This patch improves the information reported by then apparmor_status
script. It gives more detailed information about loaded profiles and
their mode, running processes and profiles applied to them.
(I slightly modified the code to refer to the term unconfined instead of
unstrained as well fixing some minor formatting issues.)
- use ENV{PAGER}
- chmod use changes to prevent races writing config files
- add preferred user (NOVELL) as config option in logprof.conf and sort
profiles from repo so that preferred user is the default and first in
the list
Move the autodep(8), complain(8), enforce(8), logprof(8), genprof(8),
unconfined(8), logprof.conf(5), and apparmor_status(8) manpages, along
with their aa- form symlinks, to the utils package.
extra perl warnings about using an uninitialized value in a pattern
match when the user uses the arrow keys to move up and down in the option
list when asking how to handle path access rules. This makes sure the
variables used in m// operations are always defined.
which sets of files they ignore (rpm backups, dotfiles, and emacs
backups). It moves the tests into a common function so that
modifications only need to occur in one location.
are currently running while logprof/genprof is used being left in the
null-complain profile instead of being moved to the profile the user
has just specified.
the profiles are updated correctly though, so if the application is
stopped and restarted, it will be confined by the appropriate profile.
utils package and manually fixed some places where perltidy's
reformatting made it harder to read. the options used were--
-i=4 # 4-space indentation
-l=0 # unlimited line length (for now)
-pt=2 # slightly tightened parens
-ce # cuddled elses
-nolq # don't outdent long quotes
-nsfs # don't add spaces in front of semi-colons in for ( ) statements
-isbc # only indent block comments that have whitespace in front of them
-otr # don't place a break between a comma and an opening brace
the code will be refactored to make it possible to switch to using
80-column line-breaks without resorting to really nasty formatting
constructs.
(TimeDate) package for parsing dates and fall back to using Date::Manip
if Date::Parse isn't available -- Date::Manip is more commonly available,
but is written solely in perl and is more general-purpose and heavyweight
than Date::Parse.
The DateTime package (datetime.perl.org) doesn't suffice as it it
either uses Date::Manip internally and DateTime::Format::Strptime also
isn't commonly available. Given that our regex for identifying dates
in syslog is pretty static; POSIX::strptime (implementing strptime(3))
functionality would probably be the best way to go -- except that perl's
POSIX doesn't include strptime and POSIX::strptime is another not commonly
available package. Sigh.
the apparmor defined event numbers. genprof, logprof, and aa-eventd
should all still function correctly even when the audit daemon is not
configured correctly. This commit addresses that as well as adding the
needed dependency on perl-gettext.
automatically added to the set of languages to be built and installed
unless they are explicitly added to the set of disabled translations.
This eliminates the need to manually add a lang to the Makefile when a
new translation is submitted (svn add will still be necessary).
