mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

utils/aa-sandbox: use msq() instead of print

Browse Source 
utils/apparmor/common.py: adjust for python3 (ie, make bi-lingual)
utils/apparmor/sandbox.py:
- set reasonable default template
- gen_policy_name() uses full pathname
- adjust for python3
This commit is contained in:
Jamie Strandboge 2012-08-23 17:12:14 -05:00
parent a995c08356
commit f826be087d
3 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils/aa-sandbox
View File

@ -33,5 +33,5 @@ if __name__ == "__main__":
else: else:
rc, report = apparmor.sandbox.run_sandbox(args, opt) rc, report = apparmor.sandbox.run_sandbox(args, opt)
print report apparmor.common.msg(report)
sys.exit(rc) sys.exit(rc)

26
utils/apparmor/common.py
View File

@ -8,6 +8,7 @@
# #
# ------------------------------------------------------------------ # ------------------------------------------------------------------
from __future__ import print_function
import subprocess import subprocess
import sys import sys
@ -30,7 +31,7 @@ class AppArmorException(Exception):
def error(out, exit_code=1, do_exit=True): def error(out, exit_code=1, do_exit=True):
'''Print error message and exit''' '''Print error message and exit'''
try: try:
print >> sys.stderr, "ERROR: %s" % (out) print("ERROR: %s" % (out), file=sys.stderr)
except IOError: except IOError:
pass pass
@ -40,14 +41,14 @@ def error(out, exit_code=1, do_exit=True):
def warn(out): def warn(out):
'''Print warning message''' '''Print warning message'''
try: try:
print >> sys.stderr, "WARN: %s" % (out) print("WARN: %s" % (out), file=sys.stderr)
except IOError: except IOError:
pass pass
def msg(out, output=sys.stdout): def msg(out, output=sys.stdout):
'''Print message''' '''Print message'''
try: try:
print >> output, "%s" % (out) print("%s" % (out), file=sys.stdout)
except IOError: except IOError:
pass pass
@ -56,7 +57,7 @@ def debug(out):
global DEBUGGING global DEBUGGING
if DEBUGGING: if DEBUGGING:
try: try:
print >> sys.stderr, "DEBUG: %s" % (out) print("DEBUG: %s" % (out), file=sys.stderr)
except IOError: except IOError:
pass pass
@ -66,20 +67,29 @@ def cmd(command):
try: try:
sp = subprocess.Popen(command, stdout=subprocess.PIPE, sp = subprocess.Popen(command, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT) stderr=subprocess.STDOUT)
except OSError, ex: except OSError as ex:
return [127, str(ex)] return [127, str(ex)]
out = sp.communicate()[0] if sys.version_info[0] >= 3:
out = sp.communicate()[0].decode('ascii', 'ignore')
else:
out = sp.communicate()[0]
return [sp.returncode, out] return [sp.returncode, out]
def cmd_pipe(command1, command2): def cmd_pipe(command1, command2):
'''Try to pipe command1 into command2.''' '''Try to pipe command1 into command2.'''
try: try:
sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE) sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE)
sp2 = subprocess.Popen(command2, stdin=sp1.stdout) sp2 = subprocess.Popen(command2, stdin=sp1.stdout)
except OSError, ex: except OSError as ex:
return [127, str(ex)] return [127, str(ex)]
out = sp2.communicate()[0] if sys.version_info[0] >= 3:
out = sp2.communicate()[0].decode('ascii', 'ignore')
else:
out = sp2.communicate()[0]
return [sp2.returncode, out] return [sp2.returncode, out]

17
utils/apparmor/sandbox.py
View File

@ -13,6 +13,7 @@ import apparmor.easyprof
import optparse import optparse
import os import os
import pwd import pwd
import re
import sys import sys
import tempfile import tempfile
import time import time
@ -55,14 +56,19 @@ def parse_args(args=None, parser=None):
(my_opt, my_args) = parser.parse_args() (my_opt, my_args) = parser.parse_args()
if my_opt.debug == True: if my_opt.debug == True:
apparmor.common.DEBUGGING = True apparmor.common.DEBUGGING = True
if my_opt.template == "default":
if my_opt.withx:
my_opt.template = "sandbox-x"
else:
my_opt.template = "sandbox"
return (my_opt, my_args) return (my_opt, my_args)
def gen_policy_name(binary): def gen_policy_name(binary):
'''Generate a temporary policy based on the binary name''' '''Generate a temporary policy based on the binary name'''
# TODO: this may not be good enough
return "sandbox-%s-%s" % (pwd.getpwuid(os.getuid())[0], return "sandbox-%s-%s" % (pwd.getpwuid(os.getuid())[0],
os.path.basename(binary)) re.sub(r'/', '_', binary))
def aa_exec(command, opt): def aa_exec(command, opt):
'''Execute binary under specified policy''' '''Execute binary under specified policy'''
@ -81,7 +87,11 @@ def aa_exec(command, opt):
# TODO: get rid of sudo # TODO: get rid of sudo
tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name) tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name)
tmp.write(policy) if sys.version_info[0] >= 3:
tmp.write(bytes(policy, 'utf-8'))
else:
tmp.write(policy)
tmp.flush() tmp.flush()
debug("using '%s' template" % opt.template) debug("using '%s' template" % opt.template)
rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name]) rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name])
@ -165,7 +175,6 @@ def run_xsandbox(command, opt):
time.sleep(0.2) # FIXME: detect if running time.sleep(0.2) # FIXME: detect if running
# aa-exec # aa-exec
#opt.template = "sandbox-x"
rc, report = aa_exec(command, opt) rc, report = aa_exec(command, opt)
# reset environment # reset environment