[Apparmor-dev] Re: Fix SubDomain.pm to not fail when extras/
doesn't exist
Dominic Reynolds
dreynolds at suse.de
Thu Sep 20 10:50:36 MDT 2007
Hi Mathias,
Thanks for the fix for this. I think that we need to look at another way to
fix it tho. The readinactiveprofiles() function is needed to call the
readprofile() function with the parameter to indicate that its an inactive
profile. So with this patch I think that the local repository of inactive
profiles would be broken (in that anything under extras would be read in as
an active profile).
I should at least verify the existence of the directory for the
inactive profiles (configured via logprof.conf) and in the case that it
doesn't exist then don't attempt to open.... I'll write up a patch and post
for review.
--dom
+++ Mathias Gug [20/09/07 11:44 -0400]:
> Hi,
>
> I've attached a diff that refactors SubDomain.pm to not fail when
> directories that should be scanned for profiles don't exist.
>
> This is the case in Ubuntu as profiles in extas/ are not shipped by
> default. In such case, aa-genprof fails to scan the extra directory.
> See https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/141128.
>
> --
> Mathias
> Index: utils/SubDomain.pm
> ===================================================================
> --- utils/SubDomain.pm (revision 1001)
> +++ utils/SubDomain.pm (working copy)
> @@ -872,7 +872,7 @@
> return if -d $fqdbin;
>
> my $profile_data;
> - readinactiveprofiles(); # need to read the profiles to see if an
> + readprofiles($extraprofiledir); # need to read the profiles to see if an
> # inactive local profile is present
> $profile_data = eval { get_profile($fqdbin) };
>
> @@ -3320,7 +3320,7 @@
> UI_Info(sprintf(gettext('Reading log entries from %s.'), $filename));
> UI_Info(sprintf(gettext('Updating AppArmor profiles in %s.'), $profiledir));
>
> - readprofiles();
> + readprofiles($profiledir);
>
> unless ($sevdb) {
> $sevdb = new Immunix::Severity("$confdir/severity.db", gettext("unknown"));
> @@ -4073,25 +4073,19 @@
> return $message;
> }
>
> -sub readprofiles () {
> - opendir(SDDIR, $profiledir)
> - or fatal_error "Can't read AppArmor profiles in $profiledir.";
> - for my $file (grep { -f "$profiledir/$_" } readdir(SDDIR)) {
> - next if isSkippableFile($file);
> - readprofile("$profiledir/$file", \&fatal_error, 1);
> +sub readprofiles ($) {
> + my $profiledir = shift;
> + if ( -e $profiledir ) {
> + opendir(SDDIR, $profiledir)
> + or fatal_error "Can't read AppArmor profiles in $profiledir.";
> + for my $file (grep { -f "$profiledir/$_" } readdir(SDDIR)) {
> + next if (isSkippableFile($file) || $file =~ /README$/);
> + readprofile("$profiledir/$file", \&fatal_error, 1);
> + }
> + closedir(SDDIR);
> }
> - closedir(SDDIR);
> }
>
> -sub readinactiveprofiles () {
> - opendir(ESDDIR, $extraprofiledir) or
> - fatal_error "Can't read AppArmor profiles in $extraprofiledir.";
> - for my $file (grep { -f "$extraprofiledir/$_" } readdir(ESDDIR)) {
> - next if $file =~ /\.rpm(save|new)|README$/;
> - readprofile("$extraprofiledir/$file", \&fatal_error, 0);
> - }
> - closedir(ESDDIR);
> -}
>
> sub readprofile ($$$) {
> my $file = shift;
> _______________________________________________
> Apparmor-dev mailing list
> Apparmor-dev at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-dev
More information about the Apparmor-dev
mailing list