Merge Catch PermissionError when trying to write a profile

... and re-raise it as AppArmorException so that only the actual error
(without a backtrace) gets displayed.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/282

I propose this patch for 3.0..master.

Closes #282
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/946
Approved-by: Jon Tourville <jon.tourville@canonical.com>
Merged-by: Christian Boltz <apparmor@cboltz.de>


(cherry picked from commit 50074a3c01)

d0ec2aca Catch PermissionError when trying to write a profile

utils/apparmor/aa.py

@@ -2277,14 +2277,18 @@ def write_profile(profile, is_attachment=False):
 
     serialize_options = {'METADATA': True, 'is_attachment': is_attachment}
     profile_string = serialize_profile(split_to_merged(aa), profile, serialize_options)
-    with NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) as newprof:
+    try:
-        if os.path.exists(prof_filename):
+        with NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) as newprof:
-            shutil.copymode(prof_filename, newprof.name)
+            if os.path.exists(prof_filename):
-        else:
+                shutil.copymode(prof_filename, newprof.name)
-            # permission_600 = stat.S_IRUSR | stat.S_IWUSR    # Owner read and write
+            else:
-            # os.chmod(newprof.name, permission_600)
+                # permission_600 = stat.S_IRUSR | stat.S_IWUSR    # Owner read and write
-            pass
+                # os.chmod(newprof.name, permission_600)
-        newprof.write(profile_string)
+                pass
+            newprof.write(profile_string)
+    except PermissionError as e:
+        raise AppArmorException(e)
+
     os.rename(newprof.name, prof_filename)
 
     if profile in changed: