diff --git a/utils/aa-unconfined b/utils/aa-unconfined index 48915b8ce..0e4c963a2 100755 --- a/utils/aa-unconfined +++ b/utils/aa-unconfined @@ -31,6 +31,7 @@ _ = init_translation() # setup module translations parser = argparse.ArgumentParser(description=_("Lists unconfined processes having tcp or udp ports")) parser.add_argument("--paranoid", action="store_true", help=_("scan all processes")) parser.add_argument("--show", default=None, type=str, help=_("all | network | server | client")) +parser.add_argument("--short", action="store_true", help=_("only display processes that are unconfined")) parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS) bin_group = parser.add_mutually_exclusive_group() bin_group.add_argument("--with-ss", action='store_true', help=_("use ss(8) to find listening processes (default)")) @@ -126,7 +127,7 @@ def read_proc_current(filename): with open_file_read(filename) as current: for line in current: line = line.strip() - if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1) or line.endswith(' (user)', 1): # enforce at least one char as profile name + if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1) or line.endswith(' (user)', 1) or line.endswith(' (mixed)', 1): # enforce at least one char as profile name # intentionally not checking for '(unconfined)', because $binary confined by $profile (unconfined) would look very confusing attr = line except OSError: @@ -189,7 +190,7 @@ for pid in sorted(map(int, pids)): if pname and pname[-1] == ')': pname = ' ' + pname ui.UI_Info(_("%(pid)s %(program)s%(pname)s not confined") % {'pid': pid, 'program': prog, 'pname': pname}) - else: + elif not args.short: if regex_interpreter.search(prog): cmdline = re.sub(r"\0", " ", cmdline) cmdline = re.sub(r"\s+$", "", cmdline).strip()