mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 12:58:07 +00:00
Code Issues Releases Wiki Activity

Fixes for BZ 179656, 233768. Add new capabilities rating to sverity.db,

Browse Source 
localization fixes in SubDomain.pm and Reports.pm.
This commit is contained in:
Dominic Reynolds 2007-03-12 14:12:40 +00:00
parent 7b391f3d5c
commit 8fb0f8f3d1
3 changed files with 480 additions and 508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
utils/Reports.pm
View File

@ -31,12 +31,11 @@ package Immunix::Reports;
################################################################################ ################################################################################
use strict; use strict;
use Immunix::Ycp; # debug
use DBI; use DBI;
use DBD::SQLite; use DBD::SQLite;
use POSIX;
use Locale::gettext; use Locale::gettext;
use POSIX;
use ycp;
setlocale(LC_MESSAGES, ""); setlocale(LC_MESSAGES, "");
textdomain("Reports"); textdomain("Reports");
@ -263,7 +262,7 @@ sub checkEventDb {
}; };
if ( $@ ) { if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr)); ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
return; return;
} }
@ -371,13 +370,13 @@ sub getNumPages {
}; };
if ( $@ ) { if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr)); ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
return; return;
} }
$dbh->disconnect(); $dbh->disconnect();
#Immunix::Ycp::y2milestone("Numpages Query: $query"); # debug #ycp::y2milestone("Numpages Query: $query"); # debug
$numPages = pageRound($count/$numEvents); $numPages = pageRound($count/$numEvents);
if ( $numPages < 1 ) { $numPages = 1; } if ( $numPages < 1 ) { $numPages = 1; }
@ -397,11 +396,11 @@ sub getNumPages {
close REP; close REP;
} else { } else {
Immunix::Ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep)); ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep));
} }
} else { } else {
Immunix::Ycp::y2error(gettext("No type value passed. Unable to determine page count.")); ycp::y2error(gettext("No type value passed. Unable to determine page count."));
return("1"); return("1");
} }
@ -471,7 +470,7 @@ sub updateFiles {
if ( unlink("$oldFile") ) { if ( unlink("$oldFile") ) {
if ( ! rename ("$newFile", "$oldFile") ) { if ( ! rename ("$newFile", "$oldFile") ) {
if ( ! system('/bin/mv', "$newFile","$oldFile") ) { if ( ! system('/bin/mv', "$newFile","$oldFile") ) {
Immunix::Ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile)); ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile));
return 1; return 1;
} }
} }
@ -584,7 +583,7 @@ sub exportLog {
close LOG; close LOG;
} else { } else {
Immunix::Ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog)); ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog));
} }
# return($error); # return($error);
} }
@ -608,13 +607,13 @@ sub getXmlReport {
} }
if ( ! $repName ) { if ( ! $repName ) {
Immunix::Ycp::y2error(gettext("Fatal error. No report name given. Exiting.")); ycp::y2error(gettext("Fatal error. No report name given. Exiting."));
} }
if ( ! $repConf || ! -e $repConf ) { if ( ! $repConf || ! -e $repConf ) {
$repConf = '/etc/apparmor/reports.conf'; $repConf = '/etc/apparmor/reports.conf';
if ( ! -e $repConf ) { if ( ! -e $repConf ) {
Immunix::Ycp::y2error(sprintf(gettext("Unable to get configuration info for %s. ycp::y2error(sprintf(gettext("Unable to get configuration info for %s.
Unable to find %s."), $repName, $repConf)); Unable to find %s."), $repName, $repConf));
exit 1; exit 1;
} }
@ -655,7 +654,7 @@ sub getXmlReport {
if ($1) { if ($1) {
$rep{"$1"}= $2 unless $2 eq '-'; $rep{"$1"}= $2 unless $2 eq '-';
} else { } else {
Immunix::Ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_)); ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_));
} }
} }
} }
@ -664,7 +663,7 @@ sub getXmlReport {
close XML; close XML;
} else { } else {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf)); ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf));
exit 1; exit 1;
} }
@ -713,7 +712,7 @@ sub getCfInfo {
} else { } else {
my $error = sprintf(gettext("Fatal Error. Can't run %s. Exiting."), $cfApp); my $error = sprintf(gettext("Fatal Error. Can't run %s. Exiting."), $cfApp);
Immunix::Ycp::y2error($error); ycp::y2error($error);
return $error; return $error;
} }
@ -753,7 +752,7 @@ sub getEssStats {
} }
if ( ! -e $targetDir ) { if ( ! -e $targetDir ) {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir)); ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir));
return; return;
} }
@ -772,7 +771,7 @@ sub getEssStats {
close TDIR; close TDIR;
} else { } else {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir)); ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir));
return; return;
} }
@ -800,7 +799,7 @@ sub getEssStats {
}; };
if ( $@ ) { if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr)); ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
return; return;
} }
@ -813,7 +812,7 @@ sub getEssStats {
}; };
if ( $@ ) { if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr)); ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
return; return;
} }
@ -823,7 +822,7 @@ sub getEssStats {
}; };
if ( $@ ) { if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr)); ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
return; return;
} }
@ -1487,7 +1486,7 @@ sub getEvents {
}; };
if ( $@ ) { if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr)); ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
return; return;
} }
@ -1593,7 +1592,7 @@ sub getArchReport {
close REP; close REP;
} else { } else {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep)); ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep));
return("Couldn't open $eventRep"); return("Couldn't open $eventRep");
} }

279
utils/SubDomain.pm
View File

@ -21,14 +21,13 @@
package Immunix::SubDomain; package Immunix::SubDomain;
use warnings;
use strict; use strict;
use warnings;
use Carp; use Carp;
use Cwd qw(cwd realpath); use Cwd qw(cwd realpath);
use File::Basename;
use Data::Dumper; use Data::Dumper;
use File::Basename;
use Locale::gettext; use Locale::gettext;
use POSIX; use POSIX;
@ -36,14 +35,62 @@ use Immunix::Severity;
require Exporter; require Exporter;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw(%sd $filename $profiledir $parser %qualifiers %include %helpers $UI_Mode which getprofilefilename getprofileflags setprofileflags complain enforce autodep reload UI_GetString UI_GetFile UI_YesNo UI_Important UI_Info getkey do_logprof_pass readconfig loadincludes check_for_subdomain UI_PromptUser $running_under_genprof GetDataFromYast SendDataToYast setup_yast shutdown_yast readprofile readprofiles writeprofile get_full_path fatal_error checkProfileSyntax checkIncludeSyntax); our @EXPORT = qw(
%sd
$filename
$profiledir
$parser
%qualifiers
%include
%helpers
$UI_Mode
$running_under_genprof
no warnings 'all'; which
get_full_path
getprofilefilename
getprofileflags
setprofileflags
complain
enforce
autodep
reload
UI_GetFile
UI_GetString
UI_Important
UI_Info
UI_PromptUser
UI_YesNo
getkey
do_logprof_pass
readconfig
loadincludes
readprofile
readprofiles
writeprofile
check_for_subdomain
fatal_error
setup_yast
shutdown_yast
GetDataFromYast
SendDataToYast
checkProfileSyntax
checkIncludeSyntax
);
our $confdir = "/etc/apparmor"; our $confdir = "/etc/apparmor";
our $running_under_genprof = 0; our $running_under_genprof = 0;
our $finishing = 0;
our $DEBUGGING; our $DEBUGGING;
@ -110,6 +157,8 @@ my %seen;
my %profilechanges; my %profilechanges;
my %prelog; my %prelog;
my %log; my %log;
my @log;
my %pid;
my %changed; my %changed;
my %skip; my %skip;
our %helpers; # we want to preserve this one between passes our %helpers; # we want to preserve this one between passes
@ -237,11 +286,9 @@ sub setup_yast {
if ($ENV{YAST_IS_RUNNING}) { if ($ENV{YAST_IS_RUNNING}) {
# load the yast module if available. # load the yast module if available.
eval { require Immunix::Ycp; }; eval { require ycp; };
unless ($@) { unless ($@) {
import Immunix::Ycp; import ycp;
no warnings 'all';
$UI_Mode = "yast"; $UI_Mode = "yast";
@ -671,7 +718,7 @@ sub UI_Info ($) {
if ($UI_Mode eq "text") { if ($UI_Mode eq "text") {
print "$text\n"; print "$text\n";
} else { } else {
Immunix::Ycp::y2milestone($text); ycp::y2milestone($text);
} }
} }
@ -701,9 +748,10 @@ sub UI_YesNo ($$) {
my $no = gettext("(N)o"); my $no = gettext("(N)o");
# figure out our localized hotkeys # figure out our localized hotkeys
$yes =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$yes'"; my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
$yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
my $yeskey = lc($1); my $yeskey = lc($1);
$no =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$no'"; $no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
my $nokey = lc($1); my $nokey = lc($1);
print "\n$text\n"; print "\n$text\n";
@ -740,12 +788,14 @@ sub UI_YesNoCancel ($$) {
my $no = gettext("(N)o"); my $no = gettext("(N)o");
my $cancel = gettext("(C)ancel"); my $cancel = gettext("(C)ancel");
my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
# figure out our localized hotkeys # figure out our localized hotkeys
$yes =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$yes'"; $yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
my $yeskey = lc($1); my $yeskey = lc($1);
$no =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$no'"; $no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
my $nokey = lc($1); my $nokey = lc($1);
$cancel =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$cancel'"; $cancel =~ /\((\S)\)/ or fatal_error "$usrmsg '$cancel'";
my $cancelkey = lc($1); my $cancelkey = lc($1);
$ans = "XXXINVALIDXXX"; $ans = "XXXINVALIDXXX";
@ -877,6 +927,14 @@ sub UI_PromptUser ($) {
$arg = $yarg->{selected}; $arg = $yarg->{selected};
} }
if ($cmd eq "CMD_ABORT") {
confirm_and_abort();
$cmd = "XXXINVALIDXXX";
} elsif ($cmd eq "CMD_FINISHED") {
confirm_and_finish();
$cmd = "XXXINVALIDXXX";
}
return ($cmd, $arg); return ($cmd, $arg);
} }
@ -894,7 +952,7 @@ sub SendDataToYast {
while (<STDIN>) { while (<STDIN>) {
$DEBUGGING && debug "SendDataToYast: YCP: $_"; $DEBUGGING && debug "SendDataToYast: YCP: $_";
my ($ycommand, $ypath, $yargument) = Immunix::Ycp::ParseCommand ($_); my ($ycommand, $ypath, $yargument) = ycp::ParseCommand($_);
if ($ycommand && $ycommand eq "Read") { if ($ycommand && $ycommand eq "Read") {
@ -903,7 +961,7 @@ sub SendDataToYast {
debug "SendDataToYast: Sending--\n$debugmsg"; debug "SendDataToYast: Sending--\n$debugmsg";
} }
Immunix::Ycp::Return($data); ycp::Return($data);
return 1; return 1;
} else { } else {
@ -926,7 +984,7 @@ sub GetDataFromYast {
while (<STDIN>) { while (<STDIN>) {
$DEBUGGING && debug "GetDataFromYast: YCP: $_"; $DEBUGGING && debug "GetDataFromYast: YCP: $_";
my ($ycmd, $ypath, $yarg) = Immunix::Ycp::ParseCommand ($_); my ($ycmd, $ypath, $yarg) = ycp::ParseCommand($_);
if ($DEBUGGING) { if ($DEBUGGING) {
my $debugmsg = Data::Dumper->Dump([$yarg], [qw(*data)]); my $debugmsg = Data::Dumper->Dump([$yarg], [qw(*data)]);
@ -935,7 +993,7 @@ sub GetDataFromYast {
if ($ycmd && $ycmd eq "Write") { if ($ycmd && $ycmd eq "Write") {
Immunix::Ycp::Return("true"); ycp::Return("true");
return ($ypath, $yarg); return ($ypath, $yarg);
} else { } else {
@ -947,6 +1005,26 @@ sub GetDataFromYast {
fatal_error "GetDataFromYast: didn't receive YCP command before connection died"; fatal_error "GetDataFromYast: didn't receive YCP command before connection died";
} }
sub confirm_and_abort {
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if ($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
}
sub confirm_and_finish {
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if ($ans eq "y") {
UI_Info(gettext("Saving all changes."));
# need to wrap any calls to ui functions with eval { } blocks in order
# to catch this exception
die "FINISHING\n";
}
}
########################################################################## ##########################################################################
# this is the hideously ugly function that descends down the flow/event # this is the hideously ugly function that descends down the flow/event
# trees that we've generated by parsing the logfile # trees that we've generated by parsing the logfile
@ -1013,9 +1091,7 @@ sub handlechildren {
$q->{functions} = [ ]; $q->{functions} = [ ];
push @{$q->{functions}}, "CMD_ADDHAT"; push @{$q->{functions}}, "CMD_ADDHAT";
push @{$q->{functions}}, "CMD_USEDEFAULT" if $defaulthat; push @{$q->{functions}}, "CMD_USEDEFAULT" if $defaulthat;
push @{$q->{functions}}, "CMD_DENY"; push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
push @{$q->{functions}}, "CMD_ABORT";
push @{$q->{functions}}, "CMD_FINISHED";
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ADDHAT" : "CMD_DENY"; $q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ADDHAT" : "CMD_DENY";
@ -1037,21 +1113,6 @@ sub handlechildren {
$hat = $defaulthat; $hat = $defaulthat;
} elsif ($ans eq "CMD_DENY") { } elsif ($ans eq "CMD_DENY") {
return; return;
} elsif($ans eq "CMD_ABORT") {
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
} elsif($ans eq "CMD_FINISHED") {
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
} }
} elsif ($type eq "capability") { } elsif ($type eq "capability") {
@ -1208,9 +1269,7 @@ sub handlechildren {
push @{$q->{functions}}, "CMD_INHERIT" if $options =~ /i/; push @{$q->{functions}}, "CMD_INHERIT" if $options =~ /i/;
push @{$q->{functions}}, "CMD_PROFILE" if $options =~ /p/; push @{$q->{functions}}, "CMD_PROFILE" if $options =~ /p/;
push @{$q->{functions}}, "CMD_UNCONFINED" if $options =~ /u/; push @{$q->{functions}}, "CMD_UNCONFINED" if $options =~ /u/;
push @{$q->{functions}}, "CMD_DENY"; push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
push @{$q->{functions}}, "CMD_ABORT";
push @{$q->{functions}}, "CMD_FINISHED";
$q->{default} = $default; $q->{default} = $default;
@ -1222,24 +1281,7 @@ sub handlechildren {
while ($ans !~ m/^CMD_(INHERIT|PROFILE|PROFILE_CLEAN|UNCONFINED|UNCONFINED_CLEAN|DENY)$/) { while ($ans !~ m/^CMD_(INHERIT|PROFILE|PROFILE_CLEAN|UNCONFINED|UNCONFINED_CLEAN|DENY)$/) {
($ans, $arg) = UI_PromptUser($q); ($ans, $arg) = UI_PromptUser($q);
# check for Abort or Finish if ($ans eq "CMD_PROFILE") {
if($ans eq "CMD_ABORT") {
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
$DEBUGGING && debug "back from abort yesno";
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
} elsif($ans eq "CMD_FINISHED") {
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
} elsif($ans eq "CMD_PROFILE") {
my $px_default = "n"; my $px_default = "n";
my $px_mesg = gettext("Should AppArmor sanitize the environment when\nswitching profiles?\n\nSanitizing the environment is more secure,\nbut some applications depend on the presence\nof LD_PRELOAD or LD_LIBRARY_PATH."); my $px_mesg = gettext("Should AppArmor sanitize the environment when\nswitching profiles?\n\nSanitizing the environment is more secure,\nbut some applications depend on the presence\nof LD_PRELOAD or LD_LIBRARY_PATH.");
if ($parent_uses_ld_xxx) { if ($parent_uses_ld_xxx) {
@ -1340,33 +1382,6 @@ sub handlechildren {
} }
} }
sub do_logprof_pass {
my $logmark = shift || "";
# zero out the state variables for this pass...
%t = ( );
%transitions = ( );
%seen = ( );
%sd = ( );
%profilechanges = ( );
%prelog = ( );
%log = ( );
%changed = ( );
%skip = ( );
%variables = ( );
UI_Info(sprintf(gettext('Reading log entries from %s.'), $filename));
UI_Info(sprintf(gettext('Updating AppArmor profiles in %s.'), $profiledir));
readprofiles();
my $seenmark = $logmark ? 0 : 1;
$sevdb = new Immunix::Severity("$confdir/severity.db", gettext("unknown"));
my @log;
my %pid;
sub add_to_tree ($@) { sub add_to_tree ($@) {
my ($pid, $type, @event) = @_; my ($pid, $type, @event) = @_;
@ -1379,6 +1394,11 @@ sub do_logprof_pass {
push @{$pid{$pid}}, [ $type, $pid, @event ]; push @{$pid{$pid}}, [ $type, $pid, @event ];
} }
sub read_log {
my $logmark = shift;
my $seenmark = $logmark ? 0 : 1;
my $stuffed = undef; my $stuffed = undef;
my $last; my $last;
# okay, done loading the previous profiles, get on to the good stuff... # okay, done loading the previous profiles, get on to the good stuff...
@ -1573,17 +1593,9 @@ sub do_logprof_pass {
} }
} }
close(LOG); close(LOG);
for my $root (@log) {
handlechildren(undef, undef, $root);
} }
for my $pid (sort { $a <=> $b } keys %profilechanges) { sub ask_the_questions {
setprocess($pid, $profilechanges{$pid});
}
collapselog();
my $found; my $found;
# do the magic foo-foo # do the magic foo-foo
@ -1628,7 +1640,9 @@ sub do_logprof_pass {
push @{$q->{headers}}, gettext("Capability"), $capability; push @{$q->{headers}}, gettext("Capability"), $capability;
push @{$q->{headers}}, gettext("Severity"), $severity; push @{$q->{headers}}, gettext("Severity"), $severity;
$q->{functions} = [ "CMD_ALLOW", "CMD_DENY", "CMD_ABORT", "CMD_FINISHED" ]; $q->{functions} = [
"CMD_ALLOW", "CMD_DENY", "CMD_ABORT", "CMD_FINISHED"
];
# complain-mode events default to allow - enforce defaults to deny # complain-mode events default to allow - enforce defaults to deny
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY"; $q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
@ -1651,39 +1665,9 @@ sub do_logprof_pass {
UI_Info(sprintf(gettext('Adding capability %s to profile.'), $capability)); UI_Info(sprintf(gettext('Adding capability %s to profile.'), $capability));
} elsif ($ans eq "CMD_DENY") { } elsif ($ans eq "CMD_DENY") {
UI_Info(sprintf(gettext('Denying capability %s to profile.'), $capability)); UI_Info(sprintf(gettext('Denying capability %s to profile.'), $capability));
} elsif($ans eq "CMD_ABORT") {
# if we're in yast, they've already been asked for confirmation
if($UI_Mode eq "yast") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
} else { } else {
redo; redo;
} }
} elsif($ans eq "CMD_FINISHED") {
# if we're in yast, they've already been asked for confirmation
if($UI_Mode eq "yast") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
} else {
redo;
}
}
} }
# and then step through all of the path entries... # and then step through all of the path entries...
@ -1847,7 +1831,10 @@ sub do_logprof_pass {
$q->{options} = [ @options ]; $q->{options} = [ @options ];
$q->{selected} = $defaultoption - 1; $q->{selected} = $defaultoption - 1;
$q->{functions} = [ "CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW", "CMD_ABORT", "CMD_FINISHED" ]; $q->{functions} = [
"CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW",
"CMD_ABORT", "CMD_FINISHED"
];
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY"; $q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
@ -1964,21 +1951,6 @@ sub do_logprof_pass {
} }
} elsif ($ans =~ /\d/) { } elsif ($ans =~ /\d/) {
$defaultoption = $ans; $defaultoption = $ans;
} elsif($ans eq "CMD_ABORT") {
$ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
} elsif($ans eq "CMD_FINISHED") {
$ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
} }
} }
} }
@ -2231,7 +2203,7 @@ sub readprofile ($$) {
# deal with whitespace in profile and hat names. # deal with whitespace in profile and hat names.
$profile = $1 if $profile =~ /^"(.+)"$/; $profile = $1 if $profile =~ /^"(.+)"$/;
$hat = $1 if $hat =~ /^"(.+)"$/; $hat = $1 if $hat && $hat =~ /^"(.+)"$/;
# if we run into old-style hat declarations mark the profile as # if we run into old-style hat declarations mark the profile as
# changed so we'll write it out as new-style # changed so we'll write it out as new-style
@ -2984,19 +2956,22 @@ sub Text_PromptUser ($) {
my @menu_items; my @menu_items;
for my $cmd (@functions) { for my $cmd (@functions) {
# make sure we know about this particular command # make sure we know about this particular command
fatal_error "PromptUser: Unknown command $cmd" unless $CMDS{$cmd}; my $cmdmsg = "PromptUser: " . gettext("Unknown command") . " $cmd";
fatal_error $cmdmsg unless $CMDS{$cmd};
# grab the localized text to use for the menu for this command # grab the localized text to use for the menu for this command
my $menutext = gettext($CMDS{$cmd}); my $menutext = gettext($CMDS{$cmd});
# figure out what the hotkey for this menu item is # figure out what the hotkey for this menu item is
$menutext =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey in '$menutext'"; my $menumsg = "PromptUser: " . gettext("Invalid hotkey in") . " '$menutext'";
$menutext =~ /\((\S)\)/ or fatal_error $menumsg;
# we want case insensitive comparisons so we'll force things to lowercase # we want case insensitive comparisons so we'll force things to lowercase
my $key = lc($1); my $key = lc($1);
# check if we're already using this hotkey for this prompt # check if we're already using this hotkey for this prompt
fatal_error "PromptUser: Duplicate hotkey for $cmd: $menutext" if $keys{$key}; my $hotkeymsg = "PromptUser: " . gettext("Duplicate hotkey for") . " $cmd: $menutext";
fatal_error $hotkeymsg if $keys{$key};
# keep track of which command they're picking if they hit this hotkey # keep track of which command they're picking if they hit this hotkey
$keys{$key} = $cmd; $keys{$key} = $cmd;
@ -3014,12 +2989,14 @@ sub Text_PromptUser ($) {
my $defaulttext = gettext($CMDS{$default}); my $defaulttext = gettext($CMDS{$default});
# figure out what the hotkey for this menu item is # figure out what the hotkey for this menu item is
$defaulttext =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey in default item '$defaulttext'"; my $defmsg = "PromptUser: " . gettext("Invalid hotkey in default item") . " '$defaulttext'";
$defaulttext =~ /\((\S)\)/ or fatal_error $defmsg;
# we want case insensitive comparisons so we'll force things to lowercase # we want case insensitive comparisons so we'll force things to lowercase
$default_key = lc($1); $default_key = lc($1);
fatal_error "PromptUser: Invalid default $default" unless $keys{$default_key}; my $defkeymsg = "PromptUser: " . gettext("Invalid default") . " $default";
fatal_error $defkeymsg;
} }
my $widest = 0; my $widest = 0;
@ -3111,17 +3088,11 @@ sub Text_PromptUser ($) {
# pull our command back from our hotkey map # pull our command back from our hotkey map
$ans = $keys{$ans} if $keys{$ans}; $ans = $keys{$ans} if $keys{$ans};
# if($options) {
# die "ERROR: not looking for array when options passed" unless wantarray;
if ($options) { if ($options) {
return ($ans, $options->[$selected]); return ($ans, $options->[$selected]);
} else { } else {
return ($ans, $selected); return ($ans, $selected);
} }
# } else {
# die "ERROR: looking for list when options not passed" if wantarray;
# return $ans;
# }
} }
unless (-x $ldd) { unless (-x $ldd) {

2
utils/severity.db
View File

@ -40,6 +40,8 @@
CAP_IPC_LOCK 8 CAP_IPC_LOCK 8
CAP_SYS_TTY_CONFIG 8 CAP_SYS_TTY_CONFIG 8
CAP_DAC_READ_SEARCH 7 CAP_DAC_READ_SEARCH 7
CAP_AUDIT_CONTROL 8
CAP_AUDIT_WRITE 8
# unused # unused
CAP_NET_BROADCAST 0 CAP_NET_BROADCAST 0