<div dir="ltr">Hello,<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 22, 2016 at 1:28 AM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
if the program specified as get_output param isn't executable or doesn't<br>
exist at all, get_output() returns with ret = -1.<br>
<br>
Raising an exception looks like a better option, especially because<br>
other possible exec failures already raise an exception ("Unable to<br>
fork").<br>
<br>
Note: get_output is only used by get_reqs() which also does the<br>
os.access() check for x permissions (and raises an exception), so in<br>
practise raising an exception in get_output() doesn't change anything.<br>
<br>
<br>
This change also allows to rewrite and simplify get_output() quite a bit.<br>
<br>
<br>
Another minor change (and fix) is in the removal of the last line. The<br>
old code removed the last line if output contained at least two items.<br>
This had two not-so-nice effects:<br>
- an empty output resulted in [''] instead of []<br>
- if a command didn't add a \n on the last line, this line was deleted<br>
nevertheless<br>
<br>
The patch changes that to always remove the last line if it is empty,<br>
which fixes both issues mentioned above.<br>
<br>
<br>
Also add a test to ensure the exception is really raised, and adjust the<br>
test that expects an empty stdout.<br>
<br>
<br>
<br>
<br>
[ 67-get_output-dont-ignore-non-executable.diff ]<br>
<br>
--- utils/test/test-aa.py 2016-02-01 20:06:26.082212471 +0100<br>
+++ utils/test/test-aa.py 2016-02-01 20:12:46.228094146 +0100<br>
@@ -77,12 +77,16 @@<br>
tests = [<br>
(['./fake_ldd', '/AATest/lib64/<a href="http://libc-2.22.so" rel="noreferrer" target="_blank">libc-2.22.so</a>'], (0, [' /AATest/lib64/ld-linux-x86-64.so.2 (0x0000556858473000)', ' linux-vdso.so.1 (0x00007ffe98912000)'] )),<br>
(['./fake_ldd', '/tmp/aa-test-foo'], (0, [' not a dynamic executable'] )),<br>
- (['./fake_ldd', 'invalid'], (1, [''] )), # stderr is not part of output<br>
+ (['./fake_ldd', 'invalid'], (1, [] )), # stderr is not part of output<br>
]<br>
def _run_test(self, params, expected):<br>
self.assertEqual(get_output(params), expected)<br>
<br>
+ def test_get_output_nonexisting(self):<br>
+ with self.assertRaises(AppArmorException):<br>
+ ret, output = get_output(['./_file_/_not_/_found_'])<br>
+<br>
class AATest_get_reqs(AATest):<br>
tests = [<br>
('/AATest/bin/bash', ['/AATest/lib64/libreadline.so.6', '/AATest/lib64/libtinfo.so.6', '/AATest/lib64/libdl.so.2', '/AATest/lib64/libc.so.6', '/AATest/lib64/ld-linux-x86-64.so.2']),<br>
<br>
--- utils/apparmor/aa.py 2016-02-01 20:06:26.086212449 +0100<br>
+++ utils/apparmor/aa.py 2016-02-01 20:12:27.192200872 +0100<br>
@@ -334,27 +334,21 @@<br>
<br>
def get_output(params):<br>
- """Returns the return code output by running the program with the args given in the list"""<br>
+ '''Runs the program with the given args and returns the return code and stdout (as list of lines)'''<br>
- program = params[0]<br>
- # args = params[1:]<br>
- ret = -1<br>
- output = []<br>
- # program is executable<br>
- if os.access(program, os.X_OK):<br>
- try:<br>
- # Get the output of the program<br>
- output = subprocess.check_output(params)<br>
- except OSError as e:<br>
- raise AppArmorException(_("Unable to fork: %(program)s\n\t%(error)s") % { 'program': program, 'error': str(e) })<br>
- # If exit-codes besides 0<br>
- except subprocess.CalledProcessError as e:<br>
- output = e.output<br>
- output = output.decode('utf-8').split('\n')<br>
- ret = e.returncode<br>
- else:<br>
- ret = 0<br>
- output = output.decode('utf-8').split('\n')<br>
+ try:<br>
+ # Get the output of the program<br>
+ output = subprocess.check_output(params)<br>
+ ret = 0<br>
+ except OSError as e:<br>
+ raise AppArmorException(_("Unable to fork: %(program)s\n\t%(error)s") % { 'program': params[0], 'error': str(e) })<br>
+ except subprocess.CalledProcessError as e: # If exit-codes besides 0<br></blockquote><div>That comment looks off wrt "exit-codes", better written as: # exit code != 0<br>,or something along that line.<br> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ output = e.output<br>
+ ret = e.returncode<br>
+<br>
+ output = output.decode('utf-8').split('\n')<br>
+<br>
# Remove the extra empty string caused due to \n if present<br>
- if len(output) > 1:<br>
+ if output[len(output) - 1] == '':<br></blockquote><div>maybe worthwhile to add a .strip() just in case.<br><br>Nicely cleaned up!<br><br>Thanks for the patch.<br><br>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>><br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
output.pop()<br>
+<br>
return (ret, output)<br>
<br>
<br>
<br>
<br>
<br>
Regards,<br>
<br>
Christian Boltz<br>
<span class=""><font color="#888888">--<br>
Der geistige Horizont ist der Abstand zwischen Brett und Kopf.<br>
</font></span><br>--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br><br></div>Kshitij Gupta<br></div></div>
</div></div>