[apparmor] [PATCH v2 3/8] utils: Require apparmor.aa users to call init_aa()
Tyler Hicks
tyhicks at canonical.com
Wed Mar 1 20:52:01 UTC 2017
Introduce an apparmor.aa.init_aa() method and move the initialization
code of the apparmor.aa module into it. Note that this change will break
any external users of apparmor.aa because global variables that were
previously initialized when importing apparmor.aa will not be
initialized unless a call to the new apparmor.aa.init_aa() method is
made.
The main purpose of this change is to allow the utils tests to be able
to set a non-default location for configuration files. Instead of
hard-coding the location of logprof.conf and other utils related
configuration files to /etc/apparmor/, this patch allows it to be
configured by calling apparmor.aa.init_aa(confdir=PATH).
This allows for the make check target to use the in-tree config file,
profiles, and parser by default. A helper method, setup_aa(), is added
to common_test.py that checks for an environment variable containing a
non-default configuration directory path prior to calling
apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated
to call setup_aa().
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Suggested-by: Christian Boltz <apparmor at cboltz.de>
---
utils/aa-genprof | 1 +
utils/aa-logprof | 1 +
utils/aa-mergeprof | 3 +++
utils/aa-unconfined | 1 +
utils/apparmor/aa.py | 43 +++++++++++++++++++------------
utils/apparmor/cleanprofile.py | 1 +
utils/apparmor/tools.py | 2 ++
utils/test/Makefile | 6 +++--
utils/test/common_test.py | 11 ++++++++
utils/test/minitools_test.py | 3 ++-
utils/test/test-aa.py | 3 ++-
utils/test/test-libapparmor-test_multi.py | 3 ++-
utils/test/test-mount_parse.py | 3 ++-
utils/test/test-parser-simple-tests.py | 3 ++-
utils/test/test-pivot_root_parse.py | 3 ++-
utils/test/test-regex_matches.py | 3 ++-
utils/test/test-unix_parse.py | 3 ++-
17 files changed, 66 insertions(+), 27 deletions(-)
diff --git a/utils/aa-genprof b/utils/aa-genprof
index 3fe72bb..e2e6544 100755
--- a/utils/aa-genprof
+++ b/utils/aa-genprof
@@ -66,6 +66,7 @@ args = parser.parse_args()
profiling = args.program
profiledir = args.dir
+apparmor.init_aa()
apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
diff --git a/utils/aa-logprof b/utils/aa-logprof
index 05ebbd9..c05cbef 100755
--- a/utils/aa-logprof
+++ b/utils/aa-logprof
@@ -34,6 +34,7 @@ args = parser.parse_args()
profiledir = args.dir
logmark = args.mark or ''
+apparmor.init_aa()
apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof
index 4e1e633..1241515 100755
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@@ -43,6 +43,8 @@ args = parser.parse_args()
args.other = None
+apparmor.aa.init_aa()
+
profiles = args.files
profiledir = args.dir
@@ -136,6 +138,7 @@ class Merge(object):
user, base = profiles
#Read and parse base profile and save profile data, include data from it and reset them
+ apparmor.aa.init_aa()
apparmor.aa.read_profile(base, True)
self.base = cleanprofile.Prof(base)
diff --git a/utils/aa-unconfined b/utils/aa-unconfined
index 69e0d65..0407395 100755
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -40,6 +40,7 @@ args = parser.parse_args()
paranoid = args.paranoid
+aa.init_aa()
aa_mountpoint = aa.check_for_apparmor()
if not aa_mountpoint:
raise aa.AppArmorException(_("It seems AppArmor was not started. Please enable AppArmor and try again."))
