aa-genprof: ask about profiles in extra dir (again)

Thanks to reading the wrong directory in read_inactive_profiles() (profile_dir instead of extra_profile_dir), aa-genprof never asked about using a profile from the extra_profile_dir. Sounds like an easy fix, right? ;-) After fixing this (last chunk), several other errors popped up, one after the other: - get_profile() missed a required parameter in a serialize_profile() call - when saving the profile, it was written to extra_profile_dir, not to profile_dir where it (as a now-active profile) should be. This is fixed by removing the filename from existing_profiles{} so that it can pick up the default name. - CMD_FINISHED (when asking if the extra profile should be used or a new one) behaved exactly like CMD_CREATE_PROFILE, but this is surprising for the user. Remove it to avoid confusion. - displaying the extra profile was only implemented in YaST mode - get_pager() returned None, not an actual pager. Since we have 'less' hardcoded at several places, also return it in get_pager() Finally, also remove CMD_FINISHED from the get_profile() test in test-translations.py. (test-translations.py is only in trunk, therefore this part of the patch is obviously trunk-only.) Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk Acked-by: John Johansen <john.johansen@canonical.com> for trunk + a 50% ACK for 2.10 and 2.9 Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for trunk, 2.10 and 2.9
2025-03-05 17:01:00 +01:00 · 2016-06-01 21:06:25 +02:00 · 2016-06-01 21:06:25 +02:00 · 28d5c335af
commit 28d5c335af
parent 8ea1054f50
1 changed files with 13 additions and 13 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -557,8 +557,11 @@ def get_profile(prof_name):
        inactive_profile[prof_name][prof_name].pop('filename')
        profile_hash[uname]['username'] = uname
        profile_hash[uname]['profile_type'] = 'INACTIVE_LOCAL'
-        profile_hash[uname]['profile'] = serialize_profile(inactive_profile[prof_name], prof_name)
+        profile_hash[uname]['profile'] = serialize_profile(inactive_profile[prof_name], prof_name, None)
        profile_hash[uname]['profile_data'] = inactive_profile
+
+        existing_profiles.pop(prof_name)  # remove profile filename from list to force storing in /etc/apparmor.d/ instead of extra_profile_dir
+
    # If no profiles in repo and no inactive profiles
    if not profile_hash.keys():
        return None
@ -579,18 +582,13 @@ def get_profile(prof_name):

    q = aaui.PromptQuestion()
    q.headers = ['Profile', prof_name]
-    q.functions = ['CMD_VIEW_PROFILE', 'CMD_USE_PROFILE', 'CMD_CREATE_PROFILE',
-                      'CMD_ABORT', 'CMD_FINISHED']
+    q.functions = ['CMD_VIEW_PROFILE', 'CMD_USE_PROFILE', 'CMD_CREATE_PROFILE', 'CMD_ABORT']
    q.default = "CMD_VIEW_PROFILE"
    q.options = options
    q.selected = 0

    ans = ''
    while 'CMD_USE_PROFILE' not in ans and 'CMD_CREATE_PROFILE' not in ans:
-        if ans == 'CMD_FINISHED':
-            save_profiles()
-            return
-
        ans, arg = q.promptUser()
        p = profile_hash[options[arg]]
        q.selected = options.index(options[arg])
@ -602,12 +600,13 @@ def get_profile(prof_name):
                                'profile_type': p['profile_type']
                                })
                ypath, yarg = GetDataFromYast()
-            #else:
-            #    pager = get_pager()
-            #    proc = subprocess.Popen(pager, stdin=subprocess.PIPE)
+            else:
+                pager = get_pager()
+                proc = subprocess.Popen(pager, stdin=subprocess.PIPE)
            #    proc.communicate('Profile submitted by %s:\n\n%s\n\n' %
            #                     (options[arg], p['profile']))
-            #    proc.kill()
+                proc.communicate(p['profile'].encode())
+                proc.kill()
        elif ans == 'CMD_USE_PROFILE':
            if p['profile_type'] == 'INACTIVE_LOCAL':
                profile_data = p['profile_data']
@ -658,6 +657,7 @@ def autodep(bin_name, pname=''):
    if not profile_data:
        profile_data = create_new_profile(pname)
    file = get_profile_filename(pname)
+    profile_data[pname][pname]['filename'] = None  # will be stored in /etc/apparmor.d when saving, so it shouldn't carry the extra_profile_dir filename
    attach_profile_data(aa, profile_data)
    attach_profile_data(original_aa, profile_data)
    if os.path.isfile(profile_dir + '/tunables/global'):
@ -2309,7 +2309,7 @@ def save_profiles():
                reload_base(profile_name)

 def get_pager():
-    pass
+    return 'less'

 def generate_diff(oldprofile, newprofile):
    oldtemp = tempfile.NamedTemporaryFile('w')
@ -2508,7 +2508,7 @@ def read_inactive_profiles():
    except:
        fatal_error(_("Can't read AppArmor profiles in %s") % extra_profile_dir)

-    for file in os.listdir(profile_dir):
+    for file in os.listdir(extra_profile_dir):
        if os.path.isfile(extra_profile_dir + '/' + file):
            if is_skippable_file(file):
                continue