Skip to content

Commit

Permalink
Merge pull request #35 from shundhammer/huha-profile-names
Browse files Browse the repository at this point in the history 
More Robust aa-status Output Parser
  • Loading branch information
@shundhammer
shundhammer committed Jan 24, 2019
2 parents 7609c3d + 396db4e commit aadeecf
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 15 deletions.
7 changes: 7 additions & 0 deletions package/yast2-apparmor.changes
View file
@@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Jan 24 12:39:46 UTC 2019 - Stefan Hundhammer <shundhammer@suse.com>

- Adapted aa-status parser to new output format to prevent crash
(bsc#1121274)
- 4.1.5

-------------------------------------------------------------------
Mon Jan 14 07:41:58 CST 2019 - rgoldwyn@suse.com

Expand Down
7 changes: 6 additions & 1 deletion package/yast2-apparmor.spec
View file
Expand Up @@ -17,7 +17,7 @@


Name: yast2-apparmor
Version: 4.1.4
Version: 4.1.5
Release: 0
Summary: YaST2 - Plugins for AppArmor Profile Management
Url: https://github.com/yast/yast-apparmor
Expand All @@ -31,6 +31,11 @@ BuildRequires: yast2-devtools >= 3.1.10
Requires: yast2 > 3.3.2
Requires: yast2-ruby-bindings >= 1.0.0

# New JSON output format in aa-status; upstream change:
# aa-status: split profile from exec name
# bsc#1121274 / PR#35
Conflicts: apparmor-utils < 2.13

BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch

Expand Down
83 changes: 69 additions & 14 deletions src/lib/apparmor/profiles.rb
View file
Expand Up @@ -48,7 +48,7 @@ def toggle
end

def to_s
@name + ', ' + @status + ', ' + @pid
"#{@name}, #{@status}, #{@pid}"
end

def to_array
Expand Down Expand Up @@ -77,22 +77,15 @@ def execute(*args)

# Class representing a list of profiles
class Profiles
include Yast::Logger
attr_reader :prof
def initialize
status_output = command_output("/usr/sbin/aa-status", "--json")

jtext = JSON.parse(status_output)
h = jtext['profiles']
@prof = {}
h.each do |name, status|
@prof[name] = Profile.new(name, status)
end
h = jtext['processes']
h.each do |name, pidmap|
pidmap.each do |p|
@prof[name].addPid(p['pid'])
end
end
status_output = command_output("/usr/sbin/aa-status", "--pretty-json")
log.info("aa-status output:\n#{status_output}\n")
jtext = JSON.parse(status_output)
add_profiles(jtext["profiles"])
add_processes(jtext["processes"])
end

def active
Expand All @@ -110,6 +103,68 @@ def toggle(name)

private

# Add all profiles from the "profiles" section of the parsed JSON output of
# the aa-status command.
#
# Sample JSON:
#
# "profiles": {
# "/usr/bin/lessopen.sh": "enforce",
# "/usr/lib/colord": "enforce",
# "/usr/{bin,sbin}/dnsmasq": "enforce",
# "nscd": "enforce",
# "ntpd": "enforce",
# "syslogd": "enforce",
# "traceroute": "enforce",
# "winbindd": "enforce"
# }
def add_profiles(profiles)
return if profiles.nil?
profiles.each do |name, status|
log.info("Profile name: #{name} status: #{status}")
@prof[name] = Profile.new(name, status)
end
end

# Add all processesfrom the "profiles" section of the parsed JSON output of
# the aa-status command.
#
# Sample JSON:
#
# "processes": {
# "/usr/sbin/nscd": [
# {
# "profile": "nscd",
# "pid": "805",
# "status": "enforce"
# }
# ],
# "/usr/lib/colord": [
# {
# "profile": "/usr/lib/colord",
# "pid": "1790",
# "status": "enforce"
# }
# ]
# }
def add_processes(processes)
return if processes.nil?
processes.each do |executable_name, pidmap_list|
pidmap_list.each do |pidmap|
profile_name = pidmap["profile"] || executable_name
pid = pidmap["pid"]
if @prof.key?(profile_name)
msg = "Active process #{pid} #{executable_name}"
msg += " profile name #{profile_name}" if executable_name != profile_name
log.info(msg)
@prof[profile_name].addPid(pid)
else
log.warn("No profile #{profile_name}")
end
end
end
end

# Returns the output of the given command
#
# @param args [Array<String>, Array<Array<String>>] the command to execute and
Expand Down

0 comments on commit aadeecf

Please sign in to comment.