mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 10:07:12 +00:00
Fixes for BZ 179656, 233768. Add new capabilities rating to sverity.db,
localization fixes in SubDomain.pm and Reports.pm.
This commit is contained in:
parent
7b391f3d5c
commit
8fb0f8f3d1
@ -31,12 +31,11 @@ package Immunix::Reports;
|
||||
################################################################################
|
||||
|
||||
use strict;
|
||||
use Immunix::Ycp; # debug
|
||||
use DBI;
|
||||
use DBD::SQLite;
|
||||
|
||||
use POSIX;
|
||||
use Locale::gettext;
|
||||
use POSIX;
|
||||
use ycp;
|
||||
|
||||
setlocale(LC_MESSAGES, "");
|
||||
textdomain("Reports");
|
||||
@ -263,7 +262,7 @@ sub checkEventDb {
|
||||
};
|
||||
|
||||
if ( $@ ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
|
||||
ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -371,13 +370,13 @@ sub getNumPages {
|
||||
};
|
||||
|
||||
if ( $@ ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
|
||||
ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
|
||||
return;
|
||||
}
|
||||
|
||||
$dbh->disconnect();
|
||||
|
||||
#Immunix::Ycp::y2milestone("Numpages Query: $query"); # debug
|
||||
#ycp::y2milestone("Numpages Query: $query"); # debug
|
||||
|
||||
$numPages = pageRound($count/$numEvents);
|
||||
if ( $numPages < 1 ) { $numPages = 1; }
|
||||
@ -397,11 +396,11 @@ sub getNumPages {
|
||||
close REP;
|
||||
|
||||
} else {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep));
|
||||
ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep));
|
||||
}
|
||||
|
||||
} else {
|
||||
Immunix::Ycp::y2error(gettext("No type value passed. Unable to determine page count."));
|
||||
ycp::y2error(gettext("No type value passed. Unable to determine page count."));
|
||||
return("1");
|
||||
}
|
||||
|
||||
@ -471,7 +470,7 @@ sub updateFiles {
|
||||
if ( unlink("$oldFile") ) {
|
||||
if ( ! rename ("$newFile", "$oldFile") ) {
|
||||
if ( ! system('/bin/mv', "$newFile","$oldFile") ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile));
|
||||
ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile));
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@ -584,7 +583,7 @@ sub exportLog {
|
||||
|
||||
close LOG;
|
||||
} else {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog));
|
||||
ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog));
|
||||
}
|
||||
# return($error);
|
||||
}
|
||||
@ -608,13 +607,13 @@ sub getXmlReport {
|
||||
}
|
||||
|
||||
if ( ! $repName ) {
|
||||
Immunix::Ycp::y2error(gettext("Fatal error. No report name given. Exiting."));
|
||||
ycp::y2error(gettext("Fatal error. No report name given. Exiting."));
|
||||
}
|
||||
|
||||
if ( ! $repConf || ! -e $repConf ) {
|
||||
$repConf = '/etc/apparmor/reports.conf';
|
||||
if ( ! -e $repConf ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Unable to get configuration info for %s.
|
||||
ycp::y2error(sprintf(gettext("Unable to get configuration info for %s.
