[apparmor] [PATCH v2 3/8] utils: Require apparmor.aa users to call init_aa()
Seth Arnold
seth.arnold at canonical.com
Wed Mar 1 22:31:00 UTC 2017
On Wed, Mar 01, 2017 at 08:52:01PM +0000, Tyler Hicks wrote:
> Introduce an apparmor.aa.init_aa() method and move the initialization
> code of the apparmor.aa module into it. Note that this change will break
> any external users of apparmor.aa because global variables that were
> previously initialized when importing apparmor.aa will not be
> initialized unless a call to the new apparmor.aa.init_aa() method is
> made.
>
> The main purpose of this change is to allow the utils tests to be able
> to set a non-default location for configuration files. Instead of
> hard-coding the location of logprof.conf and other utils related
> configuration files to /etc/apparmor/, this patch allows it to be
> configured by calling apparmor.aa.init_aa(confdir=PATH).
>
> This allows for the make check target to use the in-tree config file,
> profiles, and parser by default. A helper method, setup_aa(), is added
> to common_test.py that checks for an environment variable containing a
> non-default configuration directory path prior to calling
> apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated
> to call setup_aa().
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Suggested-by: Christian Boltz <apparmor at cboltz.de>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> utils/aa-genprof | 1 +
> utils/aa-logprof | 1 +
> utils/aa-mergeprof | 3 +++
> utils/aa-unconfined | 1 +
> utils/apparmor/aa.py | 43 +++++++++++++++++++------------
> utils/apparmor/cleanprofile.py | 1 +
> utils/apparmor/tools.py | 2 ++
> utils/test/Makefile | 6 +++--
> utils/test/common_test.py | 11 ++++++++
> utils/test/minitools_test.py | 3 ++-
> utils/test/test-aa.py | 3 ++-
> utils/test/test-libapparmor-test_multi.py | 3 ++-
> utils/test/test-mount_parse.py | 3 ++-
> utils/test/test-parser-simple-tests.py | 3 ++-
> utils/test/test-pivot_root_parse.py | 3 ++-
> utils/test/test-regex_matches.py | 3 ++-
> utils/test/test-unix_parse.py | 3 ++-
> 17 files changed, 66 insertions(+), 27 deletions(-)
>
> diff --git a/utils/aa-genprof b/utils/aa-genprof
> index 3fe72bb..e2e6544 100755
> --- a/utils/aa-genprof
> +++ b/utils/aa-genprof
> @@ -66,6 +66,7 @@ args = parser.parse_args()
> profiling = args.program
> profiledir = args.dir
>
> +apparmor.init_aa()
> apparmor.set_logfile(args.file)
>
> aa_mountpoint = apparmor.check_for_apparmor()
> diff --git a/utils/aa-logprof b/utils/aa-logprof
> index 05ebbd9..c05cbef 100755
> --- a/utils/aa-logprof
> +++ b/utils/aa-logprof
> @@ -34,6 +34,7 @@ args = parser.parse_args()
> profiledir = args.dir
> logmark = args.mark or ''
>
> +apparmor.init_aa()
> apparmor.set_logfile(args.file)
>
> aa_mountpoint = apparmor.check_for_apparmor()
> diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof
> index 4e1e633..1241515 100755
> --- a/utils/aa-mergeprof
> +++ b/utils/aa-mergeprof
> @@ -43,6 +43,8 @@ args = parser.parse_args()
>
> args.other = None
>
> +apparmor.aa.init_aa()
> +
> profiles = args.files
>
> profiledir = args.dir
> @@ -136,6 +138,7 @@ class Merge(object):
> user, base = profiles
>
> #Read and parse base profile and save profile data, include data from it and reset them
> + apparmor.aa.init_aa()
> apparmor.aa.read_profile(base, True)
> self.base = cleanprofile.Prof(base)
>
> diff --git a/utils/aa-unconfined b/utils/aa-unconfined
> index 69e0d65..0407395 100755
> --- a/utils/aa-unconfined
> +++ b/utils/aa-unconfined
> @@ -40,6 +40,7 @@ args = parser.parse_args()
>
> paranoid = args.paranoid
>
> +aa.init_aa()
> aa_mountpoint = aa.check_for_apparmor()
> if not aa_mountpoint:
> raise aa.AppArmorException(_("It seems AppArmor was not started. Please enable AppArmor and try again."))
> diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
> index eecf8c7..1464a21 100644
> --- a/utils/apparmor/aa.py
> +++ b/utils/apparmor/aa.py
> @@ -73,14 +73,14 @@ _ = init_translation()
> # Setup logging incase of debugging is enabled
> debug_logger = DebugLogger('aa')
>
> -CONFDIR = '/etc/apparmor'
> -
> # The database for severity
> sev_db = None
> # The file to read log messages from
> ### Was our
> logfile = None
>
> +CONFDIR = None
> +conf = None
> cfg = None
> repo_cfg = None
>
> @@ -3741,24 +3741,33 @@ def logger_path():
>
> ######Initialisations######
>
> -conf = apparmor.config.Config('ini', CONFDIR)
> -cfg = conf.read_config('logprof.conf')
> +def init_aa(confdir="/etc/apparmor"):
> + global CONFDIR
> + global conf
> + global cfg
> + global profile_dir
> + global extra_profile_dir
> + global parser
> +
> + CONFDIR = confdir
> + conf = apparmor.config.Config('ini', CONFDIR)
> + cfg = conf.read_config('logprof.conf')
>
> -# prevent various failures if logprof.conf doesn't exist
> -if not cfg.sections():
> - cfg.add_section('settings')
> - cfg.add_section('required_hats')
> + # prevent various failures if logprof.conf doesn't exist
> + if not cfg.sections():
> + cfg.add_section('settings')
> + cfg.add_section('required_hats')
>
> -if cfg['settings'].get('default_owner_prompt', False):
> - cfg['settings']['default_owner_prompt'] = ''
> + if cfg['settings'].get('default_owner_prompt', False):
> + cfg['settings']['default_owner_prompt'] = ''
>
> -profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
> -if not os.path.isdir(profile_dir):
> - raise AppArmorException('Can\'t find AppArmor profiles in %s' % (profile_dir))
> + profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
> + if not os.path.isdir(profile_dir):
> + raise AppArmorException('Can\'t find AppArmor profiles in %s' % (profile_dir))
>
> -extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
> + extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
>
> -parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
> -if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
> - raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser))
> + parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
> + if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
> + raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser))
>
> diff --git a/utils/apparmor/cleanprofile.py b/utils/apparmor/cleanprofile.py
> index 5e2724e..0ef9b5a 100644
> --- a/utils/apparmor/cleanprofile.py
> +++ b/utils/apparmor/cleanprofile.py
> @@ -16,6 +16,7 @@ import apparmor.aa as apparmor
>
> class Prof(object):
> def __init__(self, filename):
> + apparmor.init_aa()
> self.aa = apparmor.aa
> self.filelist = apparmor.filelist
> self.include = apparmor.include
> diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py
> index 1eac5ef..c370853 100644
> --- a/utils/apparmor/tools.py
> +++ b/utils/apparmor/tools.py
> @@ -31,6 +31,8 @@ class aa_tools:
> self.silent = None
> self.do_reload = args.do_reload
>
> + apparmor.init_aa()
> +
> if tool_name in ['audit']:
> self.remove = args.remove
> elif tool_name == 'autodep':
> diff --git a/utils/test/Makefile b/utils/test/Makefile
> index 014c094..025bba4 100644
> --- a/utils/test/Makefile
> +++ b/utils/test/Makefile
> @@ -23,11 +23,13 @@ include $(COMMONDIR)/Make.rules
> ifdef USE_SYSTEM
> LD_LIBRARY_PATH=
> PYTHONPATH=
> + CONFDIR=
> else
> # PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
> PYTHON_DIST_BUILD_PATH = ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
