apparmor/utils/easyprof
Jamie Strandboge 1db463f4de This patchset is broken into 4 parts:
* the application, library, documentation and installation script
* the initial templates and policy groups. This will undoubtedly need
  refinement as we get feedback from users. Initial policy is based on Ubuntu's
  Application Review Board (ARB) requirements[2].
* tests for the library
* Makefile integration

Templates are stored in /usr/share/apparmor/easyprof/templates and policy
groups in /usr/share/apparmor/easyprof/policygroups. This can be adjusted via
/etc/apparmor/easyprof.conf.

The aa-easyprof.pod has complete documentation on usage with some
additional information in utils/easyprof/README (mostly duplicated
here).

Testing can be performed in a number of ways:
$ cd utils ; make check # runs unit tests and pyflakes

Unit tests manually:
$ ./test/test-aa-easyprof.py

In source manual testing:
$ ./aa-easyprof --templates-dir=./easyprof/templates \
                --policy-groups-dir=./easyprof/policygroups \
                ... \
                /opt/foo/bin/foo

Post-install manual testing:
$ make DESTDIR=/tmp/test PERLDIR=/tmp/test/usr/share/perl5/Immunix install
$ cd /tmp/test
$ PYTHONPATH=/tmp/test/usr/local/.../dist-packages ./usr/bin/aa-easyprof \
    --templates-dir=/tmp/test/usr/share/apparmor/easyprof/templates \
    --policy-groups-dir=/tmp/test/usr/share/apparmor/easyprof/policygroups \
    /opt/bin/foo

(you may also adjust /tmp/test/etc/apparmor/easyprof.conf to avoid
specifying --templates-dir and --policy-groups-dir).

Committing this now based on conversation with John and Steve.

Acked-By: Jamie Strandboge <jamie@canonical.com>
2012-05-07 22:37:48 -07:00
..
policygroups This patchset is broken into 4 parts: 2012-05-07 22:37:48 -07:00
templates This patchset is broken into 4 parts: 2012-05-07 22:37:48 -07:00
easyprof.conf This patchset is broken into 4 parts: 2012-05-07 22:37:48 -07:00
README This patchset is broken into 4 parts: 2012-05-07 22:37:48 -07:00

AppArmor Easy Profiler
----------------------
aa-easyprof is a standalone CLI application which can also be imported into
developer SDKs. See test/test-aa-easyprof.py for an example of how to import
this into your SDK.


Templates
---------
Any number of templates can be used. The user may specify one on the command
line or use a system-wide template from /usr/share/apparmor/easyprof/templates.

Currently the combination of the user-application and the opt-application and
user-application policygroups should achieve a working policy for Ubuntu's
Application Review Board:
- http://developer.ubuntu.com/publish/my-apps-packages/

Eg:
$ aa-easyprof --template=user-application \
              --template-var="@{APPNAME}=foo" \
              --policy-groups=opt-application,user-application \
              /opt/foo/bin/foo

Testing
-------
Unit tests:
$ ./test/test-aa-easyprof.py

In source manual testing:
$ ./aa-easyprof --templates-dir=./easyprof/templates \
                --policy-groups-dir=./easyprof/policygroups \
                ... \
                /opt/foo/bin/foo

Post-install manual testing:
$ make DESTDIR=/tmp/test PERLDIR=/tmp/test/usr/share/perl5/Immunix install
$ cd /tmp/test
$ PYTHONPATH=/tmp/test/usr/local/.../dist-packages ./usr/bin/aa-easyprof \
    --templates-dir=/tmp/test/usr/share/apparmor/easyprof/templates \
    --policy-groups-dir=/tmp/test/usr/share/apparmor/easyprof/policygroups \
    /opt/bin/foo

(you may also adjust /tmp/test/etc/apparmor/easyprof.conf to avoid specifying
--templates-dir and --policy-groups-dir).