<div dir="ltr">Hello,<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 20, 2015 at 12:21 AM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
in some cases, the return value of name_to_prof_filename() is undefined.<br>
This happens when deleting the to-be-confined binary while running<br>
aa-genprof and leads to a not-too-helpful<br>
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 265, in enforce<br>
prof_filename, name = name_to_prof_filename(path)<br>
TypeError: 'NoneType' object is not iterable<br>
<br>
(reported by maslen on IRC)<br>
<br>
This patch makes sure name_to_prof_filename() always returns None, None<br>
(instead of undefined aka just None) so that at least the caller can<br>
successfully split it into two None values.<br>
<br>
For the exotic aa-genprof usecase given above, this at least improves<br>
the error message to<br>
Can't find $binary_name<br>
(raised by enforce() via fatal_error())<br>
<br>
<br>
The patch also changes fatal_error() to display the traceback first, and<br>
the human-readable message at the end, which makes it more likely that<br>
the user actually notices the human-readable message.<br></blockquote><div>This is the style followed by Python too I suppose for their traces. <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I propose this patch for trunk and 2.9.<br>
<br>
<br>
[ 80-name_to_prof_filename-better-error-behaviour.diff ]<br>
<br>
--- utils/apparmor/aa.py 2015-07-19 13:08:29.274534429 +0200<br>
+++ ./utils/apparmor/aa.py 2015-07-19 20:45:05.298955097 +0200<br>
@@ -150,8 +150,8 @@<br>
# Get the traceback to the message<br>
tb_stack = traceback.format_list(traceback.extract_stack())<br>
tb_stack = ''.join(tb_stack)<br>
- # Append the traceback to message<br>
- message = message + '\n' + tb_stack<br>
+ # Add the traceback to message<br>
+ message = tb_stack + '\n\n' + message<br>
debug_logger.error(message)<br>
caller = inspect.stack()[1][3]<br>
<br>
@@ -257,8 +257,8 @@<br>
prof_filename = get_profile_filename(bin_path)<br>
if os.path.isfile(prof_filename):<br>
return (prof_filename, bin_path)<br>
- else:<br>
- return None, None<br>
+<br>
+ return None, None<br>
<br>
def complain(path):<br>
"""Sets the profile to complain mode if it exists"""<br>
<br>
<br></blockquote><div><span class="im"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br></blockquote></span><div>Thanks for the patch.<br><br>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>> for both trunk and 2.9.<br></div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Regards,<br>
<br>
Christian Boltz<br>
<span class="HOEnZb"><font color="#888888">--<br>
>kann mir jemand sagen, wie ich aus einer aktuellen WindowMaker-Ober-<br>
>fläche ne neue Sitzung starte, ohne die aktuelle Oberfläche zu beenden?<br>
Ahem, Sitzung? Geh' ins Klo, setz dich nieder und ...<br>
Oder was meinst du mit "Sitzung"?<br>
[> Udo Gerhards und David Haller in suse-linux]<br>
<br>
<br>
--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br><br></div>Kshitij Gupta<br></div></div>
</div></div>