> LD_LIBRARY_PATH=../../libraries/libapparmor/src/.libs/
> PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH)
> + CONFDIR=$(CURDIR)
> endif
>
> .PHONY: __libapparmor
> @@ -62,10 +64,10 @@ clean:
> rm -rf __pycache__/ .coverage htmlcov
>
> check: __libapparmor
> - export PYTHONPATH=$(PYTHONPATH) ; export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ; export LC_ALL=C; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
> + export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
>
> .coverage: $(wildcard ../aa-* ../apparmor/*.py test-*.py) __libapparmor
> - export PYTHONPATH=$(PYTHONPATH) ; export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH); export LC_ALL=C; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
> + export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
> $(PYTHON) -m coverage combine
>
> coverage: .coverage
> diff --git a/utils/test/common_test.py b/utils/test/common_test.py
> index 67a5e7d..f3d5c01 100755
> --- a/utils/test/common_test.py
> +++ b/utils/test/common_test.py
> @@ -103,6 +103,17 @@ def setup_regex_tests(test_class):
> stub_test.__doc__ = "test '%s': %s" % (line, desc)
> setattr(test_class, 'test_%d' % (i), stub_test)
>
> +def setup_aa(aa):
> + confdir = os.getenv('__AA_CONFDIR')
> + try:
> + if confdir:
> + aa.init_aa(confdir=confdir)
> + else:
> + aa.init_aa()
> + except AttributeError:
> + # apparmor.aa module versions <= 2.11 do not have the init_aa() method
> + pass
> +
> def write_file(directory, file, contents):
> '''construct path, write contents to it, and return the constructed path'''
> path = os.path.join(directory, file)
> diff --git a/utils/test/minitools_test.py b/utils/test/minitools_test.py
> index 7de1367..47c78f4 100755
> --- a/utils/test/minitools_test.py
> +++ b/utils/test/minitools_test.py
> @@ -16,7 +16,7 @@ import shutil
> import subprocess
> import sys
> import unittest
> -from common_test import AATest, setup_all_loops
> +from common_test import AATest, setup_all_loops, setup_aa
>
> import apparmor.aa as apparmor
> from common_test import read_file
> @@ -156,6 +156,7 @@ class MinitoolsTest(AATest):
> self.assertEqual(exp_content, real_content, 'Failed to cleanup profile properly')
>
>
> +setup_aa(apparmor)
> setup_all_loops(__name__)
> if __name__ == '__main__':
> unittest.main(verbosity=2)
> diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
> index 65cbd1f..a875c58 100644
> --- a/utils/test/test-aa.py
> +++ b/utils/test/test-aa.py
> @@ -10,7 +10,7 @@
> # ------------------------------------------------------------------
>
> import unittest
> -from common_test import AATest, setup_all_loops
> +from common_test import AATest, setup_all_loops, setup_aa
> from common_test import read_file, write_file
>
> import os
> @@ -855,6 +855,7 @@ class AaTest_propose_file_rules(AATest):
> proposals = propose_file_rules(profile, rule_obj)
> self.assertEqual(proposals, expected)
>
> +setup_aa(apparmor.aa)
> setup_all_loops(__name__)
> if __name__ == '__main__':
> unittest.main(verbosity=2)
> diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py
> index e9e3426..0e34564 100644
> --- a/utils/test/test-libapparmor-test_multi.py
> +++ b/utils/test/test-libapparmor-test_multi.py
> @@ -10,7 +10,7 @@
> # ------------------------------------------------------------------
>
> import unittest
> -from common_test import AATest, setup_all_loops, read_file
> +from common_test import AATest, setup_all_loops, setup_aa, read_file
>
> import os
> from apparmor.common import open_file_read
> @@ -267,6 +267,7 @@ print('Testing libapparmor test_multi tests...')
