[apparmor] [patch] Fix regressions caused by init_aa()

Christian Boltz apparmor at cboltz.de
Thu Mar 2 23:52:02 UTC 2017 

Hello,

With the init_aa() patch series commited, minitools_test.py showed
several test failures - which effectively means the -d option of
aa-complain, aa-cleanprof etc. was broken.

These failures were caused by
- calling init_aa() too late in tools.py - _after_ setting the
  profiledir, which then got overwritten by init_aa()
- calling init_aa() twice (because apparmor.aa gets imported in two
  modules used by aa-cleanprof), which overwrote the manually set values
  on the second run

This patch fixes the call order in tools.py and adds a check to
init_aa() so that it can be run only once and ignores additional calls.


[ 02-fix-init_aa-regressions.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2017-03-03 00:10:55.506361000 +0100
+++ utils/apparmor/aa.py        2017-03-03 00:37:47.283693765 +0100
@@ -3779,6 +3781,9 @@
     global extra_profile_dir
     global parser
 
+    if CONFDIR:
+        return  # config already initialized (and possibly changed afterwards), so don't overwrite the config variables
+
     CONFDIR = confdir
     conf = apparmor.config.Config('ini', CONFDIR)
     cfg = conf.read_config('logprof.conf')
=== modified file ./utils/apparmor/tools.py
--- utils/apparmor/tools.py     2017-03-03 00:10:55.506361000 +0100
+++ utils/apparmor/tools.py     2017-03-03 00:23:54.587304297 +0100
@@ -24,6 +24,8 @@
 
 class aa_tools:
     def __init__(self, tool_name, args):
+        apparmor.init_aa()
+
         self.name = tool_name
         self.profiledir = args.dir
         self.profiling = args.program
@@ -31,8 +33,6 @@
         self.silent = None
         self.do_reload = args.do_reload
 
-        apparmor.init_aa()
-
         if tool_name in ['audit']:
             self.remove = args.remove
         elif tool_name == 'autodep':



Regards,

Christian Boltz
-- 
> Ich komme ja nicht aus dem Norden, aber gilt da nicht dieser Spruch:
> "Hamburg ist das Tor zur Welt, aber Bremen hat den Schlüssel dazu."
Stimmt. Aber damit können die nichts anfangen, weil Hamburg weltoffen
ist :-)         [> Martin Röhricht und Thorsten Körner in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170303/5885f969/attachment.pgp>

More information about the AppArmor mailing list