mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
require logfile only for aa-logprof and aa-genprof
Make sure most tools (for example aa-complain) don't error out if no logfile can be found. (For obvious reasons, aa-logprof and aa-genprof will still require a logfile ;-) This is done by moving code from the global area in aa.py to the new function set_logfile(), which is called by aa-logprof and aa-genprof. While on it, - rename apparmor.filename to apparmor.logfile - move the error handling for user-specified logfile from aa-genprof and aa-logprof to aa.py set_logfile() Note: I'd have prefered to hand over the logfile as parameter to do_logprof_pass(), but that would break last_audit_entry_time() in aa-genprof which requires the log filename before do_logprof_pass() is called. References: https://bugs.launchpad.net/apparmor/+bug/1423702 Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Christian Boltz
parent
4ec29a7e29
commit
064697e791
3 changed files with 25 additions and 26 deletions
|
|
@ -41,7 +41,7 @@ def sysctl_write(path, value):
|
|||
f_out.write(str(value))
|
||||
|
||||
def last_audit_entry_time():
|
||||
out = subprocess.check_output(['tail', '-1', apparmor.filename])
|
||||
out = subprocess.check_output(['tail', '-1', apparmor.logfile])
|
||||
logmark = None
|
||||
out = out.decode('ascii')
|
||||
if re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out):
|
||||
|
|
@ -61,16 +61,8 @@ args = parser.parse_args()
|
|||
|
||||
profiling = args.program
|
||||
profiledir = args.dir
|
||||
filename = args.file
|
||||
|
||||
|
||||
if filename:
|
||||
if not os.path.exists(filename):
|
||||
raise apparmor.AppArmorException(_('The logfile %s does not exist. Please check the path') % filename)
|
||||
elif os.path.isdir(filename):
|
||||
raise apparmor.AppArmorException(_('%s is a directory. Please specify a file as logfile') % filename)
|
||||
else:
|
||||
apparmor.filename = filename
|
||||
apparmor.set_logfile(args.file)
|
||||
|
||||
aa_mountpoint = apparmor.check_for_apparmor()
|
||||
if not aa_mountpoint:
|
||||
|
|
|
|||
|
|
@ -28,17 +28,9 @@ parser.add_argument('-m', '--mark', type=str, help=_('mark in the log to start p
|
|||
args = parser.parse_args()
|
||||
|
||||
profiledir = args.dir
|
||||
filename = args.file
|
||||
logmark = args.mark or ''
|
||||
|
||||
|
||||
if filename:
|
||||
if not os.path.exists(filename):
|
||||
raise apparmor.AppArmorException(_('The logfile %s does not exist. Please check the path') % filename)
|
||||
elif os.path.isdir(filename):
|
||||
raise apparmor.AppArmorException(_('%s is a directory. Please specify a file as logfile') % filename)
|
||||
else:
|
||||
apparmor.filename = filename
|
||||
apparmor.set_logfile(args.file)
|
||||
|
||||
aa_mountpoint = apparmor.check_for_apparmor()
|
||||
if not aa_mountpoint:
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ unimplemented_warning = False
|
|||
sev_db = None
|
||||
# The file to read log messages from
|
||||
### Was our
|
||||
filename = None
|
||||
logfile = None
|
||||
|
||||
cfg = None
|
||||
repo_cfg = None
|
||||
|
|
@ -2233,6 +2233,24 @@ def match_net_includes(profile, family, nettype):
|
|||
|
||||
return newincludes
|
||||
|
||||
def set_logfile(filename):
|
||||
''' set logfile to a) the specified filename or b) if not given, the first existing logfile from logprof.conf'''
|
||||
|
||||
global logfile
|
||||
|
||||
if filename:
|
||||
logfile = filename
|
||||
else:
|
||||
logfile = conf.find_first_file(cfg['settings']['logfiles']) or '/var/log/syslog'
|
||||
|
||||
if not os.path.exists(logfile):
|
||||
if filename:
|
||||
raise AppArmorException(_('The logfile %s does not exist. Please check the path') % logfile)
|
||||
else:
|
||||
raise AppArmorException('Can\'t find system log "%s".' % (logfile))
|
||||
elif os.path.isdir(logfile):
|
||||
raise AppArmorException(_('%s is a directory. Please specify a file as logfile') % logfile)
|
||||
|
||||
def do_logprof_pass(logmark='', passno=0, pid=pid):
|
||||
# set up variables for this pass
|
||||
# t = hasher()
|
||||
|
|
@ -2250,7 +2268,7 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
|
|||
# skip = hasher() # XXX global?
|
||||
# filelist = hasher()
|
||||
|
||||
aaui.UI_Info(_('Reading log entries from %s.') % filename)
|
||||
aaui.UI_Info(_('Reading log entries from %s.') % logfile)
|
||||
|
||||
if not passno:
|
||||
aaui.UI_Info(_('Updating AppArmor profiles in %s.') % profile_dir)
|
||||
|
|
@ -2264,7 +2282,8 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
|
|||
## repo_cfg = read_config('repository.conf')
|
||||
## if not repo_cfg['repository'].get('enabled', False) or repo_cfg['repository]['enabled'] not in ['yes', 'no']:
|
||||
## UI_ask_to_enable_repo()
|
||||
log_reader = apparmor.logparser.ReadLog(pid, filename, existing_profiles, profile_dir, log)
|
||||
|
||||
log_reader = apparmor.logparser.ReadLog(pid, logfile, existing_profiles, profile_dir, log)
|
||||
log = log_reader.read_log(logmark)
|
||||
#read_log(logmark)
|
||||
|
||||
|
|
@ -4572,10 +4591,6 @@ parser = conf.find_first_file(cfg['settings']['parser']) or '/sbin/apparmor_pars
|
|||
if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
|
||||
raise AppArmorException('Can\'t find apparmor_parser')
|
||||
|
||||
filename = conf.find_first_file(cfg['settings']['logfiles']) or '/var/log/syslog'
|
||||
if not os.path.isfile(filename):
|
||||
raise AppArmorException('Can\'t find system log "%s".' % (filename))
|
||||
|
||||
ldd = conf.find_first_file(cfg['settings']['ldd']) or '/usr/bin/ldd'
|
||||
if not os.path.isfile(ldd) or not os.access(ldd, os.EX_OK):
|
||||
raise AppArmorException('Can\'t find ldd')
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue