mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-10-09 13:46:31 +00:00
Code Issues Releases Wiki Activity

utils: split out aa-audit function

Browse Source 
This patch moves the audit functionality to an audit specific command
function.

As an aside, the -r option is left in place here, because aa-audit
is a bit orthogonal to aa-enforce, aa-complain, and aa-disable.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Steve Beattie
2014-03-06 11:52:00 -08:00
parent 0f32b02deb
commit d37de1fd46
2 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
utils/aa-audit
View File

@@ -29,9 +29,10 @@ parser.add_argument('--trace', action='store_true', help=_('Show full trace'))
args = parser.parse_args() args = parser.parse_args()
try: try:
audit = apparmor.tools.aa_tools('audit', args) tool = apparmor.tools.aa_tools('audit', args)
tool.cmd_audit()
audit.act()
except Exception as e: except Exception as e:
if not args.trace: if not args.trace:
print(e.value + "\n") print(e.value + "\n")

30
utils/apparmor/tools.py
View File

@@ -115,13 +115,6 @@ class aa_tools:
if not os.path.isfile(filename) or apparmor.is_skippable_file(filename): if not os.path.isfile(filename) or apparmor.is_skippable_file(filename):
aaui.UI_Info(_('Profile for %s not found, skipping') % program) aaui.UI_Info(_('Profile for %s not found, skipping') % program)
elif self.name == 'audit':
if not self.remove:
aaui.UI_Info(_('Setting %s to audit mode.') % program)
else:
aaui.UI_Info(_('Removing audit mode from %s.') % program)
apparmor.change_profile_flags(filename, program, 'audit', not self.remove)
else: else:
# One simply does not walk in here! # One simply does not walk in here!
raise apparmor.AppArmorException('Unknown tool: %s' % self.name) raise apparmor.AppArmorException('Unknown tool: %s' % self.name)
@@ -193,6 +186,29 @@ class aa_tools:
if cmd_info[0] != 0: if cmd_info[0] != 0:
raise apparmor.AppArmorException(cmd_info[1]) raise apparmor.AppArmorException(cmd_info[1])
def cmd_audit(self):
for (program, profile) in self.get_next_to_profile():
apparmor.read_profiles()
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
# keep this to allow toggling 'audit' flags
if not self.remove:
aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
else:
aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
apparmor.change_profile_flags(profile, program, 'audit', not self.remove)
# FIXME: this should be a profile_reload function/method
cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-r', profile])
if cmd_info[0] != 0:
raise apparmor.AppArmorException(cmd_info[1])
def clean_profile(self, program): def clean_profile(self, program):
filename = apparmor.get_profile_filename(program) filename = apparmor.get_profile_filename(program)
import apparmor.cleanprofile as cleanprofile import apparmor.cleanprofile as cleanprofile