#! /usr/bin/python3 # ---------------------------------------------------------------------- # Copyright (C) 2013 Kshitij Gupta # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # ---------------------------------------------------------------------- import argparse import apparmor.aa as apparmor import apparmor.ui as aaui from apparmor.common import AppArmorException from apparmor.fail import enable_aa_exception_handler from apparmor.translations import init_translation enable_aa_exception_handler() # setup exception handling _ = init_translation() # setup module translations parser = argparse.ArgumentParser(description=_('Process log entries to generate profiles')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) parser.add_argument('-f', '--file', type=str, help=_('path to logfile')) parser.add_argument('-m', '--mark', type=str, help=_('mark in the log to start processing after')) parser.add_argument('-j', '--json', action='store_true', help=_('Input and Output in JSON')) parser.add_argument('-a', '--allow-all', action='store_true', help=_('Accept silently all rules')) parser.add_argument('--no-abstraction', action='store_true', help=_('Do not use any abstractions in profiles')) parser.add_argument('-o', '--output-dir', type=str, help=_('Output Directory for profiles')) parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS) parser.add_argument('--no-check-mountpoint', action='store_true', help=argparse.SUPPRESS) args = parser.parse_args() logmark = args.mark or '' apparmor.init_aa(confdir=args.configdir, profiledir=args.dir) if args.json: aaui.set_json_mode(apparmor.cfg) if args.allow_all: aaui.set_allow_all_mode() if args.no_abstraction: apparmor.disable_abstractions() if args.output_dir: apparmor.check_output_dir(args.output_dir) apparmor.set_logfile(args.file) aa_mountpoint = apparmor.check_for_apparmor() if not aa_mountpoint and not args.no_check_mountpoint: raise AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.')) apparmor.loadincludes() apparmor.read_profiles(True) apparmor.do_logprof_pass(logmark, out_dir=args.output_dir)