Merge utils: skip user config reading in aa-notify when --configdir is given

--configdir is meant for testing and should override all other configs, instead of being combined with them. Config combination causes aa-notify test failures if e.g. the user-local config sets filtering options. Also supply a notify.conf file for exclusive use during testing. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1610 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Merged-by: John Johansen <john@jjmx.net> (cherry picked from commit abe588cea4)
2025-09-05 16:55:32 +00:00 · 2025-04-03 14:54:10 -07:00
parent 3cd419eab5 739fea2ece
commit 37f792377c
2 changed files with 65 additions and 12 deletions
--- a/utils/aa-notify
+++ b/utils/aa-notify
@@ -712,19 +712,22 @@ def main():
    if not system_config:
        system_config = {'': {'show_notifications': 'yes'}}

-    # Load user's notify.conf
-    if os.path.isfile(os.environ['HOME'] + '/.apparmor/notify.conf'):
-        # Use legacy path if the conf file is there
-        user_config = read_notify_conf(os.environ['HOME'] + '/.apparmor', shell_config)
-    elif 'XDG_CONFIG_HOME' in os.environ and os.path.isfile(os.environ['XDG_CONFIG_HOME'] + '/apparmor/notify.conf'):
-        # Use XDG_CONFIG_HOME if it is defined
-        user_config = read_notify_conf(os.environ['XDG_CONFIG_HOME'] + '/apparmor', shell_config)
-    else:
-        # Fallback to the default value of XDG_CONFIG_HOME
-        user_config = read_notify_conf(os.environ['HOME'] + '/.config/apparmor', shell_config)
+    # Load user's notify.conf if a configdir override was not specified
+    if not args.configdir:
+        if os.path.isfile(os.environ['HOME'] + '/.apparmor/notify.conf'):
+            # Use legacy path if the conf file is there
+            user_config = read_notify_conf(os.environ['HOME'] + '/.apparmor', shell_config)
+        elif 'XDG_CONFIG_HOME' in os.environ and os.path.isfile(os.environ['XDG_CONFIG_HOME'] + '/apparmor/notify.conf'):
+            # Use XDG_CONFIG_HOME if it is defined
+            user_config = read_notify_conf(os.environ['XDG_CONFIG_HOME'] + '/apparmor', shell_config)
+        else:
+            # Fallback to the default value of XDG_CONFIG_HOME
+            user_config = read_notify_conf(os.environ['HOME'] + '/.config/apparmor', shell_config)

-    # Merge the two config dicts in an accurate and idiomatic way (requires Python 3.5)
-    config = {**system_config, **user_config}
+        # Merge the two config dicts in an accurate and idiomatic way (requires Python 3.5)
+        config = {**system_config, **user_config}
+    else:
+        config = system_config

    """
    Possible configuration options:
--- a/utils/test/notify.conf
+++ b/utils/test/notify.conf
@@ -0,0 +1,50 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2010 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Testing-specific config with no filtering
+
+# Set to 'no' to disable AppArmor notifications globally
+show_notifications="yes"
+
+# Special profiles used to remove privileges for unconfined binaries using user namespaces. If unsure, leave as is.
+userns_special_profiles="unconfined,unprivileged_userns"
+
+# Theme to use for aa-notify GUI themes. See https://ttkthemes.readthedocs.io/en/latest/themes.html for available themes.
+interface_theme="ubuntu"
+
+# Binaries for which we ignore userns-related capability denials
+ignore_denied_capability="sudo,su"
+
+# OPTIONAL - kind of operations which display a popup prompt.
+# prompt_filter="userns"
+
+# OPTIONAL - Maximum number of profile that can send notification before they are merged
+# maximum_number_notification_profiles=2
+
+# OPTIONAL - Keys to aggregate when merging events
+# keys_to_aggregate="operation,class,name,denied,target"
+
+# OPTIONAL - restrict using aa-notify to users in the given group
+# (if not set, everybody who has permissions to read the logfile can use it)
+# use_group="admin"
+
+# OPTIONAL - custom notification message body
+# message_body="This is a custom notification message."
+
+# OPTIONAL - custom notification message footer
+# message_footer="For more information visit https://foo.com"
+
+# OPTIONAL - custom notification filtering
+# filter.profile=""
+# filter.operation=""
+# filter.name=""
+# filter.denied=""
+# filter.family=""
+# filter.socket=""