|
||||
Unable to find %s."), $repName, $repConf));
|
||||
exit 1;
|
||||
}
|
||||
@ -655,7 +654,7 @@ sub getXmlReport {
|
||||
if ($1) {
|
||||
$rep{"$1"}= $2 unless $2 eq '-';
|
||||
} else {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_));
|
||||
ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -664,7 +663,7 @@ sub getXmlReport {
|
||||
close XML;
|
||||
|
||||
} else {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf));
|
||||
ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf));
|
||||
exit 1;
|
||||
}
|
||||
|
||||
@ -713,7 +712,7 @@ sub getCfInfo {
|
||||
|
||||
} else {
|
||||
my $error = sprintf(gettext("Fatal Error. Can't run %s. Exiting."), $cfApp);
|
||||
Immunix::Ycp::y2error($error);
|
||||
ycp::y2error($error);
|
||||
return $error;
|
||||
}
|
||||
|
||||
@ -753,7 +752,7 @@ sub getEssStats {
|
||||
}
|
||||
|
||||
if ( ! -e $targetDir ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir));
|
||||
ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -772,7 +771,7 @@ sub getEssStats {
|
||||
close TDIR;
|
||||
|
||||
} else {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir));
|
||||
ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -800,7 +799,7 @@ sub getEssStats {
|
||||
};
|
||||
|
||||
if ( $@ ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
|
||||
ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -813,7 +812,7 @@ sub getEssStats {
|
||||
};
|
||||
|
||||
if ( $@ ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
|
||||
ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -823,7 +822,7 @@ sub getEssStats {
|
||||
};
|
||||
|
||||
if ( $@ ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
|
||||
ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -1487,7 +1486,7 @@ sub getEvents {
|
||||
};
|
||||
|
||||
if ( $@ ) {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
|
||||
ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -1593,7 +1592,7 @@ sub getArchReport {
|
||||
close REP;
|
||||
|
||||
} else {
|
||||
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep));
|
||||
ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep));
|
||||
return("Couldn't open $eventRep");
|
||||
}
|
||||
|
||||
|
@ -21,14 +21,13 @@
|
||||
|
||||
package Immunix::SubDomain;
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Carp;
|
||||
use Cwd qw(cwd realpath);
|
||||
use File::Basename;
|
||||
use Data::Dumper;
|
||||
|
||||
use File::Basename;
|
||||
use Locale::gettext;
|
||||
use POSIX;
|
||||
|
||||
@ -36,14 +35,62 @@ use Immunix::Severity;
|
||||
|
||||
require Exporter;
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(%sd $filename $profiledir $parser %qualifiers %include %helpers $UI_Mode which getprofilefilename getprofileflags setprofileflags complain enforce autodep reload UI_GetString UI_GetFile UI_YesNo UI_Important UI_Info getkey do_logprof_pass readconfig loadincludes check_for_subdomain UI_PromptUser $running_under_genprof GetDataFromYast SendDataToYast setup_yast shutdown_yast readprofile readprofiles writeprofile get_full_path fatal_error checkProfileSyntax checkIncludeSyntax);
|
||||
our @EXPORT = qw(
|
||||
%sd
|
||||
$filename
|
||||
$profiledir
|
||||
$parser
|
||||
%qualifiers
|
||||
%include
|
||||
%helpers
|
||||
$UI_Mode
|
||||
$running_under_genprof
|
||||
|
||||
no warnings 'all';
|
||||
which
|
||||
get_full_path
|
||||
|
||||
getprofilefilename
|
||||
|
||||
getprofileflags
|
||||
setprofileflags
|
||||
complain
|
||||
enforce
|
||||
|
||||
autodep
|
||||
reload
|
||||
|
||||
UI_GetFile
|
||||
UI_GetString
|
||||
UI_Important
|
||||
UI_Info
|
||||
UI_PromptUser
|
||||
UI_YesNo
|
||||
getkey
|
||||
|
||||
do_logprof_pass
|
||||
|
||||
readconfig
|
||||
loadincludes
|
||||
readprofile
|
||||
readprofiles
|
||||
writeprofile
|
||||
|
||||
check_for_subdomain
|
||||
fatal_error
|
||||
|
||||
setup_yast
|
||||
shutdown_yast
|
||||
|
||||
GetDataFromYast
|
||||
SendDataToYast
|
||||
|
||||
checkProfileSyntax
|
||||
checkIncludeSyntax
|
||||
);
|
||||
|
||||
our $confdir = "/etc/apparmor";
|
||||
|
||||
our $running_under_genprof = 0;
|
||||
our $finishing = 0;
|
||||
|
||||
our $DEBUGGING;
|
||||
|
||||
@ -110,6 +157,8 @@ my %seen;
|
||||
my %profilechanges;
|
||||
my %prelog;
|
||||
my %log;
|
||||
my @log;
|
||||
my %pid;
|
||||
my %changed;
|
||||
my %skip;
