mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/aa-logprof
Christian Boltz c7949ba6c4
Read all profiles on aa-genprof startup instead of later 
... which can mean "too late" in some special cases (if a profile
already exists in /etc/apparmor.d/$non_default_filename).

However, the main reason is that without this change
- the new profile will be added to (otherwise empty) active_profiles
- the first do_logprof_pass() will read all profiles, including the new
  one, and add them to active_profiles - which unsurprisingly results in
  an error like `ERROR: Profile /usr/sbin/vsftpd exists in
  /etc/apparmor.d/usr.sbin.vsftpd and /etc/apparmor.d/usr.sbin.vsftpd`

To fix this,
- change do_logprof_pass to never call read_profiles() (and get rid of
  the 'passno' parameter)
- adjust its callers (aa-logprof and aa-genprof) to call read_profiles()
  themself
- move printing the 'Updating AppArmor profiles in $directory.' message
  to read_profiles(), but only display it if requested (to keep the
  current UI behaviour)
2020-05-05 23:56:55 +02:00

58 lines
2 KiB
Python
Executable file
Raw Blame History

#! /usr/bin/python3
# ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# ----------------------------------------------------------------------
import argparse
import os
import apparmor.aa as apparmor
import apparmor.ui as aaui
# setup exception handling
from apparmor.fail import enable_aa_exception_handler
enable_aa_exception_handler()
# setup module translations
from apparmor.translations import init_translation
_ = init_translation()
parser = argparse.ArgumentParser(description=_('Process log entries to generate profiles'))
parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
parser.add_argument('-f', '--file', type=str, help=_('path to logfile'))
parser.add_argument('-m', '--mark', type=str, help=_('mark in the log to start processing after'))
parser.add_argument('-j', '--json', action='store_true', help=_('Input and Output in JSON'))
args = parser.parse_args()
if args.json:
aaui.set_json_mode()
profiledir = args.dir
logmark = args.mark or ''
apparmor.init_aa()
apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
if not aa_mountpoint:
raise apparmor.AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))
if profiledir:
apparmor.profile_dir = apparmor.get_full_path(profiledir)
if not os.path.isdir(apparmor.profile_dir):
raise apparmor.AppArmorException("%s is not a directory."%profiledir)
apparmor.loadincludes()
apparmor.read_profiles(True)
apparmor.do_logprof_pass(logmark)
Reference in a new issue View git blame Copy permalink