Current libapparmor python bindings are very "unpythonic". Also lack
ability to access "why" information in case of failure.
In python when something fail the normal behaviour is exception
to occur. In case of apparmor functions die silently and require
user to verify returned value.
And here comes second problem. In C api when return value is -1
(and the same value is returned in python API) we can access errno
to get information why this occured. Unfortunately in python there
is no way to access the same information. Pythonic way of accessing
errno is via exception (which is never raised in python bindings
currently).
So the patch adds exceptions on failures. First %exception creates
a wrapper that swig adds to each function listed below. Empty %exception
causes that the rest of code (beside listed functions) won't be wrapped.
How this works? Example on apparmor disabled system:
Before:
>>> LibAppArmor.aa_change_hat(hat, random.randint(1, sys.maxint))
-1
After:
>>> LibAppArmor.aa_change_hat(hat, random.randint(1, sys.maxint))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 22] Invalid argument
so pythonic way of accessing "why":
>>> try:
... LibAppArmor.aa_change_hat(hat, random.randint(1, sys.maxint))
... except OSError, e:
... print e.errno
...
22
Signed-off-by: Arkadiusz Miśkiewicz <arekm@maven.pl>
Acked-by: Steve Beattie <steve@nxnw.org>
D-Bus rules in particular seem to get written as multi-line rules. This
patch adds very simple hackish support for multiple lines. Essentially,
what it does is if the parsing of a line doesn't match anything and
falls all the way through, it saves the line and prepends it to the next
line that occurs in the profile, but *only* if the line does not have a
trailing comma to indicate the end of a rule. If the trailing comma
exists, then it assumes that it's a rule that it doesn't understand and
aborts.
With this patch, the simpler tools (aa-enforce, aa-complain, etc.) can
parse policies containing multi-line rules to an extent and continue to
function correctly. Again, aa-logprof and aa-genprof may have issues on
the writing back of profiles, so some assistance testing here would be
appreciated.
Some testcases are added to exercise the regex that looks for a rule
with a trailing comma but can still handle rules that have (,) or {,}
in them.
Patch history:
v1 - initial version
v2 - simplify and rearrange rule-ending comma search regex, since
we only care about the trailing comma
- add a new regex to search for trailing comments to filter out
- simplify reset of lastline variable
- restructure tests into a new script, and add more tests
v3 - add additional testcases, most of which are problematic and thus
commented out :(
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch adds very limited support for very dumb parsing of dbus
rules. Basically, it stores dbus rules as raw strings wrapped in
a class.
There's class structure to indicate how I'd like to see fuller future
support for dbus rules to be implemented and act as a guidepost for
how to handle most rules, moving away from the giant structure of
nested dictionaries. A stub test script is included as well, with a
modification to the make check target to set the PYTHONPATH to point
in the right place.
With this patch, aa-audit, aa-autodep, aa-complain, aa-disable,
and aa-enforce all function for me. aa-logprof and aa-genprof have
functionality issues for me at the moment (one of them dumps a
backtrace even without this patch), and I'm not sure the writing out
of dbus rules is completely implemented for modified profiles.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch splits out the genprof tool functionality into a separate
command function, merging with the use_autodep function that already
existed.
Patch history:
v1 - initial revision
v2 - mark strings for translation and modify message when a profile
name is passed to aa-autodep, rather than a program name/path.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch moves the audit functionality to an audit specific command
function.
As an aside, the -r option is left in place here, because aa-audit
is a bit orthogonal to aa-enforce, aa-complain, and aa-disable.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch creates a separate tool.cmd_complain function, as well as
removes the -r remove option, to match aa-enforce and aa-disable.
It also cleans up some bits in aa-enforce now that aa-complain and
aa-enforce have been separated.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch splits out the aa-enforce functionality into a separate
method in the aa_tools class. It also removes one last reference to
the no-longer-existent -r option in the aa-enforce manpage.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch modifies the aa-disable tool implementation to allow it to
take a profile name (rather than a program name) as the argument(s)
for what to disable, as this was supported behavior in the perl
tools. (The rest of the commands that make use of the aa_tools.act()
method have not been exercised with this patch in place, as further
patches will separate those out.)
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch removes a debugging print statement accidentally left in,
as well as a duplicated initialization to a variable, and moves the
variable init closer to the declaration that the variable is a global.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
It's not useful to report the location of the temporary directory for
each test if you're going to immediately delete it.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
aa-genprof was incorrectly trying to refer to UI_xxx functions in
apparmor.aa rather than the correct apparmor.ui. This patch fixes the
issue.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The relative directory tests in test-aa-easyprof.py were failing when
TMPDIR pointed to a directory that was a symlink, because the generated
tmpdir path was not the same as the realpath that easyprof resolved to.
This patch sets the tmpdir to the realpath of the result of the
tempfile.mkdtemp() to avoid the issue.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The magic token used in the test suite is incorrectly stored
as an int rather than unsigned long leading to failure like this:
running changehat_misc
/tmp/testlibCTcwOe/source/trusty/apparmor-2.8.95~2411/tests/regression/apparmor/prologue.inc: line 176: 20184
Killed $testexec "$@" > $outfile 2>&1
Error: changehat_twice failed. Test 'CHANGEHAT (subprofile->subprofile)' was expected to 'pass'. Reason for
failure 'killed by signal 9'
Signed-off-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
Delete uservars.out (Message-ID: <20140303235422.GD4112@nxnw.org>)
Add uservars.inc.{system,source} to support USE_SYSTEM variable
(John ack'd the USE_SYSTEM variable bit)
Signed-of-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This patch removes the '--remove' option on aa-enforce as well as from
the man page. It also removes the test entry that contains it, but I
don't think this is entirely correct because I think the second half
of the test is dependent on the (now deleted) first half of the test.