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index eecf8c7..1464a21 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -73,14 +73,14 @@ _ = init_translation()
# Setup logging incase of debugging is enabled
debug_logger = DebugLogger('aa')
-CONFDIR = '/etc/apparmor'
-
# The database for severity
sev_db = None
# The file to read log messages from
### Was our
logfile = None
+CONFDIR = None
+conf = None
cfg = None
repo_cfg = None
@@ -3741,24 +3741,33 @@ def logger_path():
######Initialisations######
-conf = apparmor.config.Config('ini', CONFDIR)
-cfg = conf.read_config('logprof.conf')
+def init_aa(confdir="/etc/apparmor"):
+ global CONFDIR
+ global conf
+ global cfg
+ global profile_dir
+ global extra_profile_dir
+ global parser
+
+ CONFDIR = confdir
+ conf = apparmor.config.Config('ini', CONFDIR)
+ cfg = conf.read_config('logprof.conf')
-# prevent various failures if logprof.conf doesn't exist
-if not cfg.sections():
- cfg.add_section('settings')
- cfg.add_section('required_hats')
+ # prevent various failures if logprof.conf doesn't exist
+ if not cfg.sections():
+ cfg.add_section('settings')
+ cfg.add_section('required_hats')
-if cfg['settings'].get('default_owner_prompt', False):
- cfg['settings']['default_owner_prompt'] = ''
+ if cfg['settings'].get('default_owner_prompt', False):
+ cfg['settings']['default_owner_prompt'] = ''
-profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
-if not os.path.isdir(profile_dir):
- raise AppArmorException('Can\'t find AppArmor profiles in %s' % (profile_dir))
+ profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
+ if not os.path.isdir(profile_dir):
+ raise AppArmorException('Can\'t find AppArmor profiles in %s' % (profile_dir))
-extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
+ extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
-parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
-if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
- raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser))
+ parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
+ if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
+ raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser))
diff --git a/utils/apparmor/cleanprofile.py b/utils/apparmor/cleanprofile.py
index 5e2724e..0ef9b5a 100644
--- a/utils/apparmor/cleanprofile.py
+++ b/utils/apparmor/cleanprofile.py
@@ -16,6 +16,7 @@ import apparmor.aa as apparmor
class Prof(object):
def __init__(self, filename):
+ apparmor.init_aa()
self.aa = apparmor.aa
self.filelist = apparmor.filelist
self.include = apparmor.include
diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py
index 1eac5ef..c370853 100644
--- a/utils/apparmor/tools.py
+++ b/utils/apparmor/tools.py
@@ -31,6 +31,8 @@ class aa_tools:
self.silent = None
self.do_reload = args.do_reload
+ apparmor.init_aa()
+
if tool_name in ['audit']:
self.remove = args.remove
elif tool_name == 'autodep':
diff --git a/utils/test/Makefile b/utils/test/Makefile
index 014c094..025bba4 100644
--- a/utils/test/Makefile
+++ b/utils/test/Makefile
@@ -23,11 +23,13 @@ include $(COMMONDIR)/Make.rules
ifdef USE_SYSTEM
LD_LIBRARY_PATH=
PYTHONPATH=
+ CONFDIR=
else
# PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
PYTHON_DIST_BUILD_PATH = ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
LD_LIBRARY_PATH=../../libraries/libapparmor/src/.libs/
PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH)
+ CONFDIR=$(CURDIR)
endif
.PHONY: __libapparmor
@@ -62,10 +64,10 @@ clean:
rm -rf __pycache__/ .coverage htmlcov
check: __libapparmor
- export PYTHONPATH=$(PYTHONPATH) ; export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ; export LC_ALL=C; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
+ export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
.coverage: $(wildcard ../aa-* ../apparmor/*.py test-*.py) __libapparmor
- export PYTHONPATH=$(PYTHONPATH) ; export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH); export LC_ALL=C; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
+ export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
$(PYTHON) -m coverage combine
coverage: .coverage
diff --git a/utils/test/common_test.py b/utils/test/common_test.py
index 67a5e7d..f3d5c01 100755
--- a/utils/test/common_test.py
+++ b/utils/test/common_test.py
@@ -103,6 +103,17 @@ def setup_regex_tests(test_class):
stub_test.__doc__ = "test '%s': %s" % (line, desc)
setattr(test_class, 'test_%d' % (i), stub_test)
+def setup_aa(aa):
+ confdir = os.getenv('__AA_CONFDIR')
+ try:
+ if confdir:
+ aa.init_aa(confdir=confdir)
+ else:
+ aa.init_aa()
+ except AttributeError:
+ # apparmor.aa module versions <= 2.11 do not have the init_aa() method
+ pass
+
def write_file(directory, file, contents):
'''construct path, write contents to it, and return the constructed path'''
path = os.path.join(directory, file)
diff --git a/utils/test/minitools_test.py b/utils/test/minitools_test.py
index 7de1367..47c78f4 100755
--- a/utils/test/minitools_test.py
+++ b/utils/test/minitools_test.py
@@ -16,7 +16,7 @@ import shutil
import subprocess
import sys
import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
import apparmor.aa as apparmor
from common_test import read_file
@@ -156,6 +156,7 @@ class MinitoolsTest(AATest):
self.assertEqual(exp_content, real_content, 'Failed to cleanup profile properly')
+setup_aa(apparmor)
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
index 65cbd1f..a875c58 100644
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
from common_test import read_file, write_file
import os
@@ -855,6 +855,7 @@ class AaTest_propose_file_rules(AATest):
proposals = propose_file_rules(profile, rule_obj)
self.assertEqual(proposals, expected)
+setup_aa(apparmor.aa)
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py
index e9e3426..0e34564 100644
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
import unittest
-from common_test import AATest, setup_all_loops, read_file
+from common_test import AATest, setup_all_loops, setup_aa, read_file
import os
from apparmor.common import open_file_read
@@ -267,6 +267,7 @@ print('Testing libapparmor test_multi tests...')
TestLibapparmorTestMulti.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
TestLogToProfile.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
+setup_aa(apparmor.aa)
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=1) # reduced verbosity due to the big number of tests
diff --git a/utils/test/test-mount_parse.py b/utils/test/test-mount_parse.py
index 3f08fc2..37f4ec9 100644
--- a/utils/test/test-mount_parse.py
+++ b/utils/test/test-mount_parse.py
@@ -11,7 +11,7 @@
import apparmor.aa as aa
import unittest
-from common_test import AAParseTest, setup_regex_tests
+from common_test import AAParseTest, setup_regex_tests, setup_aa
class BaseAAParseMountTest(AAParseTest):
def setUp(self):
@@ -39,6 +39,7 @@ class AAParseUmountTest(BaseAAParseMountTest):
('unmount /mnt/external,', 'unmount with mount point'),
]
+setup_aa(aa)
if __name__ == '__main__':
setup_regex_tests(AAParseMountTest)
setup_regex_tests(AAParseRemountTest)
diff --git a/utils/test/test-parser-simple-tests.py b/utils/test/test-parser-simple-tests.py
index 92d81c3..303d901 100644
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
import apparmor.aa as apparmor
import os
@@ -397,6 +397,7 @@ def find_and_setup_test_profiles(profile_dir):
print('Running %s parser simple_tests...' % len(TestParseParserTests.tests))
+setup_aa(apparmor)
find_and_setup_test_profiles('../../parser/tst/simple_tests/')
setup_all_loops(__name__)
diff --git a/utils/test/test-pivot_root_parse.py b/utils/test/test-pivot_root_parse.py
index fa4840b..f2a1c32 100644
--- a/utils/test/test-pivot_root_parse.py
+++ b/utils/test/test-pivot_root_parse.py
@@ -11,7 +11,7 @@
import apparmor.aa as aa
import unittest
-from common_test import AAParseTest, setup_regex_tests
+from common_test import AAParseTest, setup_regex_tests, setup_aa
class AAParsePivotRootTest(AAParseTest):
def setUp(self):
@@ -24,6 +24,7 @@ class AAParsePivotRootTest(AAParseTest):
('pivot_root /old /new -> /usr/bin/child,', 'pivot_root child rule'),
]
+setup_aa(aa)
if __name__ == '__main__':
setup_regex_tests(AAParsePivotRootTest)
unittest.main(verbosity=2)
diff --git a/utils/test/test-regex_matches.py b/utils/test/test-regex_matches.py
index 9abbe5b..b93a714 100644
--- a/utils/test/test-regex_matches.py
+++ b/utils/test/test-regex_matches.py
@@ -11,7 +11,7 @@
import apparmor.aa as aa
import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.regex import ( strip_parenthesis, strip_quotes, parse_profile_start_line, re_match_include,
@@ -502,6 +502,7 @@ class TestStripQuotes(AATest):
+setup_aa(aa)
setup_all_loops(__name__)
if __name__ == '__main__':
# these two are not converted to a tests[] loop yet
diff --git a/utils/test/test-unix_parse.py b/utils/test/test-unix_parse.py
index be7056f..61d8307 100644
--- a/utils/test/test-unix_parse.py
+++ b/utils/test/test-unix_parse.py
@@ -11,7 +11,7 @@
import apparmor.aa as aa
import unittest
-from common_test import AAParseTest, setup_regex_tests
+from common_test import AAParseTest, setup_regex_tests, setup_aa
class AAParseUnixTest(AAParseTest):
@@ -34,6 +34,7 @@ class AAParseUnixTest(AAParseTest):
'complex unix rule'),
]
+setup_aa(aa)
if __name__ == '__main__':
setup_regex_tests(AAParseUnixTest)
unittest.main(verbosity=2)
--
2.7.4
More information about the AppArmor
mailing list