[apparmor] [patch 3/3] use capability rule class in aa.py and cleanprof.py

Christian Boltz apparmor at cboltz.de
Thu Nov 27 20:08:42 UTC 2014 

Hello,

Am Dienstag, 25. November 2014 schrieb Steve Beattie:
> On Sun, Nov 23, 2014 at 01:01:31AM +0100, Christian Boltz wrote:
> > Am Freitag, 21. November 2014 schrieb Steve Beattie:
> > > On Sat, Nov 15, 2014 at 11:46:41PM +0100, Christian Boltz wrote:

> So while testing with the v3 versions of the patches applied, the
> delete_all_rules() invocation is getting called on non-capability
> segments (or else the capability key is getting a hasher wrongly
> assigned to it); e.g.:

> File "/home/ubuntu/bzr/apparmor/utils/apparmor/aa.py", line 4198, in
> serialize_profile_from_old_profile
> write_prof_data[name][segs].delete_all_rules()
>   AttributeError: 'collections.defaultdict' object has no attribute
> 'delete_all_rules'
> 
> That's from running aa-logprof with added child execs and an added
> file rule.

Nice catch, fixed.

> I *really* don't get how serialize_profile_from_old_profile() "works",
> so I'm not quite sure what's going wrong or why.

Yes, serialize_profile_from_old_profile() is indeed not easy to 
understand - it also took me some time. We'll have to rewrite that 
function one day. ;-)


The updated patch (v4) is attached.

Changes since v3:
- document keys used in aa[profile][hat]
- fix crash in write_capabilities()
- improve resetting capability ruleset object in write_prior_segments()
  and serialize_profile_from_old_profile() (includes correct handling 
  for include rules "for free")


The usual line statistics:
v4-1-add-base-and-capability-rule-class.diff - 371 lines added, 0 removed
v4-2-add-capability-rule-test.diff - 806 lines added, 0 removed
v4-3-use-capability-rule-class.diff - 68 lines added, 112 removed


Regards,

Christian Boltz
-- 
["Glatzen"] Man verkloppt keine behinderte Menschen.
Neulich in der U-Bahn saß eine Omi neben so einem armen Menschen und sah
ihn sehr nachdenklich an, strich mit der Hand über die Glatze und sagt:
Du armer Mensch, erst die schwere Chemotherapie und dann muß du auch
noch diese schweren orthopädischen Schuhe tragen".
[Rolf-Hubert Pobloth in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v4-3-use-capability-rule-class.diff
Type: text/x-patch
Size: 16552 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141127/e2cd7b1d/attachment.bin>

More information about the AppArmor mailing list