Bump libapparmor's AA_LIB_REVISION in preparation for 2.8.2 release.

Bump common/Version in preparation for 2.8.2 release.

README

@@ -198,3 +198,21 @@ Building and Installing AppArmor Kernel Patches
 
 TODO
 
+
+-----------------
+Required versions
+-----------------
+
+The AppArmor userspace utilities are written with some assumptions about
+installed and available versions of other tools. This is a (possibly
+incomplete) list of known version dependencies:
+
+AppArmor.pm (used by aa-audit, aa-autodep, aa-complain, aa-disable,
+aa-enforce, aa-genprof, aa-logprof, aa-unconfined) requires minimum
+Perl 5.10.1.
+
+Python scripts require minimum Python 2.7. Some utilities may require
+Python 3.3. Python 3.0, 3.1, 3.2 are largely untested.
+
+Most shell scripts are written for POSIX-compatible sh. aa-decode expects
+bash, probably version 3.2 and higher.

common/Make.rules

@@ -32,6 +32,10 @@ ifndef AWK
 $(error awk utility required for build but not available)
 endif
 
+# Convenience functions
+pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH)))))
+map = $(foreach a,$(2),$(call $(1),$(a)))
+
 # OVERRIDABLE variables
 # Set these variables before including Make.rules to change its behavior
 #   SPECFILE - for packages that have a non-standard specfile name
@@ -132,6 +136,17 @@ endif
 
 endif
 
+ifndef PYTHON_VERSIONS
+PYTHON_VERSIONS = $(call map, pathsearch, python2 python3)
+endif
+
+ifndef PYTHON
+PYTHON = $(firstword ${PYTHON_VERSIONS})
+endif
+
+#Helper function to be used with $(call pyalldo, run_test_with_all.py)
+pyalldo=set -e; $(foreach py, $(PYTHON_VERSIONS), $(py) $(1);)
+
 .PHONY: version
 .SILENT: version
 version:

common/Version

@@ -1 +1 @@
-2.8.1
+2.8.2

libraries/libapparmor/m4/ac_python_devel.m4

@@ -17,9 +17,9 @@ AC_DEFUN([AC_PYTHON_DEVEL],[
         # Check for a version of Python >= 2.1.0
         #
         AC_MSG_CHECKING([for a version of Python >= '2.1.0'])
-        ac_supports_python_ver=`$PYTHON -c "import sys, string; \
-                ver = string.split(sys.version)[[0]]; \
-                print ver >= '2.1.0'"`
+        ac_supports_python_ver=`$PYTHON -c "import sys; \
+                ver = sys.version.split()[[0]]; \
+                sys.stdout.write(str(ver >= '2.1.0'))"`
         if test "$ac_supports_python_ver" != "True"; then
                 if test -z "$PYTHON_NOVERSIONCHECK"; then
                         AC_MSG_RESULT([no])
@@ -44,9 +44,9 @@ to something else than an empty string.
         #
         if test -n "$1"; then
                 AC_MSG_CHECKING([for a version of Python $1])
-                ac_supports_python_ver=`$PYTHON -c "import sys, string; \
-                        ver = string.split(sys.version)[[0]]; \
-                        print ver $1"`
+                ac_supports_python_ver=`$PYTHON -c "import sys; \
+                        ver = sys.version.split()[[0]]; \
+                        sys.stdout.write("%s\n" % (ver == $1))"`
                 if test "$ac_supports_python_ver" = "True"; then
                    AC_MSG_RESULT([yes])
                 else
@@ -79,9 +79,12 @@ $ac_distutils_result])
         # Check for Python include path
         #
         AC_MSG_CHECKING([for Python include path])
+        if type $PYTHON-config; then
+                PYTHON_CPPFLAGS=`$PYTHON-config --includes`
+        fi
         if test -z "$PYTHON_CPPFLAGS"; then
-                python_path=`$PYTHON -c "import distutils.sysconfig; \
-                        print distutils.sysconfig.get_python_inc();"`
+                python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
+sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
                 if test -n "${python_path}"; then
                         python_path="-I$python_path"
                 fi
@@ -94,25 +97,26 @@ $ac_distutils_result])
         # Check for Python library path
         #
         AC_MSG_CHECKING([for Python library path])
+        if type $PYTHON-config; then
+                PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
+        fi
         if test -z "$PYTHON_LDFLAGS"; then
                 # (makes two attempts to ensure we've got a version number
                 # from the interpreter)
-                py_version=`$PYTHON -c "from distutils.sysconfig import *; \
-                        from string import join; \
-                        print join(get_config_vars('VERSION'))"`
+                py_version=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
+sys.stdout.write('%s\n' % ''.join(get_config_vars('VERSION')))"`
                 if test "$py_version" == "[None]"; then
                         if test -n "$PYTHON_VERSION"; then
                                 py_version=$PYTHON_VERSION
                         else
                                 py_version=`$PYTHON -c "import sys; \
-                                        print sys.version[[:3]]"`
+sys.stdout.write("%s\n" % sys.version[[:3]])"`
                         fi
                 fi
 
