apparmor.vim: allow leading whitespace for alias rules
See merge request apparmor/apparmor!527
Acked-by: Steve Beattie <steve.beattie@canonical.com> for 2.11..master
The TODO in write_rules() was long solved - remove the safety net type
check, it's no longer needed.
Without this, the function becomes a simple .get_rules_clean() call
which can easily be inlined into write_piece() at the two places where
it's called.
Replace usage of filelist\[file_name\]\['profiles'\] with the `active_profiles` ProfileList which already has the same data.
Add `profiles_in_file()` to ProfileList as a nice interface to get the list of profiles in a file.
For more details, check the individual commits.
PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/523
Avked-by: John Johansen <john.johansen>
... but not for abi rules, which (according to the simple_tests
profiles) do not share these bugs)
For unquoted paths, make sure that the path doesn't include whitespace.
Make the error and warning message tests a first class test script; in
gitlab CI, failures would not necessarily result in output being
captured.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522
Don't commingle stderr and stdout by default, and provide a
function that provides the exit value, stderr, and stdout as a
tuple. Also, expect UTF-8 output by default from the commands (with
universal_newlines), rather than bytes.
(Nifty commands like subprocess.run() weren't added to python until
python 3.5.)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522
... because after the previous three commits, nothing reads/needs this
anymore
Note: file_name in ask_exec() was only used in the (dropped) filelist
usage.
Instead of checking filelist[file]['profiles'] for duplicate hats, check
profile_data[profile][hat].
With this, the duplicate hat check is done in the same way as the check
for duplicate profiles and child profiles.
Also add tests for duplicate child profiles and duplicate hats.
Using a list as parameter for subprocess.call is more secure, and avoids
funny problems if the filename to display contains spaces or other funny
characters.
Fix signed/unsigned comparison warnings, and silence unused parameter
warnings due to the "cleverness" of the function pointer array and
wanting to print out the command as invoked in the usage statement.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
https://gitlab.com/apparmor/apparmor/-/merge_requests/517
Separate out the aa-status json version info out from being a magic
element embedded in a string in the middle of the json emitter, and move
it to an early location, along with a comment to edit it whenthe format
changes.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
https://gitlab.com/apparmor/apparmor/-/merge_requests/517
Fix showing the local inactive profile in json mode
See merge request apparmor/apparmor!514
Acked-by: John Johansen <john.johansen@canonical.com> for 2.11..master
When aa-genprof proposes a local inactive profile, it had a hardcoded
call to 'less' to display that profile.
Unsurprisingly, this doesn't work in JSON mode and breaks YaST (luckily
it's only a case of "the button doesn't work").
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1171315
