From cc1c57727d1d713c9d19dd37c9ee02a787d570b0 Mon Sep 17 00:00:00 2001 From: Jamie Strandboge Date: Thu, 10 May 2012 06:43:52 -0700 Subject: [PATCH] utils/apparmor/sandbox.py: - print what template we are using on stdout - don't default to a specific template (may change in future) - add username to profile name --- utils/apparmor/sandbox.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/utils/apparmor/sandbox.py b/utils/apparmor/sandbox.py index ed1f147e4..b27ed21d0 100644 --- a/utils/apparmor/sandbox.py +++ b/utils/apparmor/sandbox.py @@ -12,6 +12,7 @@ from apparmor.common import AppArmorException, debug, error, cmd import apparmor.easyprof import optparse import os +import pwd import sys import tempfile import time @@ -59,7 +60,8 @@ def parse_args(args=None, parser=None): def gen_policy_name(binary): '''Generate a temporary policy based on the binary name''' # TODO: this may not be good enough - return "sandbox-%s" % (os.path.basename(binary)) + return "sandbox-%s-%s" % (pwd.getpwuid(os.getuid())[0], + os.path.basename(binary)) def aa_exec(command, opt): '''Execute binary under specified policy''' @@ -80,6 +82,7 @@ def aa_exec(command, opt): tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name) tmp.write(policy) tmp.flush() + debug("using '%s' template" % opt.template) rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name]) if rc != 0: raise AppArmorException("Could not load policy") @@ -96,7 +99,7 @@ def find_free_x_display(): def run_sandbox(command, opt): '''Run application''' # aa-exec - opt.ensure_value("template", "sandbox") + #opt.template = "sandbox-x" rc, report = aa_exec(command, opt) return rc, report @@ -161,7 +164,7 @@ def run_xsandbox(command, opt): time.sleep(0.2) # FIXME: detect if running # aa-exec - opt.ensure_value("template", "sandbox-x") + #opt.template = "sandbox-x" rc, report = aa_exec(command, opt) # reset environment