-                PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \
-                        from string import join; \
-                        print '-L' + get_python_lib(0,1), \
-                        '-lpython';"`$py_version
+                PYTHON_LDFLAGS=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
+sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHON -c \
+"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
         fi
         AC_MSG_RESULT([$PYTHON_LDFLAGS])
         AC_SUBST([PYTHON_LDFLAGS])
@@ -122,8 +126,8 @@ $ac_distutils_result])
         #
         AC_MSG_CHECKING([for Python site-packages path])
         if test -z "$PYTHON_SITE_PKG"; then
-                PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
-                        print distutils.sysconfig.get_python_lib(0,0);"`
+                PYTHON_SITE_PKG=`$PYTHON -c "import sys; import distutils.sysconfig; \
+sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
         fi
         AC_MSG_RESULT([$PYTHON_SITE_PKG])
         AC_SUBST([PYTHON_SITE_PKG])
@@ -133,9 +137,9 @@ $ac_distutils_result])
         #
         AC_MSG_CHECKING(python extra libraries)
         if test -z "$PYTHON_EXTRA_LIBS"; then
-           PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
-                conf = distutils.sysconfig.get_config_var; \
-                print conf('LOCALMODLIBS'), conf('LIBS')"`
+           PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import distutils.sysconfig; \
+conf = distutils.sysconfig.get_config_var; \
+sys.stdout.write('%s %s\n' % (conf('LOCALMODLIBS'), conf('LIBS')))"`
         fi
         AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
         AC_SUBST(PYTHON_EXTRA_LIBS)
@@ -145,9 +149,9 @@ $ac_distutils_result])
         #
         AC_MSG_CHECKING(python extra linking flags)
         if test -z "$PYTHON_EXTRA_LDFLAGS"; then
-                PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import distutils.sysconfig; \
-                        conf = distutils.sysconfig.get_config_var; \
-                        print conf('LINKFORSHARED')"`
+                PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import distutils.sysconfig; \
+conf = distutils.sysconfig.get_config_var; \
+sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
         fi
         AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
         AC_SUBST(PYTHON_EXTRA_LDFLAGS)

libraries/libapparmor/src/Makefile.am

@@ -19,7 +19,7 @@ INCLUDES = $(all_includes)
 #    - set AA_LIB_AGE to 0.
 #
 AA_LIB_CURRENT = 1
-AA_LIB_REVISION = 3
+AA_LIB_REVISION = 4
 AA_LIB_AGE = 0
 
 SUFFIXES = .pc.in .pc

libraries/libapparmor/src/kernel_interface.c

@@ -279,7 +279,8 @@ int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode)
 	if (rc == -1) {
 		free(buffer);
 		*buf = NULL;
-		*mode = NULL;
+		if (mode)
+			*mode = NULL;
 	} else
 		*buf = buffer;
 

parser/parser_main.c

@@ -78,7 +78,7 @@ int preprocess_only = 0;
 int skip_mode_force = 0;
 struct timespec mru_tstamp;
 
-#define FLAGS_STRING_SIZE 1024
+#define FLAGS_STRING_SIZE 8192
 char *match_string = NULL;
 char *flags_string = NULL;
 char *cacheloc = NULL;
@@ -1087,8 +1087,7 @@ int process_profile(int option, char *profilename)
 	if ((profilename && option != OPTION_REMOVE) && !force_complain &&
 	    !skip_cache) {
 		if (cacheloc) {
-			cachename = strdup(cacheloc);
-			if (!cachename) {
+			if (asprintf(&cachename, "%s/%s", cacheloc, basename)<0) {
 				PERROR(_("Memory allocation error."));
 				exit(1);
 			}
@@ -1107,7 +1106,7 @@ int process_profile(int option, char *profilename)
 		}
 		if (write_cache) {
 			/* Otherwise, set up to save a cached copy */
-			if (asprintf(&cachetemp, "%s/%s/%s-XXXXXX", basedir, "cache", basename)<0) {
+			if (asprintf(&cachetemp, "%s-XXXXXX", cachename)<0) {
 				perror("asprintf");
 				exit(1);
 			}
@@ -1165,8 +1164,11 @@ out:
 		}
 
 		if (useable_cache) {
-			rename(cachetemp, cachename);
-			if (show_cache)
+			if (rename(cachetemp, cachename) < 0) {
+				pwarn("Warning failed to write cache: %s\n", cachename);
+				unlink(cachetemp);
+			}
+			else if (show_cache)
 				PERROR("Wrote cache: %s\n", cachename);
 		}
 		else {

parser/tst/caching.sh

@@ -12,7 +12,8 @@ fi
 
 # fake base directory
 basedir=$(mktemp -d -t aa-cache-XXXXXX)
-trap "rm -rf $basedir" EXIT
+altcachedir=$(mktemp -d -t aa-alt-cache-XXXXXXXX)
+trap "rm -rf $basedir $altcachedir" EXIT
 mkdir -p $basedir/cache
 
 ARGS="--base $basedir --skip-kernel-load"
@@ -158,3 +159,13 @@ echo "ok"
 echo -n "Cache reading is skipped when parser in \$PATH is newer: "
 (PATH=$basedir/parser/ /bin/sh -c "apparmor_parser $ARGS -v -r $basedir/$profile") | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
 echo "ok"
+
+echo -n "Profiles are cached in alternate location when requested: "
+../apparmor_parser $ARGS -q --write-cache --cache-loc $altcachedir -r $basedir/$profile
+[ ! -f $altcachedir/$profile ] && echo "FAIL ($altcachedir/$profile does not exist)" && exit 1
+echo "ok"
+
+echo -n "Cache is loaded from alt location when it exists and features match: "
+../apparmor_parser $ARGS -v -r $basedir/$profile --cache-loc $altcachedir | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
+echo "ok"
+

profiles/apparmor.d/abstractions/audio

@@ -55,6 +55,9 @@ owner /{run,dev}/shm/pulse-shm* rwk,
 owner @{HOME}/.pulse-cookie rwk,
 owner @{HOME}/.pulse/ rw,
 owner @{HOME}/.pulse/* rwk,
+owner /{,var/}run/user/*/pulse/  rw,
+owner /{,var/}run/user/*/pulse/* rwk,
+owner @{HOME}/.config/pulse/cookie rwk,
 owner /tmp/pulse-*/ rw,
 owner /tmp/pulse-*/* rw,
 

profiles/apparmor.d/abstractions/base

@@ -100,6 +100,9 @@
   # glibc statvfs
   @{PROC}/filesystems            r,
 
+  # glibc malloc (man 5 proc)
+  @{PROC}/sys/vm/overcommit_memory r,
+
   # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
   # filesystems generally. This does not appreciably decrease security with
   # Ubuntu profiles because the user is expected to have access to files owned

profiles/apparmor.d/abstractions/fonts

@@ -18,6 +18,7 @@
   /usr/share/fonts/**                   r,
 
   /etc/fonts/**                         r,
+  /usr/share/fontconfig/conf.avail/**   r,
 
   /opt/kde3/share/fonts/**              r,
 
@@ -30,7 +31,9 @@
   /usr/share/a2ps/fonts/**              r,
   /usr/share/xfce/fonts/**              r,
   /usr/share/ghostscript/fonts/**       r,
+  /usr/share/javascript/*/fonts/**      r,
   /usr/share/texmf/{,*/}fonts/**        r,
+  /usr/share/texlive/texmf-dist/fonts/** r,
   /var/lib/ghostscript/**               r,
 
   @{HOME}/.fonts.conf                   r,
@@ -44,3 +47,6 @@
 
   /usr/local/share/fonts/               r,
   /usr/local/share/fonts/**             r,
+
+  # poppler CMap tables
+  /usr/share/poppler/cMap/**            r,

profiles/apparmor.d/abstractions/gnome

@@ -83,6 +83,3 @@
   # mime-types
   /etc/gnome/defaults.list r,
   /usr/share/gnome/applications/mimeinfo.cache r,
-
-  # poppler CMap tables
-  /usr/share/poppler/cMap/** r,

profiles/apparmor.d/abstractions/mysql

@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2006 Novell/SUSE
+#    Copyright (C) 2013 Christian Boltz
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -9,5 +10,6 @@
 # ------------------------------------------------------------------
 
    /var/lib/mysql/mysql.sock rw,
-   /usr/share/mysql/charsets/ r,
-   /usr/share/mysql/charsets/*.xml r,
+   /{var/,}run/mysql/mysql.sock rw,
+   /usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
+   /usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,

profiles/apparmor.d/abstractions/private-files

@@ -15,6 +15,8 @@
   # special attention to (potentially) executable files
   audit deny @{HOME}/bin/** wl,
   audit deny @{HOME}/.config/autostart/** wl,
+  audit deny @{HOME}/.config/upstart/** wl,
+  audit deny @{HOME}/.init/** wl,
   audit deny @{HOME}/.kde{,4}/Autostart/** wl,
   audit deny @{HOME}/.kde{,4}/env/** wl,
   audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,

profiles/apparmor.d/abstractions/private-files-strict

@@ -8,6 +8,7 @@
   audit deny @{HOME}/.gnupg/** mrwkl,
   audit deny @{HOME}/.ssh/** mrwkl,
   audit deny @{HOME}/.gnome2_private/** mrwkl,
+  audit deny @{HOME}/.gnome2/keyrings/** mrwkl,
   audit deny @{HOME}/.mozilla/** mrwkl,
   audit deny @{HOME}/.config/chromium/** mrwkl,
   audit deny @{HOME}/.{,mozilla-}thunderbird/** mrwkl,

profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration

@@ -20,6 +20,7 @@
   # File managers
   /usr/bin/nautilus Cxr -> sanitized_helper,
   /usr/bin/{t,T}hunar Cxr -> sanitized_helper,
+  /usr/bin/dolphin Cxr -> sanitized_helper,
 
   # Themes
   /usr/bin/gnome-appearance-properties Cxr -> sanitized_helper,

profiles/apparmor.d/usr.sbin.nscd

@@ -16,6 +16,7 @@
   #include <abstractions/nameservice>
   #include <abstractions/ssl_certs>
 
+  deny capability block_suspend,
   capability net_bind_service,
   capability setgid,
   capability setuid,
@@ -31,9 +32,9 @@
   /{,var/}run/.nscd_socket wl,
   /{,var/}run/avahi-daemon/socket w,
   /{,var/}run/nscd/ rw,
-  /{,var/}run/nscd/db* wl,
+  /{,var/}run/nscd/db* rwl,
   /{,var/}run/nscd/socket wl,
-  /var/{cache,run}/nscd/{passwd,group,services,hosts} rw,
+  /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
   /{,var/}run/{nscd/,}nscd.pid rwl,
   /var/log/nscd.log rw,
   @{PROC}/[0-9]*/fd/ r,
@@ -41,6 +42,7 @@
   @{PROC}/[0-9]*/maps r,
   @{PROC}/[0-9]*/mounts r,
   @{PROC}/filesystems r,
+  @{PROC}/sys/vm/overcommit_memory r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.nscd>

utils/Immunix/AppArmor.pm

@@ -3879,8 +3879,8 @@ sub ask_the_questions() {
                                             $newpath =~ s/\/[^\/]+$/\/\*/;
                                         }
                                     }
-                                    if ($newpath ne $selected) {
-                                        push @options, $newpath;
+                                    if (not $newpath ~~ @options) {
+                                        push @options, $newpath;	
                                         $defaultoption = $#options + 1;
                                     }
                                 }
@@ -3896,7 +3896,7 @@ sub ask_the_questions() {
                                     } else {
                                         $newpath =~ s/\/[^\/]+(\.[^\/]+)$/\/\*$1/;
                                     }
-                                    if ($newpath ne $selected) {
+                                    if (not $newpath ~~ @options) {
                                         push @options, $newpath;
                                         $defaultoption = $#options + 1;
                                     }

utils/Makefile

@@ -65,7 +65,7 @@ install: ${MANPAGES} ${HTMLMANPAGES}
 	$(MAKE) install_manpages DESTDIR=${DESTDIR}
 	$(MAKE) -C vim install DESTDIR=${DESTDIR}
 	ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
-	python ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --version=${VERSION}
+	${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --version=${VERSION}
 
