[apparmor] aa-enabled

Seth Arnold seth.arnold at canonical.com
Wed Nov 25 04:55:15 UTC 2015 

On Tue, Nov 24, 2015 at 04:14:27PM -0800, John Johansen wrote:
> and along those lines, here is a v2

Woo, this is great.

main() is missing this bit of code (which I stole from apparmor_parser's
parser_main.c):

        setlocale(LC_MESSAGES, "");
        bindtextdomain(PACKAGE, LOCALEDIR);
        textdomain(PACKAGE);

> 
> 
> #include <errno.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #include <libintl.h>
> #define _(s) gettext(s)
> 
> #include <sys/apparmor.h>
> void print_help(const char *command)
> {
> 	printf(_("%s: [options]\n"
> 		 "  options:\n"
> 		 "  -q | --quiet		don't print out any messages\n"
> 		 "  -h | --help		print help\n"),
> 	       command);

Do these line up in the output? email always makes it hard to tell when
whitespace works out well or not.

> 	exit(1);
> }
> 
> int main(int argc, char **argv)
> {
> 	int quiet = 0;
> 	
> 	if (argc > 2) {
> 		printf(_("unknown options\n"));
> 		print_help(argv[0]);
> 		return 1;

print_help() doesn't return, you can remove the return 1; here.

> 	} else if (argc == 2) {
> 		if (strcmp(argv[1], "--quiet") == 0 ||
> 		    strcmp(argv[1], "-q") == 0) {
> 			quiet = 1;
> 		} else if (strcmp(argv[1], "--help") == 0 ||
> 			   strcmp(argv[1], "-h") == 0) {
> 			print_help(argv[0]);
> 		} else {
> 			printf(_("unknown option '%s'\n"), argv[1]);
> 			print_help(argv[0]);
> 		}
> 	}
> 
> 	if (aa_is_enabled()) {
> 		if (!quiet)
> 			printf(_("Yes\n"));
> 		return 0;
> 	}
> 
> 	if (!quiet) {
> 		switch(errno) {
> 		case ENOSYS:
> 			printf(_("No - not available on this system.\n"));
> 			break;
> 		case ECANCELED:
> 			printf(_("No - disabled at boot.\n"));
> 			break;
> 		case ENOENT:
> 			printf(_("Maybe - policy interface not available.\n"));
> 			break;
> 		case EPERM:
> 		case EACCES:
> 			printf(_("Maybe - insufficient permissions to determine availability.\n"));
> 			break;
> 		default:
> 			printf(_("No\n"));
> 		}
> 	}
> 
> 	return errno;

I think we ought to save aside the errno before the printf() calls; if
something called by printf() fails, or if printf() itself fails, the
return value here may not be the one we intend to return.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151124/44d572e1/attachment.pgp>

More information about the AppArmor mailing list