mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Merge branch 'aa-status-exe' into 'master'

Browse Source 
aa-status: split profile from exec name

See merge request apparmor/apparmor!73

Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2018-03-01 22:23:25 +00:00
parent 41b6182019 735afbc947
commit b21b28f486
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
utils/aa-status
View File

@@ -76,8 +76,10 @@ def cmd_verbose():
# Sort by name, and then by pid # Sort by name, and then by pid
filtered_processes.sort(key=lambda x: int(x[0])) filtered_processes.sort(key=lambda x: int(x[0]))
filtered_processes.sort(key=lambda x: x[1]) filtered_processes.sort(key=lambda x: x[1])
for (pid, process) in filtered_processes: for (pid, profile, exe) in filtered_processes:
stdmsg(" %s (%s) " % (process, pid)) if exe == profile:
profile = ""
stdmsg(" %s (%s) %s" % (exe, pid, profile))
if profiles == {}: if profiles == {}:
sys.exit(2) sys.exit(2)
@@ -101,11 +103,12 @@ def cmd_json(pretty_output=False):
for status in ('enforce', 'complain', 'unconfined'): for status in ('enforce', 'complain', 'unconfined'):
filtered_processes = filter_processes(processes, status) filtered_processes = filter_processes(processes, status)
for (pid, process) in filtered_processes: for (pid, profile, exe) in filtered_processes:
if process not in i['processes']: if exe not in i['processes']:
i['processes'][process] = [] i['processes'][exe] = []
i['processes'][process].append({ i['processes'][exe].append({
'profile': profile,
'pid': pid, 'pid': pid,
'status': status 'status': status
}) })
@@ -161,12 +164,15 @@ def get_processes(profiles):
try: try:
for p in open("/proc/%s/attr/current" % filename).readlines(): for p in open("/proc/%s/attr/current" % filename).readlines():
match = re.search("^([^\(]+)\s+\((\w+)\)$", p) match = re.search("^([^\(]+)\s+\((\w+)\)$", p)
exe = os.path.realpath("/proc/%s/exe" % filename)
if match: if match:
processes[filename] = { 'profile' : match.group(1), \ processes[filename] = { 'profile' : match.group(1), \
'exe': exe, \
'mode' : match.group(2) } 'mode' : match.group(2) }
elif os.path.realpath("/proc/%s/exe" % filename) in profiles: elif exe in profiles:
# keep only unconfined processes that have a profile defined # keep only unconfined processes that have a profile defined
processes[filename] = { 'profile' : os.path.realpath("/proc/%s/exe" % filename), \ processes[filename] = { 'profile' : exe, \
'exe': exe, \
'mode' : 'unconfined' } 'mode' : 'unconfined' }
except: except:
pass pass
@@ -186,7 +192,7 @@ def filter_processes(processes, status):
filtered = [] filtered = []
for key, value in list(processes.items()): for key, value in list(processes.items()):
if value['mode'] == status: if value['mode'] == status:
filtered.append([key, value['profile']]) filtered.append([key, value['profile'], value['exe']])
return filtered return filtered
def find_apparmorfs(): def find_apparmorfs():