comment (these two are currently only set by set_profile_flags())
>
> - # Note that this function doesn't explicitely init all those keys (yet).
> - # It will be extended over time, with the final goal to get rid of hasher().
> -
> - profile = hasher()
> + profile = dict()
>
> # profile['info'] isn't used anywhere, but can be helpful in debugging.
> profile['info'] = {'profile': profilename, 'hat': hat, 'calledby': calledby}
> @@ -472,8 +467,35 @@
> profile['rlimit'] = RlimitRuleset()
> profile['signal'] = SignalRuleset()
>
> - profile['allow']['mount'] = list()
> + profile['alias'] = dict()
> + profile['include'] = dict()
> + profile['localinclude'] = dict()
> + profile['repo'] = dict()
> + profile['lvar'] = dict()
> +
> + profile['filename'] = ''
> + profile['name'] = ''
> + profile['attachment'] = ''
> + profile['flags'] = ''
> + profile['external'] = False
> + profile['header_comment'] = ''
> + profile['initial_comment'] = ''
> + profile['profile_keyword'] = False
> + profile['profile'] = False # profile or hat?
> +
> + profile['allow'] = dict()
> + profile['deny'] = dict()
> +
> + profile['allow']['link'] = hasher()
> + profile['deny']['link'] = hasher()
> +
> + # mount, pivot_root, unix have a .get() fallback to list() - initialize them nevertheless
> + profile['allow']['mount'] = list()
> + profile['deny']['mount'] = list()
> profile['allow']['pivot_root'] = list()
> + profile['deny']['pivot_root'] = list()
> + profile['allow']['unix'] = list()
> + profile['deny']['unix'] = list()
>
> return profile
>
> @@ -3074,7 +3074,7 @@
> profile_data[name]['repo']['id']):
> repo = profile_data[name]['repo']
> string += '# REPOSITORY: %s %s %s\n' % (repo['url'], repo['user'], repo['id'])
> - elif profile_data[name]['repo']['neversubmit']:
> + elif profile_data[name]['repo'].get('neversubmit'):
> string += '# REPOSITORY: NEVERSUBMIT\n'
>
> # if profile_data[name].get('initial_comment', False):
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170605/321aee86/attachment.pgp>
More information about the AppArmor
mailing list