#!/usr/bin/perl # # $Id$ # # ---------------------------------------------------------------------- # Copyright (c) 2005 Novell, Inc. All Rights Reserved. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, contact Novell, Inc. # # To contact Novell about this file by physical or electronic mail, # you may find current contact information at www.novell.com. # ---------------------------------------------------------------------- use strict; use FindBin; use Getopt::Long; use Immunix::SubDomain; use Data::Dumper; use Locale::gettext; use POSIX; # force $PATH to be sane $ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin"; # initialize the local poo setlocale(LC_MESSAGES, ""); textdomain("apparmor-utils"); $UI_Mode = "text"; # options variables my $help = ''; my $force = undef; GetOptions( 'force' => \$force, 'dir|d=s' => \$profiledir, 'help|h' => \$help, ); # tell 'em how to use it... &usage && exit if $help; my $sd_mountpoint = check_for_subdomain(); # let's convert it to full path... $profiledir = get_full_path($profiledir); unless (-d $profiledir) { UI_Important(sprintf(gettext('Can\'t find subdomain profiles in %s.'), $profiledir)); exit 1; } # what are we profiling? my @profiling = @ARGV; unless (@profiling) { @profiling = (UI_GetString(gettext("Please enter the program to create a profile for: "), "")); } for my $profiling (@profiling) { next unless $profiling; my $fqdbin; if (-e $profiling) { $fqdbin = get_full_path($profiling); chomp($fqdbin); } else { if ($profiling !~ /\//) { my $which = which($profiling); if ($which) { $fqdbin = get_full_path($which); } } } # make sure that the app they're requesting to profile is not marked as # not allowed to have it's own profile if ($qualifiers{$fqdbin}) { unless ($qualifiers{$fqdbin} =~ /p/) { UI_Info(sprintf(gettext('%s is currently marked as a program that should not have it\'s own profile. Usually, programs are marked this way if creating a profile for them is likely to break the rest of the system. If you know what you\'re doing and are certain you want to create a profile for this program, edit the corresponding entry in the [qualifiers] section in /etc/apparmor/logprof.conf.'), $fqdbin)); exit 1; } } if (-e $fqdbin) { if (-e getprofilefilename($fqdbin) && !$force) { UI_Info(sprintf(gettext('Profile for %s already exists - skipping.'), $fqdbin)); } else { autodep($fqdbin); reload($fqdbin) if $sd_mountpoint; } } else { if ($profiling =~ /^[^\/]+$/) { UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling)); exit 1; } else { UI_Info(sprintf(gettext('%s does not exist, please double-check the path.') . $profiling)); exit 1; } } } exit 0; sub usage { UI_Info("usage: $0 [ --force ] [ -d /path/to/profiles ]"); exit 0; }