[apparmor] aa-enabled

John Johansen john.johansen at canonical.com
Wed Nov 25 00:14:27 UTC 2015 

>> Nice trick - you are using libapparmor to hide most of the code ;-)
>> (that's not really bad because it avoids code duplication, but makes the 
>> comparison a bit unfair ;-)
>>
>> Oh, and the C code has a bug - like aa-status --enabled, aa-enabled 
>> should only set the exitcode, but not print anything.
>>
>> Anyway, I can live with both solutions as long as we get aa-enabled 
>> added ;-)
>>
> hrmmm, I think I'd rather leaving human readable output as the default
> and having a quiet flag for just the error code.
> 
> since we are replacing
>   aa-status --enabled
> I don't see how
>   aa-enabled --quiet
> is any worse, and then a user can also easily use the tool
> 
> 
and along those lines, here is a v2

---


#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <libintl.h>
#define _(s) gettext(s)

#include <sys/apparmor.h>
void print_help(const char *command)
{
	printf(_("%s: [options]\n"
		 "  options:\n"
		 "  -q | --quiet		don't print out any messages\n"
		 "  -h | --help		print help\n"),
	       command);
	exit(1);
}

int main(int argc, char **argv)
{
	int quiet = 0;
	
	if (argc > 2) {
		printf(_("unknown options\n"));
		print_help(argv[0]);
		return 1;
	} else if (argc == 2) {
		if (strcmp(argv[1], "--quiet") == 0 ||
		    strcmp(argv[1], "-q") == 0) {
			quiet = 1;
		} else if (strcmp(argv[1], "--help") == 0 ||
			   strcmp(argv[1], "-h") == 0) {
			print_help(argv[0]);
		} else {
			printf(_("unknown option '%s'\n"), argv[1]);
			print_help(argv[0]);
		}
	}

	if (aa_is_enabled()) {
		if (!quiet)
			printf(_("Yes\n"));
		return 0;
	}

	if (!quiet) {
		switch(errno) {
		case ENOSYS:
			printf(_("No - not available on this system.\n"));
			break;
		case ECANCELED:
			printf(_("No - disabled at boot.\n"));
			break;
		case ENOENT:
			printf(_("Maybe - policy interface not available.\n"));
			break;
		case EPERM:
		case EACCES:
			printf(_("Maybe - insufficient permissions to determine availability.\n"));
			break;
		default:
			printf(_("No\n"));
		}
	}

	return errno;
}

More information about the AppArmor mailing list