require logfile only for aa-logprof and aa-genprof

Make sure most tools (for example aa-complain) don't error out if no logfile can be found. (For obvious reasons, aa-logprof and aa-genprof will still require a logfile ;-) This is done by moving code from the global area in aa.py to the new function set_logfile(), which is called by aa-logprof and aa-genprof. While on it, - rename apparmor.filename to apparmor.logfile - move the error handling for user-specified logfile from aa-genprof and aa-logprof to aa.py set_logfile() Note: I'd have prefered to hand over the logfile as parameter to do_logprof_pass(), but that would break last_audit_entry_time() in aa-genprof which requires the log filename before do_logprof_pass() is called. References: https://bugs.launchpad.net/apparmor/+bug/1423702 Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-03-04 08:24:42 +01:00 · 2015-02-20 21:36:55 +01:00 · 2015-02-20 21:36:55 +01:00 · 064697e791
commit 064697e791
parent 4ec29a7e29
3 changed files with 25 additions and 26 deletions
--- a/utils/aa-genprof
+++ b/utils/aa-genprof
@ -41,7 +41,7 @@ def sysctl_write(path, value):
        f_out.write(str(value))
 def last_audit_entry_time():
-    out = subprocess.check_output(['tail', '-1', apparmor.filename])
+    out = subprocess.check_output(['tail', '-1', apparmor.logfile])
    logmark = None
    out = out.decode('ascii')
    if re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out):
@ -61,16 +61,8 @@ args = parser.parse_args()
 profiling = args.program
 profiledir = args.dir
 filename = args.file
-
+apparmor.set_logfile(args.file)
 if filename:
    if not os.path.exists(filename):
        raise apparmor.AppArmorException(_('The logfile %s does not exist. Please check the path') % filename)
    elif os.path.isdir(filename):
        raise apparmor.AppArmorException(_('%s is a directory. Please specify a file as logfile') % filename)
    else:
        apparmor.filename = filename
 aa_mountpoint = apparmor.check_for_apparmor()
 if not aa_mountpoint:
--- a/utils/aa-logprof
+++ b/utils/aa-logprof
@ -28,17 +28,9 @@ parser.add_argument('-m', '--mark', type=str, help=_('mark in the log to start p
 args = parser.parse_args()
 profiledir = args.dir
 filename = args.file
 logmark = args.mark or ''
-
+apparmor.set_logfile(args.file)
 if filename:
    if not os.path.exists(filename):
        raise apparmor.AppArmorException(_('The logfile %s does not exist. Please check the path') % filename)
    elif os.path.isdir(filename):
        raise apparmor.AppArmorException(_('%s is a directory. Please specify a file as logfile') % filename)
    else:
        apparmor.filename = filename
 aa_mountpoint = apparmor.check_for_apparmor()
 if not aa_mountpoint:
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -72,7 +72,7 @@ unimplemented_warning = False
 sev_db = None
 # The file to read log messages from
 ### Was our
-filename = None
+logfile = None
 cfg = None
 repo_cfg = None
@ -2233,6 +2233,24 @@ def match_net_includes(profile, family, nettype):
    return newincludes
 def set_logfile(filename):
    ''' set logfile to a) the specified filename or b) if not given, the first existing logfile from logprof.conf'''
    global logfile
    if filename:
        logfile = filename
    else:
        logfile = conf.find_first_file(cfg['settings']['logfiles']) or '/var/log/syslog'
    if not os.path.exists(logfile):
        if filename:
            raise AppArmorException(_('The logfile %s does not exist. Please check the path') % logfile)
        else:
            raise AppArmorException('Can\'t find system log "%s".' % (logfile))
    elif os.path.isdir(logfile):
        raise AppArmorException(_('%s is a directory. Please specify a file as logfile') % logfile)
 def do_logprof_pass(logmark='', passno=0, pid=pid):
    # set up variables for this pass
 #    t = hasher()
@ -2250,7 +2268,7 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
 #    skip = hasher()  # XXX global?
 #    filelist = hasher()
-    aaui.UI_Info(_('Reading log entries from %s.') % filename)
+    aaui.UI_Info(_('Reading log entries from %s.') % logfile)
    if not passno:
        aaui.UI_Info(_('Updating AppArmor profiles in %s.') % profile_dir)
@ -2264,7 +2282,8 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
    ##    repo_cfg = read_config('repository.conf')
    ##    if not repo_cfg['repository'].get('enabled', False) or repo_cfg['repository]['enabled'] not in ['yes', 'no']:
    ##    UI_ask_to_enable_repo()
-    log_reader = apparmor.logparser.ReadLog(pid, filename, existing_profiles, profile_dir, log)
+
    log_reader = apparmor.logparser.ReadLog(pid, logfile, existing_profiles, profile_dir, log)
    log = log_reader.read_log(logmark)
    #read_log(logmark)
@ -4572,10 +4591,6 @@ parser = conf.find_first_file(cfg['settings']['parser']) or '/sbin/apparmor_pars
 if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
    raise AppArmorException('Can\'t find apparmor_parser')
 filename = conf.find_first_file(cfg['settings']['logfiles']) or '/var/log/syslog'
 if not os.path.isfile(filename):
    raise AppArmorException('Can\'t find system log "%s".' % (filename))
 ldd = conf.find_first_file(cfg['settings']['ldd']) or '/usr/bin/ldd'
 if not os.path.isfile(ldd) or not os.access(ldd, os.EX_OK):
    raise AppArmorException('Can\'t find ldd')