|
||||
our %helpers; # we want to preserve this one between passes
|
||||
@ -237,11 +286,9 @@ sub setup_yast {
|
||||
if ($ENV{YAST_IS_RUNNING}) {
|
||||
|
||||
# load the yast module if available.
|
||||
eval { require Immunix::Ycp; };
|
||||
eval { require ycp; };
|
||||
unless ($@) {
|
||||
import Immunix::Ycp;
|
||||
|
||||
no warnings 'all';
|
||||
import ycp;
|
||||
|
||||
$UI_Mode = "yast";
|
||||
|
||||
@ -671,7 +718,7 @@ sub UI_Info ($) {
|
||||
if ($UI_Mode eq "text") {
|
||||
print "$text\n";
|
||||
} else {
|
||||
Immunix::Ycp::y2milestone($text);
|
||||
ycp::y2milestone($text);
|
||||
}
|
||||
}
|
||||
|
||||
@ -701,9 +748,10 @@ sub UI_YesNo ($$) {
|
||||
my $no = gettext("(N)o");
|
||||
|
||||
# figure out our localized hotkeys
|
||||
$yes =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$yes'";
|
||||
my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
|
||||
$yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
|
||||
my $yeskey = lc($1);
|
||||
$no =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$no'";
|
||||
$no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
|
||||
my $nokey = lc($1);
|
||||
|
||||
print "\n$text\n";
|
||||
@ -740,12 +788,14 @@ sub UI_YesNoCancel ($$) {
|
||||
my $no = gettext("(N)o");
|
||||
my $cancel = gettext("(C)ancel");
|
||||
|
||||
my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
|
||||
|
||||
# figure out our localized hotkeys
|
||||
$yes =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$yes'";
|
||||
$yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
|
||||
my $yeskey = lc($1);
|
||||
$no =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$no'";
|
||||
$no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
|
||||
my $nokey = lc($1);
|
||||
$cancel =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$cancel'";
|
||||
$cancel =~ /\((\S)\)/ or fatal_error "$usrmsg '$cancel'";
|
||||
my $cancelkey = lc($1);
|
||||
|
||||
$ans = "XXXINVALIDXXX";
|
||||
@ -877,6 +927,14 @@ sub UI_PromptUser ($) {
|
||||
$arg = $yarg->{selected};
|
||||
}
|
||||
|
||||
if ($cmd eq "CMD_ABORT") {
|
||||
confirm_and_abort();
|
||||
$cmd = "XXXINVALIDXXX";
|
||||
} elsif ($cmd eq "CMD_FINISHED") {
|
||||
confirm_and_finish();
|
||||
$cmd = "XXXINVALIDXXX";
|
||||
}
|
||||
|
||||
return ($cmd, $arg);
|
||||
}
|
||||
|
||||
@ -894,7 +952,7 @@ sub SendDataToYast {
|
||||
|
||||
while (<STDIN>) {
|
||||
$DEBUGGING && debug "SendDataToYast: YCP: $_";
|
||||
my ($ycommand, $ypath, $yargument) = Immunix::Ycp::ParseCommand ($_);
|
||||
my ($ycommand, $ypath, $yargument) = ycp::ParseCommand($_);
|
||||
|
||||
if ($ycommand && $ycommand eq "Read") {
|
||||
|
||||
@ -903,7 +961,7 @@ sub SendDataToYast {
|
||||
debug "SendDataToYast: Sending--\n$debugmsg";
|
||||
}
|
||||
|
||||
Immunix::Ycp::Return($data);
|
||||
ycp::Return($data);
|
||||
return 1;
|
||||
|
||||
} else {
|
||||
@ -926,7 +984,7 @@ sub GetDataFromYast {
|
||||
|
||||
while (<STDIN>) {
|
||||
$DEBUGGING && debug "GetDataFromYast: YCP: $_";
|
||||
my ($ycmd, $ypath, $yarg) = Immunix::Ycp::ParseCommand ($_);
|
||||
my ($ycmd, $ypath, $yarg) = ycp::ParseCommand($_);
|
||||
|
||||
if ($DEBUGGING) {
|
||||
my $debugmsg = Data::Dumper->Dump([$yarg], [qw(*data)]);
|
||||
@ -935,7 +993,7 @@ sub GetDataFromYast {
|
||||
|
||||
if ($ycmd && $ycmd eq "Write") {
|
||||
|
||||
Immunix::Ycp::Return("true");
|
||||
ycp::Return("true");
|
||||
return ($ypath, $yarg);
|
||||
|
||||
} else {
|
||||
@ -947,6 +1005,26 @@ sub GetDataFromYast {
|
||||
fatal_error "GetDataFromYast: didn't receive YCP command before connection died";
|
||||
}
|
||||
|
||||
sub confirm_and_abort {
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
|
||||
if ($ans eq "y") {
|
||||
UI_Info(gettext("Abandoning all changes."));
|
||||
shutdown_yast();
|
||||
exit 0;
|
||||
}
|
||||
}
|
||||
|
||||
sub confirm_and_finish {
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
|
||||
if ($ans eq "y") {
|
||||
UI_Info(gettext("Saving all changes."));
|
||||
|
||||
# need to wrap any calls to ui functions with eval { } blocks in order
|
||||
# to catch this exception
|
||||
die "FINISHING\n";
|
||||
}
|
||||
}
|
||||
|
||||
##########################################################################
|
||||
# this is the hideously ugly function that descends down the flow/event
|
||||
# trees that we've generated by parsing the logfile
|
||||
@ -1013,9 +1091,7 @@ sub handlechildren {
|
||||
$q->{functions} = [ ];
|
||||
push @{$q->{functions}}, "CMD_ADDHAT";
|
||||
push @{$q->{functions}}, "CMD_USEDEFAULT" if $defaulthat;
|
||||
push @{$q->{functions}}, "CMD_DENY";
|
||||
push @{$q->{functions}}, "CMD_ABORT";
|
||||
push @{$q->{functions}}, "CMD_FINISHED";
|
||||
push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
|
||||
|
||||
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ADDHAT" : "CMD_DENY";
|
||||
|
||||
@ -1037,21 +1113,6 @@ sub handlechildren {
|
||||
$hat = $defaulthat;
|
||||
} elsif ($ans eq "CMD_DENY") {
|
||||
return;
|
||||
} elsif($ans eq "CMD_ABORT") {
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Abandoning all changes."));
|
||||
shutdown_yast();
|
||||
exit 0;
|
||||
}
|
||||
} elsif($ans eq "CMD_FINISHED") {
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Saving all changes."));
|
||||
$finishing = 1;
|
||||
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
|
||||
goto SAVE_PROFILES;
|
||||
}
|
||||
}
|
||||
|
||||
} elsif ($type eq "capability") {
|
||||
@ -1208,9 +1269,7 @@ sub handlechildren {
|
||||
push @{$q->{functions}}, "CMD_INHERIT" if $options =~ /i/;
|
||||
push @{$q->{functions}}, "CMD_PROFILE" if $options =~ /p/;
|
||||
push @{$q->{functions}}, "CMD_UNCONFINED" if $options =~ /u/;
|
||||
push @{$q->{functions}}, "CMD_DENY";
|
||||
push @{$q->{functions}}, "CMD_ABORT";
|
||||
push @{$q->{functions}}, "CMD_FINISHED";
|
||||
push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
|
||||
|
||||
$q->{default} = $default;
|
||||
|
||||
@ -1222,24 +1281,7 @@ sub handlechildren {
|
||||
while ($ans !~ m/^CMD_(INHERIT|PROFILE|PROFILE_CLEAN|UNCONFINED|UNCONFINED_CLEAN|DENY)$/) {
|
||||
($ans, $arg) = UI_PromptUser($q);
|
||||
|
||||
# check for Abort or Finish
|
||||
if($ans eq "CMD_ABORT") {
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
|
||||
$DEBUGGING && debug "back from abort yesno";
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Abandoning all changes."));
|
||||
shutdown_yast();
|
||||
exit 0;
|
||||
}
|
||||
} elsif($ans eq "CMD_FINISHED") {
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Saving all changes."));
|
||||
$finishing = 1;
|
||||
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
|
||||
goto SAVE_PROFILES;
|
||||
}
|
||||
} elsif($ans eq "CMD_PROFILE") {
|
||||
if ($ans eq "CMD_PROFILE") {
|
||||
my $px_default = "n";
|
||||
my $px_mesg = gettext("Should AppArmor sanitize the environment when\nswitching profiles?\n\nSanitizing the environment is more secure,\nbut some applications depend on the presence\nof LD_PRELOAD or LD_LIBRARY_PATH.");
|
||||
if ($parent_uses_ld_xxx) {
|
||||
@ -1340,33 +1382,6 @@ sub handlechildren {
|
||||
}
|
||||
}
|
||||
|
||||
sub do_logprof_pass {
|
||||
my $logmark = shift || "";
|
||||
|
||||
# zero out the state variables for this pass...
|
||||
%t = ( );
|
||||
%transitions = ( );
|
||||
%seen = ( );
|
||||
%sd = ( );
|
||||
%profilechanges = ( );
|
||||
%prelog = ( );
|
||||
%log = ( );
|
||||
%changed = ( );
|
||||
%skip = ( );
|
||||
%variables = ( );
|
||||
|
||||
UI_Info(sprintf(gettext('Reading log entries from %s.'), $filename));
|
||||
UI_Info(sprintf(gettext('Updating AppArmor profiles in %s.'), $profiledir));
|
||||
|
||||
readprofiles();
|
||||
|
||||
my $seenmark = $logmark ? 0 : 1;
|
||||
|
||||
$sevdb = new Immunix::Severity("$confdir/severity.db", gettext("unknown"));
|
||||
|
||||
my @log;
|
||||
my %pid;
|
||||
|
||||
sub add_to_tree ($@) {
|
||||
my ($pid, $type, @event) = @_;
|
||||
|
||||
@ -1379,6 +1394,11 @@ sub do_logprof_pass {
|
||||
push @{$pid{$pid}}, [ $type, $pid, @event ];
|
||||
}
|
||||
|
||||
sub read_log {
|
||||
my $logmark = shift;
|
||||
|
||||
my $seenmark = $logmark ? 0 : 1;
|
||||
|
||||
my $stuffed = undef;
|
||||
my $last;
|
||||
# okay, done loading the previous profiles, get on to the good stuff...
|
||||
@ -1573,17 +1593,9 @@ sub do_logprof_pass {
|
||||
}
|
||||
}
|
||||
close(LOG);
|
||||
|
||||
for my $root (@log) {
|
||||
handlechildren(undef, undef, $root);
|
||||
}
|
||||
|
||||
for my $pid (sort { $a <=> $b } keys %profilechanges) {
|
||||
setprocess($pid, $profilechanges{$pid});
|
||||
}
|
||||
|
||||
collapselog();
|
||||
|
||||
sub ask_the_questions {
|
||||
my $found;
|
||||
|
||||
# do the magic foo-foo
|
||||
@ -1628,7 +1640,9 @@ sub do_logprof_pass {
|
||||
push @{$q->{headers}}, gettext("Capability"), $capability;
|
||||
push @{$q->{headers}}, gettext("Severity"), $severity;
|
||||
|
||||
$q->{functions} = [ "CMD_ALLOW", "CMD_DENY", "CMD_ABORT", "CMD_FINISHED" ];
|
||||
$q->{functions} = [
|
||||
"CMD_ALLOW", "CMD_DENY", "CMD_ABORT", "CMD_FINISHED"
|
||||
];
|
||||
|
||||
# complain-mode events default to allow - enforce defaults to deny
|
||||
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
|
||||
@ -1651,39 +1665,9 @@ sub do_logprof_pass {
|
||||
UI_Info(sprintf(gettext('Adding capability %s to profile.'), $capability));
|
||||
} elsif ($ans eq "CMD_DENY") {
|
||||
UI_Info(sprintf(gettext('Denying capability %s to profile.'), $capability));
|
||||
} elsif($ans eq "CMD_ABORT") {
|
||||
# if we're in yast, they've already been asked for confirmation
|
||||
if($UI_Mode eq "yast") {
|
||||
UI_Info(gettext("Abandoning all changes."));
|
||||
shutdown_yast();
|
||||
exit 0;
|
||||
}
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Abandoning all changes."));
|
||||
shutdown_yast();
|
||||
exit 0;
|
||||
} else {
|
||||
redo;
|
||||
}
|
||||
} elsif($ans eq "CMD_FINISHED") {
|
||||
# if we're in yast, they've already been asked for confirmation
|
||||
if($UI_Mode eq "yast") {
|
||||
UI_Info(gettext("Saving all changes."));
|
||||
$finishing = 1;
|
||||
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
|
||||
goto SAVE_PROFILES;
|
||||
}
|
||||
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Saving all changes."));
|
||||
$finishing = 1;
|
||||
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
|
||||
goto SAVE_PROFILES;
|
||||
} else {
|
||||
redo;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# and then step through all of the path entries...
|
||||
@ -1847,7 +1831,10 @@ sub do_logprof_pass {
|
||||
$q->{options} = [ @options ];
|
||||
$q->{selected} = $defaultoption - 1;
|
||||
|
||||
$q->{functions} = [ "CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW", "CMD_ABORT", "CMD_FINISHED" ];
|
||||
$q->{functions} = [
|
||||
"CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW",
|
||||
"CMD_ABORT", "CMD_FINISHED"
|
||||
];
|
||||
|
||||
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
|
||||
|
||||
@ -1964,21 +1951,6 @@ sub do_logprof_pass {
|
||||
}
|
||||
} elsif ($ans =~ /\d/) {
|
||||
$defaultoption = $ans;
|
||||
} elsif($ans eq "CMD_ABORT") {
|
||||
$ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Abandoning all changes."));
|
||||
shutdown_yast();
|
||||
exit 0;
|
||||
}
|
||||
} elsif($ans eq "CMD_FINISHED") {
|
||||
$ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
|
||||
if($ans eq "y") {
|
||||
UI_Info(gettext("Saving all changes."));
|
||||
$finishing = 1;
|
||||
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
|
||||
goto SAVE_PROFILES;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -2231,7 +2203,7 @@ sub readprofile ($$) {
|
||||
|
||||
# deal with whitespace in profile and hat names.
|
||||
$profile = $1 if $profile =~ /^"(.+)"$/;
|
||||
$hat = $1 if $hat =~ /^"(.+)"$/;
|
||||
$hat = $1 if $hat && $hat =~ /^"(.+)"$/;
|
||||
|
||||
# if we run into old-style hat declarations mark the profile as
|
||||
# changed so we'll write it out as new-style
|
||||
@ -2984,19 +2956,22 @@ sub Text_PromptUser ($) {
|
||||
my @menu_items;
|
||||
for my $cmd (@functions) {
|
||||
# make sure we know about this particular command
|
||||
fatal_error "PromptUser: Unknown command $cmd" unless $CMDS{$cmd};
|
||||
my $cmdmsg = "PromptUser: " . gettext("Unknown command") . " $cmd";
|
||||
fatal_error $cmdmsg unless $CMDS{$cmd};
|
||||
|
||||
# grab the localized text to use for the menu for this command
|
||||
my $menutext = gettext($CMDS{$cmd});
|
||||
|
||||
# figure out what the hotkey for this menu item is
|
||||
$menutext =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey in '$menutext'";
|
||||
my $menumsg = "PromptUser: " . gettext("Invalid hotkey in") . " '$menutext'";
|
||||
$menutext =~ /\((\S)\)/ or fatal_error $menumsg;
|
||||
|
||||
# we want case insensitive comparisons so we'll force things to lowercase
|
||||
my $key = lc($1);
|
||||
|
||||
# check if we're already using this hotkey for this prompt
|
||||
fatal_error "PromptUser: Duplicate hotkey for $cmd: $menutext" if $keys{$key};
|
||||
my $hotkeymsg = "PromptUser: " . gettext("Duplicate hotkey for") . " $cmd: $menutext";
|
||||
fatal_error $hotkeymsg if $keys{$key};
|
||||
|
||||
# keep track of which command they're picking if they hit this hotkey
|
||||
$keys{$key} = $cmd;
|
||||
@ -3014,12 +2989,14 @@ sub Text_PromptUser ($) {
|
||||
my $defaulttext = gettext($CMDS{$default});
|
||||
|
||||
# figure out what the hotkey for this menu item is
|
||||
$defaulttext =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey in default item '$defaulttext'";
|
||||
my $defmsg = "PromptUser: " . gettext("Invalid hotkey in default item") . " '$defaulttext'";
|
||||
$defaulttext =~ /\((\S)\)/ or fatal_error $defmsg;
|
||||
|
||||
# we want case insensitive comparisons so we'll force things to lowercase
|
||||
$default_key = lc($1);
|
||||
|
||||
fatal_error "PromptUser: Invalid default $default" unless $keys{$default_key};
|
||||
my $defkeymsg = "PromptUser: " . gettext("Invalid default") . " $default";
|
||||
fatal_error $defkeymsg;
|
||||
}
|
||||
|
||||
my $widest = 0;
|
||||
@ -3111,17 +3088,11 @@ sub Text_PromptUser ($) {
|
||||
# pull our command back from our hotkey map
|
||||
$ans = $keys{$ans} if $keys{$ans};
|
||||
|
||||
# if($options) {
|
||||
# die "ERROR: not looking for array when options passed" unless wantarray;
|
||||
if ($options) {
|
||||
return ($ans, $options->[$selected]);
|
||||
} else {
|
||||
return ($ans, $selected);
|
||||
}
|
||||
# } else {
|
||||
# die "ERROR: looking for list when options not passed" if wantarray;
|
||||
# return $ans;
|
||||
# }
|
||||
}
|
||||
|
||||
unless (-x $ldd) {
|
||||
|
@ -40,6 +40,8 @@
|
||||
CAP_IPC_LOCK 8
|
||||
CAP_SYS_TTY_CONFIG 8
|
||||
CAP_DAC_READ_SEARCH 7
|
||||
CAP_AUDIT_CONTROL 8
|
||||
CAP_AUDIT_WRITE 8
|
||||
# unused
|
||||
CAP_NET_BROADCAST 0
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user