utils: remove aa-enforce '--remove' option

This patch removes the '--remove' option on aa-enforce as well as from the man page. It also removes the test entry that contains it, but I don't think this is entirely correct because I think the second half of the test is dependent on the (now deleted) first half of the test. (It also removes a missed reference to --revert in the aa-disable man page.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-29 13:28:19 +00:00 · 2014-03-03 14:59:47 -08:00 · 2014-03-03 14:59:47 -08:00 · 6cf4cbea21
commit 6cf4cbea21
parent 3575ca4ac9
4 changed files with 4 additions and 17 deletions
--- a/utils/aa-disable.pod
+++ b/utils/aa-disable.pod
@ -43,8 +43,6 @@ profile from being loaded on AppArmor startup.
 The I<aa-enforce> and I<aa-complain> utilities may be used to to change
 this behavior.
 The I<--revert> option can be used to enable the profile.
 =head1 BUGS
 If you find any bugs, please report them at
--- a/utils/aa-enforce
+++ b/utils/aa-enforce
@ -22,11 +22,12 @@ _ = init_translation()
 parser = argparse.ArgumentParser(description=_('Switch the given program to enforce mode'))
 parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
 parser.add_argument('-r', '--remove', action='store_true', help=_('switch to complain mode'))
 parser.add_argument('program', type=str, nargs='+', help=_('name of program'))
 args = parser.parse_args()
-# Flipping the remove flag since complain = !enforce
+# Set the remove flag since complain = !enforce
-args.remove = not args.remove
+# XXX remove this entirely once conversion to individual cmd methods
 # on the Tool class are implemented
 args.remove = True
 enforce = apparmor.tools.aa_tools('complain', args)
--- a/utils/aa-enforce.pod
+++ b/utils/aa-enforce.pod
@ -36,10 +36,6 @@ B<-d --dir / path/to/profiles>
   Specifies where to look for the AppArmor security profile set.
   Defaults to /etc/apparmor.d.
 B<-r --remove>
   Removes the enforce mode for the profile.  
 =head1 DESCRIPTION
 B<aa-enforce> is used to set one or more profiles to I<enforce> mode.
@ -49,9 +45,6 @@ unloads and disables a profile.
 The default mode for a security policy is enforce and the I<aa-complain>
 utility must be run to change this behavior.
 The I<--remove> option can be used to remove the enforce mode for the profile,
 setting it to complain mode.
 =head1 BUGS
 If you find any bugs, please report them at
--- a/utils/test/minitools_test.py
+++ b/utils/test/minitools_test.py
@ -77,11 +77,6 @@ class Test(unittest.TestCase):
    def test_enforce(self):
        #Set ntpd profile to complain mode and check if it was correctly set
        subprocess.check_output('%s ./../aa-enforce -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
        self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
        self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
        #Set ntpd profile to enforce mode and check if it was correctly set
        subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)