(It also removes a missed reference to --revert in the aa-disable man
page.)
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch removes the non-funcional -r option for aa-disable, as
well as the test and manpage documentation for it.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The test-aa-easyprof.py script has '/bin/ls' hardcoded as a path;
however, on systems that have undergone UsrMove, this is a symlink to
/usr/bin/ls. This patch fixes the issue by getting the realpath of
/bin/ls and storing it as an instance field.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor/tools.py:act() method into a separate cmd_disable()
method. The intent is to unwind the logic in act() into smaller, more
digestible chunks, while sharing commonality via helper functions
(e.g. the added get_next_to_profile() function).
A secondary driver of this change is that the tools fail when used
against the trunk profiles, due to act() forcing all the profiles to
be read and the tools not understanding the recently added dbus rules
(they were intentionally ignored as part of scoping the rewrite).
Unfortunately, this is not a solution for aa-enforce, aa-complain, etc.
as they are expected to know enough about profiles to understand and
update profile flags.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
In the course of developing apparmor dbus mediation, the aa_query_label
symbol was added to libapparmor on trunk, and given the symbol version
(via libapparmor.map) of APPARMOR_3.0. As apparmor upstream, we have
not made a release where this would have been exported.
Unfortunately, in Ubuntu, a version was released in 13.10 that included
the aa_query_label() symbol with a version of APPARMOR_1.1. This
can cause a breakage on that platform with the incorporation of the
impending apparmor 2.9 release.
This patch provides both versions (APPARMOR_1.1 and APPARMOR_2.9)
of the aa_query_label() symbol. It requires the function name in
kernel_interface.c to be renamed (similar to how the deprecated
change_hat() symbol is named in the source as __change_hat()),
otherwise linking fails with duplicated symbols. The default symbol
used will still be the APPARMOR_2.9 version, but binaries linked with
the APPARMOR_1.1 version would still continue to work unchanged.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
It prints a data structure in an easily readable output and is quite
useful for debugging. However, I don't recommend to call it in
production code ;-)
Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>
Update path to tools in minitools_test.py
Fix assert values in config_test.py
Signed-off: Kshitij Gupta <kgupta8592@gmail.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
packaging systems that do a make clean while trying to represent
changes.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
AttributeError: 'module' object has no attribute 'UI_Info'
AttributeError: 'module' object has no attribute 'open_file_read'
AttributeError: 'module' object has no attribute 'check_for_apparmor'
Signed-off-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
and its derivatives
Bug-Ubuntu: https://launchpad.net/bugs/1285653
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
profile files with only tunables/global, but no profile. This patch
makes sure that the profile itsself is also written to the profile file.
Without the added line, filelist[prof_filename]['profiles'].keys()) in
serialize_profile was empty, which means the loop that writes the
profile was never executed.
Acked-by: Steve Beattie <steve@nxnw.org>
This commit adjusts the trunk libtool versions in accordance
with the outlined rules. It also adds clarifying text to the
documentation comment to explain how to use the rules and what the
resulting outcome is. Finally, it removes a bogus argument to linker
to forcibly set the SONAME in the library, as libtool will do this
automatically (and override the passed argument).
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This patch fixes up the parser command invocation via
apparmor/common.py:cmd(), as it handles stdout/stderr redirection,
and the redirection that was being attempted were being handed as
arguments to the parser.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Let "(F)inish" ask the user if he wants to save the changed profiles
before exiting, instead of aborting without saving (we already have
Abo(r)t for that ;-)
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
- add some debug logging in valid_path()
- fix a py2 incompability in DebugLogger.__init__ (OSError vs. IOError)
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
- use the (new) "parts" variable for the line.split result to make the
code less confusing
- change the line.startswith to check for "REPOSITORY:" (note the
added ":") like it was in the code before my previous patch.
- make the check for "NEVERSUBMIT" more exact
- print a warning on invalid REPOSITORY: lines and make sure to keep
them as unmodified line (it might just be a "normal" comment someone
added manually)
Acked-by: Kshitij Gupta <kgupta8592@gmail.com> (on IRC)
This patch
- preserves the complete initial comment
- makes sure whitespace inside the comment is kept (except leading
whitespace - line.trim() is still applied).
- no longer removes the "# vim:syntax" line
Note: I didn't test if handling the "REPOSITORY" line still works (in
theory it should), but without a working repo, I don't care too much ;-)
Acked-by: Steve Beattie <steve@nxnw.org>
The parser currently indicates that it exited successfully if invalid
arguments are passed to it, which makes it difficult to detect when
other tools are calling it incorrectly. This patch causes it to return
'1' indicating a failure.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
This is an updated version of the previous dnsmasq profile patch, again
from develop7 [at] develop7.info
Acked-by: John Johansen <john.johansen@canonical.com>