 .PHONY: clean
 ifndef VERBOSE
@@ -105,6 +105,4 @@ check: check_severity_db
 		test -s $$tmpfile && cat $$tmpfile && rm -f $$tmpfile && exit 1; \
 	done || true; \
 	rm -f $$tmpfile
-	for i in test/* ; do \
-		python $$i || exit 1; \
-	done
+	$(foreach test, $(wildcard test/test-*.py), $(call pyalldo, $(test)))

utils/aa-easyprof

@@ -35,7 +35,7 @@ if __name__ == "__main__":
 
     try:
         easyp = apparmor.easyprof.AppArmorEasyProfile(binary, opt)
-    except AppArmorException, e:
+    except AppArmorException as e:
         error(e.value)
     except Exception:
         raise
@@ -61,5 +61,5 @@ if __name__ == "__main__":
     # if we made it here, generate a profile
     params = apparmor.easyprof.gen_policy_params(binary, opt)
     p = easyp.gen_policy(**params)
-    print p,
+    sys.stdout.write('%s\n' % p)
 

utils/apparmor/easyprof.py

@@ -8,6 +8,8 @@
 #
 # ------------------------------------------------------------------
 
+from __future__ import with_statement
+
 import codecs
 import glob
 import optparse
@@ -40,7 +42,7 @@ DEBUGGING = False
 def error(out, exit_code=1, do_exit=True):
     '''Print error message and exit'''
     try:
-        print >> sys.stderr, "ERROR: %s" % (out)
+        sys.stderr.write("ERROR: %s\n" % (out))
     except IOError:
         pass
 
@@ -51,7 +53,7 @@ def error(out, exit_code=1, do_exit=True):
 def warn(out):
     '''Print warning message'''
     try:
-        print >> sys.stderr, "WARN: %s" % (out)
+        sys.stderr.write("WARN: %s\n" % (out))
     except IOError:
         pass
 
@@ -59,7 +61,7 @@ def warn(out):
 def msg(out, output=sys.stdout):
     '''Print message'''
     try:
-        print >> output, "%s" % (out)
+        sys.stdout.write("%s\n" % (out))
     except IOError:
         pass
 
@@ -70,7 +72,7 @@ def cmd(command):
     try:
         sp = subprocess.Popen(command, stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
-    except OSError, ex:
+    except OSError as ex:
         return [127, str(ex)]
 
     out = sp.communicate()[0]
@@ -82,7 +84,7 @@ def cmd_pipe(command1, command2):
     try:
         sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE)
         sp2 = subprocess.Popen(command2, stdin=sp1.stdout)
-    except OSError, ex:
+    except OSError as ex:
         return [127, str(ex)]
 
     out = sp2.communicate()[0]
@@ -93,7 +95,7 @@ def debug(out):
     '''Print debug message'''
     if DEBUGGING:
         try:
-            print >> sys.stderr, "DEBUG: %s" % (out)
+            sys.stderr.write("DEBUG: %s\n" % (out))
         except IOError:
             pass
 
@@ -181,6 +183,8 @@ def verify_policy(policy):
         fn = policy
     else:
         f, fn = tempfile.mkstemp(prefix='aa-easyprof')
+        if not isinstance(policy, bytes):
+            policy = policy.encode('utf-8')
         os.write(f, policy)
         os.close(f)
 
@@ -219,9 +223,9 @@ class AppArmorEasyProfile:
         if opt.policy_groups_dir and os.path.isdir(opt.policy_groups_dir):
             self.dirs['policygroups'] = os.path.abspath(opt.policy_groups_dir)
 
-        if not self.dirs.has_key('templates'):
+        if not 'templates' in self.dirs:
             raise AppArmorException("Could not find templates directory")
-        if not self.dirs.has_key('policygroups'):
+        if not 'policygroups' in self.dirs:
             raise AppArmorException("Could not find policygroups directory")
 
         self.aa_topdir = "/etc/apparmor.d"
@@ -445,11 +449,12 @@ class AppArmorEasyProfile:
 
 def print_basefilenames(files):
     for i in files:
-        print "%s" % (os.path.basename(i))
+        sys.stdout.write("%s\n" % (os.path.basename(i)))
 
 def print_files(files):
     for i in files:
-        print open(i).read()
+        with open(i) as f:
+            sys.stdout.write(f.read()+"\n")
 
 def parse_args(args=None):
     '''Parse arguments'''

utils/po/hu.po

@@ -333,11 +333,11 @@ msgstr ""
 
 #: ../AppArmor.pm:1379 ../AppArmor.pm:1419
 msgid "(Y)es"
-msgstr "Igen"
+msgstr "(I)gen"
 
 #: ../AppArmor.pm:1380 ../AppArmor.pm:1420
 msgid "(N)o"
-msgstr "Nem"
+msgstr "(N)em"
 
 #: ../AppArmor.pm:1383 ../AppArmor.pm:1424
 msgid "Invalid hotkey for"

utils/test/test-aa-easyprof.py

@@ -101,6 +101,7 @@ TEMPLATES_DIR="%s/templates"
     def tearDown(self):
         '''Teardown for tests'''
         if os.path.exists(self.tmpdir):
+            sys.stdout.write("%s\n" % self.tmpdir)
             recursive_rm(self.tmpdir)
 
 #
@@ -328,7 +329,7 @@ POLICYGROUPS_DIR="%s/templates"
     def test_binary_symlink(self):
         '''Test binary (symlink)'''
         exe = os.path.join(self.tmpdir, 'exe')
-        open(exe, 'wa').close()
+        open(exe, 'a').close()
         symlink = exe + ".lnk"
         os.symlink(exe, symlink)
 
@@ -441,7 +442,7 @@ POLICYGROUPS_DIR="%s/templates"
         self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
 
         if debugging:
-            print p
+            sys.stdout.write("%s\n" % p)
 
         return p
 
@@ -859,7 +860,7 @@ if __name__ == '__main__':
     # Create the necessary files to import aa-easyprof
     init = os.path.join(os.path.dirname(absfn), '__init__.py')
     if not os.path.exists(init):
-        open(init, 'wa').close()
+        open(init, 'a').close()
         created.append(init)
 
     symlink = os.path.join(os.path.dirname(absfn), 'easyprof.py')

utils/vim/Makefile

@@ -14,12 +14,15 @@ VIM_INSTALL_PATH=${DESTDIR}/usr/share/apparmor
 all: apparmor.vim
 
 apparmor.vim: apparmor.vim.in Makefile create-apparmor.vim.py
-	python create-apparmor.vim.py > $@
+	${PYTHON} create-apparmor.vim.py > apparmor.vim
 
 install: apparmor.vim
 	install -d $(VIM_INSTALL_PATH)
 	install -m 644 $< $(VIM_INSTALL_PATH)
 
+test: apparmor.vim.in Makefile create-apparmor.vim.py
+	#Testing with all pythons
+	$(call pyalldo, create-apparmor.vim.py > /dev/null)
 
 clean:
 	rm -f apparmor.vim common

utils/vim/create-apparmor.vim.py

@@ -10,7 +10,6 @@
 #    Christian Boltz <apparmor@cboltz.de>
 
 from __future__ import with_statement
-import os
 import re
 import subprocess
 import sys
@@ -30,9 +29,9 @@ def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.P
     return a textual error if it failed.'''
 
     try:
-        sp = subprocess.Popen(command, stdin=stdin, stdout=stdout, stderr=stderr, close_fds=True)
-    except OSError, e:
-        return [127, str(e)]
+        sp = subprocess.Popen(command, stdin=stdin, stdout=stdout, stderr=stderr, close_fds=True, universal_newlines=True)
+    except OSError as ex:
+        return [127, str(ex)]
 
     out, outerr = sp.communicate(input)
 
@@ -47,7 +46,7 @@ def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.P
 # get capabilities list
 (rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities'])
 if rc != 0:
-    print >>sys.stderr, ("make list_capabilities failed: " + output)
+    sys.stderr.write("make list_capabilities failed: " + output)
     exit(rc)
 
 capabilities = re.sub('CAP_', '', output.strip()).lower().split(" ")
@@ -59,7 +58,7 @@ for cap in capabilities:
 # get network protos list
 (rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_af_names'])
 if rc != 0:
-    print >>sys.stderr, ("make list_af_names failed: " + output)
+    sys.stderr.write("make list_af_names failed: " + output)
     exit(rc)
 
 af_names = []
@@ -105,7 +104,7 @@ aa_regex_map = {
 }
 
 def my_repl(matchobj):
-    #print matchobj.group(1)
+    matchobj.group(1)
     if matchobj.group(1) in aa_regex_map:
         return aa_regex_map[matchobj.group(1)]
 
@@ -113,7 +112,7 @@ def my_repl(matchobj):
 
 regex = "@@(" + "|".join(aa_regex_map) + ")@@"
 
-with file("apparmor.vim.in") as template:
+with open("apparmor.vim.in") as template:
     for line in template:
         line = re.sub(regex, my_repl, line.rstrip())
-        print line
+        sys.stdout.write('%s\n' % line)