From dfe9d713f00a716882398c303dfbc04a3c5c49e5 Mon Sep 17 00:00:00 2001 From: Sergey Alirzaev Date: Fri, 14 Feb 2025 17:31:54 +0100 Subject: [PATCH] aa-logprof/aa-genprof: allow ignoring executions fixes https://gitlab.com/apparmor/apparmor/-/issues/302 --- utils/apparmor/aa.py | 6 ++++-- utils/apparmor/ui.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index d3c50d061..2bce0c9e0 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -641,7 +641,7 @@ def build_x_functions(default, options, exec_toggle): if fallback_toggle: ret_list.append('CMD_EXEC_IX_ON') - ret_list.extend(('CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED')) + ret_list.extend(('CMD_DENY', 'CMD_ABORT', 'CMD_IGNORE_ENTRY', 'CMD_FINISHED')) return ret_list @@ -808,7 +808,7 @@ def ask_exec(hashlog, default_ans=''): # ask user about the exec mode to use ans = '' - while ans not in ('CMD_ix', 'CMD_px', 'CMD_cx', 'CMD_nx', 'CMD_pix', 'CMD_cix', 'CMD_nix', 'CMD_ux', 'CMD_DENY'): # add '(I)gnore'? (hotkey conflict with '(i)x'!) + while ans not in ('CMD_ix', 'CMD_px', 'CMD_cx', 'CMD_nx', 'CMD_pix', 'CMD_cix', 'CMD_nix', 'CMD_ux', 'CMD_DENY', 'CMD_IGNORE_ENTRY'): if default_ans: ans = default_ans else: @@ -891,6 +891,8 @@ def ask_exec(hashlog, default_ans=''): else: ans = 'INVALID' + if ans == 'CMD_IGNORE_ENTRY': + continue if exec_mode and 'i' in exec_mode: # For inherit we need mr file_perm = 'mr' diff --git a/utils/apparmor/ui.py b/utils/apparmor/ui.py index bd128c904..30f6b09a4 100644 --- a/utils/apparmor/ui.py +++ b/utils/apparmor/ui.py @@ -330,7 +330,7 @@ CMDS = {'CMD_ALLOW': _('(A)llow'), 'CMD_DENY': _('(D)eny'), 'CMD_ABORT': _('Abo(r)t'), 'CMD_FINISHED': _('(F)inish'), - 'CMD_ix': _('(I)nherit'), + 'CMD_ix': _('In(h)erit'), 'CMD_px': _('(P)rofile'), 'CMD_px_safe': _('(P)rofile Clean Exec'), 'CMD_cx': _('(C)hild'),