def cmd_audit(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(
profile):
aaui.UI_Info(
_('Profile for %s not found, skipping') % output_name)
continue
# keep this to allow toggling 'audit' flags
if not self.remove:
aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
else:
aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
apparmor.change_profile_flags(profile, program, 'audit',
not self.remove)
disable_link = '%s/disable/%s' % (apparmor.profile_dir,
os.path.basename(profile))
if os.path.exists(disable_link):
aaui.UI_Info(
_('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.'
) % os.path.basename(profile))
self.reload_profile(profile)
def cleanprof_act(self):
# used by aa-cleanprof
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
if program is None:
program = profile
if not program or not (os.path.exists(program)
or apparmor.profile_exists(program)):
if program and not program.startswith('/'):
program = aaui.UI_GetString(
_('The given program cannot be found, please try with the fully qualified path name of the program: '
), '')
else:
aaui.UI_Info(
_("%s does not exist, please double-check the path.") %
program)
sys.exit(1)
if program and apparmor.profile_exists(program):
self.clean_profile(program)
else:
if '/' not in program:
aaui.UI_Info(
_("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter."
) % {'program': program})
else:
aaui.UI_Info(
_("%s does not exist, please double-check the path.") %
program)
sys.exit(1)
def cmd_complain(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
apparmor.set_complain(profile, program)
self.reload_profile(profile)
def cmd_complain(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
apparmor.set_complain(profile, program)
self.reload_profile(profile)
def act(self):
# used by aa-cleanprof
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
if program is None:
program = profile
if not program or not (os.path.exists(program)
or apparmor.profile_exists(program)):
if program and not program.startswith('/'):
program = aaui.UI_GetString(
_('The given program cannot be found, please try with the fully qualified path name of the program: '
), '')
else:
aaui.UI_Info(
_("%s does not exist, please double-check the path.") %
program)
sys.exit(1)
if program and apparmor.profile_exists(program):
if self.name == 'cleanprof':
self.clean_profile(program)
else:
filename = apparmor.get_profile_filename(program)
if not os.path.isfile(
filename) or apparmor.is_skippable_file(filename):
aaui.UI_Info(
_('Profile for %s not found, skipping') % program)
else:
# One simply does not walk in here!
raise apparmor.AppArmorException('Unknown tool: %s' %
self.name)
self.reload_profile(profile)
else:
if '/' not in program:
aaui.UI_Info(
_("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter."
) % {'program': program})
else:
aaui.UI_Info(
_("%s does not exist, please double-check the path.") %
program)
sys.exit(1)
def cmd_disable(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
aaui.UI_Info(_('Disabling %s.') % output_name)
self.disable_profile(profile)
self.unload_profile(profile)
def cmd_disable(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
aaui.UI_Info(_('Disabling %s.') % output_name)
self.disable_profile(profile)
self.unload_profile(profile)
def cmd_autodep(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
if not program:
aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % profile)
continue
apparmor.check_qualifiers(program)
if os.path.exists(apparmor.get_profile_filename_from_attachment(program, True)) and not self.force:
aaui.UI_Info(_('Profile for %s already exists - skipping.') % program)
else:
apparmor.autodep(program)
if self.aa_mountpoint:
apparmor.reload(program)
def cmd_autodep(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
if not program:
aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % profile)
continue
apparmor.check_qualifiers(program)
if os.path.exists(apparmor.get_profile_filename(program)) and not self.force:
aaui.UI_Info(_('Profile for %s already exists - skipping.') % program)
else:
apparmor.autodep(program)
if self.aa_mountpoint:
apparmor.reload(program)
def act(self):
# used by aa-cleanprof
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
if program is None:
program = profile
if not program or not(os.path.exists(program) or apparmor.profile_exists(program)):
if program and not program.startswith('/'):
program = aaui.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '')
else:
aaui.UI_Info(_("%s does not exist, please double-check the path.") % program)
sys.exit(1)
if program and apparmor.profile_exists(program):
if self.name == 'cleanprof':
self.clean_profile(program)
else:
filename = apparmor.get_profile_filename(program)
if not os.path.isfile(filename) or apparmor.is_skippable_file(filename):
aaui.UI_Info(_('Profile for %s not found, skipping') % program)
else:
# One simply does not walk in here!
raise apparmor.AppArmorException('Unknown tool: %s' % self.name)
self.reload_profile(profile)
else:
if '/' not in program:
aaui.UI_Info(_("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % { 'program': program })
else:
aaui.UI_Info(_("%s does not exist, please double-check the path.") % program)
sys.exit(1)
def cmd_audit(self):
apparmor.read_profiles()
for (program, profile) in self.get_next_to_profile():
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
# keep this to allow toggling 'audit' flags
if not self.remove:
aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
else:
aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
apparmor.change_profile_flags(profile, program, 'audit', not self.remove)
disable_link = '%s/disable/%s' % (apparmor.profile_dir, os.path.basename(profile))
if os.path.exists(disable_link):
aaui.UI_Info(_('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.') % os.path.basename(profile))
self.reload_profile(profile)