apparmor/utils/enforce

#!/usr/bin/perl
#
# $Id$
#
# ----------------------------------------------------------------------
#    Copyright (c) 2005 Novell, Inc. All Rights Reserved.
#      
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License as published by the Free Software Foundation.
#      
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#      
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, contact Novell, Inc.
#      
#    To contact Novell about this file by physical or electronic mail, 
#    you may find current contact information at www.novell.com.
# ----------------------------------------------------------------------

use strict;
use FindBin;
use Getopt::Long;

use Immunix::SubDomain;

use Data::Dumper;

use Locale::gettext;
use POSIX;

# initialize the local poo
setlocale(LC_MESSAGES, "");
textdomain("apparmor-utils");

$UI_Mode = "text";

# options variables
my $help           = '';
  
GetOptions(
  'dir|d=s'     => \$profiledir,
  'help|h'      => \$help,
);
  
# tell 'em how to use it...
&usage && exit if $help;

# let's convert it to full path...
$profiledir = get_full_path($profiledir);
  
unless(-d $profiledir) {
  UI_Important("Can't find subdomain profiles in $profiledir.");
  exit 1;
}

# read the settings in /etc/logprof.conf
readconfig();

# what are we profiling?
my @profiling = @ARGV;

unless(@profiling) {
  @profiling = ( UI_GetString(gettext("Please enter the program to switch to enforce mode: "), "") );
}

for my $profiling (@profiling) {

  next unless $profiling;

  my $fqdbin;
  if(-e $profiling) {
    $fqdbin = get_full_path($profiling);
    chomp($fqdbin);
  } else {
    if($profiling !~ /\//) {
      my $which = which($profiling);
      if($which) {
        $fqdbin = get_full_path($which);
      }
    }
  }

  if(-e $fqdbin) {
    my $filename;
    if($fqdbin =~ /^$profiledir\//) {
      $filename = $fqdbin;
    } else {
      $filename = getprofilefilename($fqdbin);
    }

    # argh, skip directories
    next unless -f $filename;

    # skip rpm backup files
    next if $filename =~ /\.rpm(save|new)$/;

    printf(gettext('Setting %s to enforce mode.'), $fqdbin);
    print "\n";
    setprofileflags($filename, "");

    system("cat $filename | $parser -I$profiledir -r >/dev/null 2>&1") if check_for_subdomain();
  } else {
    if($profiling =~ /^[^\/]+$/) {
       UI_Info(sprintf(gettext('Can\'t find %s in the system path list.  If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
      exit 1;
    } else {
      UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'). $profiling));
      exit 1;
    }
  }
}

exit 0;

sub usage {
  UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ program to switch to enforce mode ]"), $0));
  exit 0;
}
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`#!/usr/bin/perl`
			`#`
Set svn:keywords attributes on files, modify makefiles to point at new common/ location after converting to novell forge svn repo. 2006-04-12 19:31:08 +00:00			`# $Id$`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`#`
			`# ----------------------------------------------------------------------`
			`# Copyright (c) 2005 Novell, Inc. All Rights Reserved.`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License as published by the Free Software Foundation.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, contact Novell, Inc.`
			`#`
			`# To contact Novell about this file by physical or electronic mail,`
			`# you may find current contact information at www.novell.com.`
			`# ----------------------------------------------------------------------`

			`use strict;`
			`use FindBin;`
			`use Getopt::Long;`

			`use Immunix::SubDomain;`

			`use Data::Dumper;`

			`use Locale::gettext;`
			`use POSIX;`

			`# initialize the local poo`
			`setlocale(LC_MESSAGES, "");`
			`textdomain("apparmor-utils");`

			`$UI_Mode = "text";`

			`# options variables`
			`my $help = '';`

			`GetOptions(`
			`'dir\|d=s' => \$profiledir,`
			`'help\|h' => \$help,`
			`);`

			`# tell 'em how to use it...`
			`&usage && exit if $help;`

			`# let's convert it to full path...`
			`$profiledir = get_full_path($profiledir);`

			`unless(-d $profiledir) {`
			`UI_Important("Can't find subdomain profiles in $profiledir.");`
			`exit 1;`
			`}`

			`# read the settings in /etc/logprof.conf`
			`readconfig();`

			`# what are we profiling?`
			`my @profiling = @ARGV;`

			`unless(@profiling) {`
			`@profiling = ( UI_GetString(gettext("Please enter the program to switch to enforce mode: "), "") );`
			`}`

			`for my $profiling (@profiling) {`

			`next unless $profiling;`

			`my $fqdbin;`
			`if(-e $profiling) {`
			`$fqdbin = get_full_path($profiling);`
			`chomp($fqdbin);`
			`} else {`
			`if($profiling !~ /\//) {`
			`my $which = which($profiling);`
			`if($which) {`
			`$fqdbin = get_full_path($which);`
			`}`
			`}`
			`}`

			`if(-e $fqdbin) {`
			`my $filename;`
			`if($fqdbin =~ /^$profiledir\//) {`
			`$filename = $fqdbin;`
			`} else {`
			`$filename = getprofilefilename($fqdbin);`
			`}`

			`# argh, skip directories`
			`next unless -f $filename;`

			`# skip rpm backup files`
			`next if $filename =~ /\.rpm(save\|new)$/;`

			`printf(gettext('Setting %s to enforce mode.'), $fqdbin);`
			`print "\n";`
			`setprofileflags($filename, "");`

			`system("cat $filename \| $parser -I$profiledir -r >/dev/null 2>&1") if check_for_subdomain();`
			`} else {`
			`if($profiling =~ /^[^\/]+$/) {`
			`UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));`
			`exit 1;`
			`} else {`
			`UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'). $profiling));`
			`exit 1;`
			`}`
			`}`
			`}`

			`exit 0;`

			`sub usage {`
			`UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ program to switch to enforce mode ]"), $0));`
			`exit 0;`
			`}`