Merge Catch PermissionError when trying to write a profile

... and re-raise it as AppArmorException so that only the actual error (without a backtrace) gets displayed. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/282 I propose this patch for 3.0..master. Closes #282 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/946 Approved-by: Jon Tourville <jon.tourville@canonical.com> Merged-by: Christian Boltz <apparmor@cboltz.de> (cherry picked from commit 50074a3c01) d0ec2aca Catch PermissionError when trying to write a profile
2025-03-06 17:31:01 +01:00 · 2022-11-15 20:45:59 +00:00 · 2022-11-15 20:45:59 +00:00 · 9d826aae65
commit 9d826aae65
parent 465c861b02
1 changed files with 12 additions and 8 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -2277,14 +2277,18 @@ def write_profile(profile, is_attachment=False):

    serialize_options = {'METADATA': True, 'is_attachment': is_attachment}
    profile_string = serialize_profile(split_to_merged(aa), profile, serialize_options)
-    with NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) as newprof:
-        if os.path.exists(prof_filename):
-            shutil.copymode(prof_filename, newprof.name)
-        else:
-            # permission_600 = stat.S_IRUSR | stat.S_IWUSR    # Owner read and write
-            # os.chmod(newprof.name, permission_600)
-            pass
-        newprof.write(profile_string)
+    try:
+        with NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) as newprof:
+            if os.path.exists(prof_filename):
+                shutil.copymode(prof_filename, newprof.name)
+            else:
+                # permission_600 = stat.S_IRUSR | stat.S_IWUSR    # Owner read and write
+                # os.chmod(newprof.name, permission_600)
+                pass
+            newprof.write(profile_string)
+    except PermissionError as e:
+        raise AppArmorException(e)
+
    os.rename(newprof.name, prof_filename)

    if profile in changed: