mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

utils/aa-sandbox: use msq() instead of print

Browse Source 
utils/apparmor/common.py: adjust for python3 (ie, make bi-lingual)
utils/apparmor/sandbox.py:
- set reasonable default template
- gen_policy_name() uses full pathname
- adjust for python3
This commit is contained in:
Jamie Strandboge 2012-08-23 17:12:14 -05:00
parent a995c08356
commit f826be087d
3 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils/aa-sandbox
View File

@ -33,5 +33,5 @@ if __name__ == "__main__":
else:
rc, report = apparmor.sandbox.run_sandbox(args, opt)
print report
apparmor.common.msg(report)
sys.exit(rc)

26
utils/apparmor/common.py
View File

@ -8,6 +8,7 @@
#
# ------------------------------------------------------------------
from __future__ import print_function
import subprocess
import sys
@ -30,7 +31,7 @@ class AppArmorException(Exception):
def error(out, exit_code=1, do_exit=True):
'''Print error message and exit'''
try:
print >> sys.stderr, "ERROR: %s" % (out)
print("ERROR: %s" % (out), file=sys.stderr)
except IOError:
pass
@ -40,14 +41,14 @@ def error(out, exit_code=1, do_exit=True):
def warn(out):
'''Print warning message'''
try:
print >> sys.stderr, "WARN: %s" % (out)
print("WARN: %s" % (out), file=sys.stderr)
except IOError:
pass
def msg(out, output=sys.stdout):
'''Print message'''
try:
print >> output, "%s" % (out)
print("%s" % (out), file=sys.stdout)
except IOError:
pass
@ -56,7 +57,7 @@ def debug(out):
global DEBUGGING
if DEBUGGING:
try:
print >> sys.stderr, "DEBUG: %s" % (out)
print("DEBUG: %s" % (out), file=sys.stderr)
except IOError:
pass
@ -66,20 +67,29 @@ def cmd(command):
try:
sp = subprocess.Popen(command, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
except OSError, ex:
except OSError as ex:
return [127, str(ex)]
out = sp.communicate()[0]
if sys.version_info[0] >= 3:
out = sp.communicate()[0].decode('ascii', 'ignore')
else:
out = sp.communicate()[0]
return [sp.returncode, out]
def cmd_pipe(command1, command2):
'''Try to pipe command1 into command2.'''
try:
sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE)
sp2 = subprocess.Popen(command2, stdin=sp1.stdout)
except OSError, ex:
except OSError as ex:
return [127, str(ex)]
out = sp2.communicate()[0]
if sys.version_info[0] >= 3:
out = sp2.communicate()[0].decode('ascii', 'ignore')
else:
out = sp2.communicate()[0]
return [sp2.returncode, out]

17
utils/apparmor/sandbox.py
View File

@ -13,6 +13,7 @@ import apparmor.easyprof
import optparse
import os
import pwd
import re
import sys
import tempfile
import time
@ -55,14 +56,19 @@ def parse_args(args=None, parser=None):
(my_opt, my_args) = parser.parse_args()
if my_opt.debug == True:
apparmor.common.DEBUGGING = True
if my_opt.template == "default":
if my_opt.withx:
my_opt.template = "sandbox-x"
else:
my_opt.template = "sandbox"
return (my_opt, my_args)
def gen_policy_name(binary):
'''Generate a temporary policy based on the binary name'''
# TODO: this may not be good enough
return "sandbox-%s-%s" % (pwd.getpwuid(os.getuid())[0],
os.path.basename(binary))
re.sub(r'/', '_', binary))
def aa_exec(command, opt):
'''Execute binary under specified policy'''
@ -81,7 +87,11 @@ def aa_exec(command, opt):
# TODO: get rid of sudo
tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name)
tmp.write(policy)
if sys.version_info[0] >= 3:
tmp.write(bytes(policy, 'utf-8'))
else:
tmp.write(policy)
tmp.flush()
debug("using '%s' template" % opt.template)
rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name])
@ -165,7 +175,6 @@ def run_xsandbox(command, opt):
time.sleep(0.2) # FIXME: detect if running
# aa-exec
#opt.template = "sandbox-x"
rc, report = aa_exec(command, opt)
# reset environment