mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

aa-notify: Reduce profiles updates to reduce overhead.

Browse Source 
Profiles are now updated only at initialization and when aa-notify
itself updates a profile.

A future MR will come to read profiles individually only when an event
for this profile comes to reduce overhead, as more and more profiles are
created.

Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
This commit is contained in:
Maxime Bélair 2025-07-17 17:23:47 +02:00 committed by John Johansen
parent 12e3557896
commit 73f4f650e7
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
utils/aa-notify
View File

@ -486,6 +486,8 @@ def create_userns_profile(name, path, ans):
except subprocess.CalledProcessError as e:
if e.returncode != 126: # return code 126 means the user cancelled the request
UsernsGUI.show_error_cannot_reload_profile(profile_path, e.returncode)
else:
aa.update_profiles()
def ask_for_user_ns_denied(path, name, interactive=True):
@ -504,8 +506,6 @@ def can_leverage_userns_event(ev):
if ev['execpath'] is None:
return 'error_cannot_find_path'
aa.update_profiles()
if aa.get_profile_filename_from_profile_name(ev['comm']):
return 'error_userns_profile_exists'
return 'ok'
@ -550,7 +550,6 @@ def get_more_info_about_event(rl, ev, special_profiles, profile_path, header='')
if rule:
if type(rule) is FileRule and rule.exec_perms == FileRule.ANY_EXEC:
rule.exec_perms = 'Pix'
aa.update_profiles()
if get_event_special_type(ev, special_profiles) != 'normal':
userns_event_usable = can_leverage_userns_event(ev)
if userns_event_usable == 'error_cannot_find_path':
@ -619,6 +618,8 @@ def add_to_profile(rule, profile_name):
except subprocess.CalledProcessError as e:
if e.returncode != 126: # return code 126 means the user cancelled the request
ErrorGUI(_('Failed to add rule {rule} to {profile}\nError code = {retcode}').format(rule=rule, profile=profile_name, retcode=e.returncode), False).show()
else:
aa.update_profiles()
def create_from_file(file_path):
@ -629,6 +630,8 @@ def create_from_file(file_path):
except subprocess.CalledProcessError as e:
if e.returncode != 126: # return code 126 means the user cancelled the request
ErrorGUI(_('Failed to add some rules'), False).show()
else:
aa.update_profiles()
def allow_rules(clean_rules, allow_all=False):
@ -674,8 +677,6 @@ def cb_add_to_profile(notification, action, _args):
ErrorGUI(_('ERROR: Could not create rule from event.'), False).show()
return
aa.update_profiles()
if get_event_special_type(ev, special_profiles) != 'normal':
ask_for_user_ns_denied(ev['execpath'], ev['comm'], False)
else: