[apparmor] [patch] aa-mergeprof: honor -d parameter
Christian Boltz
apparmor at cboltz.de
Tue Jul 29 11:08:36 UTC 2014
Hallo,
while testing aa-mergeprof, I noticed that the -d/--dir parameter is
ignored. This means the tempfile is created in /etc/apparmor.d, which
breaks if args.merged is on another partition or aa-mergeprof is run as
user.
This is a 90% fix - it works in most cases, but still can break if
the "merged" profile (first paramter) is in a different directory or
partition than what is specified in --dir.
We should probably change write_profile() (in aa.py) - instead of
newprof = tempfile.NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir)
it should use the dirname of prof_filename for dir=
=== modified file 'utils/aa-mergeprof'
--- utils/aa-mergeprof 2014-07-27 22:24:26 +0000
+++ utils/aa-mergeprof 2014-07-29 10:34:06 +0000
@@ -14,6 +14,7 @@
# ----------------------------------------------------------------------
import argparse
import re
+import os
import apparmor.aa
import apparmor.aamode
@@ -24,0 +25,0 @@
profiles = [args.mine, args.base, args.other]
+profiledir = args.dir
+if profiledir:
+ apparmor.aa.profile_dir = apparmor.aa.get_full_path(profiledir)
+ if not os.path.isdir(apparmor.aa.profile_dir):
+ raise apparmor.AppArmorException(_("%s is not a directory.") %profiledir)
+
def main():
mergeprofiles = Merge(profiles)
Regards,
Christian Boltz
--
Wenn derjenige hinterher herumjammert, "Zwar hängt jetzt das Bild, aber
ich habe ein Loch in der Wand und ein Nagel steht hervor...", dann habe
ich große Zweifel daran ob es so gut war, dass derjenige einen Hammer
und Nagel in die Hand bekommen hat. [Igor Sverkos in postfixbuch-users]
More information about the AppArmor
mailing list