> TestLibapparmorTestMulti.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
> TestLogToProfile.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
>
> +setup_aa(apparmor.aa)
> setup_all_loops(__name__)
> if __name__ == '__main__':
> unittest.main(verbosity=1) # reduced verbosity due to the big number of tests
> diff --git a/utils/test/test-mount_parse.py b/utils/test/test-mount_parse.py
> index 3f08fc2..37f4ec9 100644
> --- a/utils/test/test-mount_parse.py
> +++ b/utils/test/test-mount_parse.py
> @@ -11,7 +11,7 @@
>
> import apparmor.aa as aa
> import unittest
> -from common_test import AAParseTest, setup_regex_tests
> +from common_test import AAParseTest, setup_regex_tests, setup_aa
>
> class BaseAAParseMountTest(AAParseTest):
> def setUp(self):
> @@ -39,6 +39,7 @@ class AAParseUmountTest(BaseAAParseMountTest):
> ('unmount /mnt/external,', 'unmount with mount point'),
> ]
>
> +setup_aa(aa)
> if __name__ == '__main__':
> setup_regex_tests(AAParseMountTest)
> setup_regex_tests(AAParseRemountTest)
> diff --git a/utils/test/test-parser-simple-tests.py b/utils/test/test-parser-simple-tests.py
> index 92d81c3..303d901 100644
> --- a/utils/test/test-parser-simple-tests.py
> +++ b/utils/test/test-parser-simple-tests.py
> @@ -10,7 +10,7 @@
> # ------------------------------------------------------------------
>
> import unittest
> -from common_test import AATest, setup_all_loops
> +from common_test import AATest, setup_all_loops, setup_aa
> import apparmor.aa as apparmor
>
> import os
> @@ -397,6 +397,7 @@ def find_and_setup_test_profiles(profile_dir):
> print('Running %s parser simple_tests...' % len(TestParseParserTests.tests))
>
>
> +setup_aa(apparmor)
> find_and_setup_test_profiles('../../parser/tst/simple_tests/')
>
> setup_all_loops(__name__)
> diff --git a/utils/test/test-pivot_root_parse.py b/utils/test/test-pivot_root_parse.py
> index fa4840b..f2a1c32 100644
> --- a/utils/test/test-pivot_root_parse.py
> +++ b/utils/test/test-pivot_root_parse.py
> @@ -11,7 +11,7 @@
>
> import apparmor.aa as aa
> import unittest
> -from common_test import AAParseTest, setup_regex_tests
> +from common_test import AAParseTest, setup_regex_tests, setup_aa
>
> class AAParsePivotRootTest(AAParseTest):
> def setUp(self):
> @@ -24,6 +24,7 @@ class AAParsePivotRootTest(AAParseTest):
> ('pivot_root /old /new -> /usr/bin/child,', 'pivot_root child rule'),
> ]
>
> +setup_aa(aa)
> if __name__ == '__main__':
> setup_regex_tests(AAParsePivotRootTest)
> unittest.main(verbosity=2)
> diff --git a/utils/test/test-regex_matches.py b/utils/test/test-regex_matches.py
> index 9abbe5b..b93a714 100644
> --- a/utils/test/test-regex_matches.py
> +++ b/utils/test/test-regex_matches.py
> @@ -11,7 +11,7 @@
>
> import apparmor.aa as aa
> import unittest
> -from common_test import AATest, setup_all_loops
> +from common_test import AATest, setup_all_loops, setup_aa
> from apparmor.common import AppArmorBug, AppArmorException
>
> from apparmor.regex import ( strip_parenthesis, strip_quotes, parse_profile_start_line, re_match_include,
> @@ -502,6 +502,7 @@ class TestStripQuotes(AATest):
>
>
>
> +setup_aa(aa)
> setup_all_loops(__name__)
> if __name__ == '__main__':
> # these two are not converted to a tests[] loop yet
> diff --git a/utils/test/test-unix_parse.py b/utils/test/test-unix_parse.py
> index be7056f..61d8307 100644
> --- a/utils/test/test-unix_parse.py
> +++ b/utils/test/test-unix_parse.py
> @@ -11,7 +11,7 @@
>
> import apparmor.aa as aa
> import unittest
> -from common_test import AAParseTest, setup_regex_tests
> +from common_test import AAParseTest, setup_regex_tests, setup_aa
>
> class AAParseUnixTest(AAParseTest):
>
> @@ -34,6 +34,7 @@ class AAParseUnixTest(AAParseTest):
> 'complex unix rule'),
> ]
>
> +setup_aa(aa)
> if __name__ == '__main__':
> setup_regex_tests(AAParseUnixTest)
> unittest.main(verbosity=2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170301/5200d953/attachment.pgp>
More information about the AppArmor
mailing list