[lxc-devel] [lxc/master] apparmor: catch config file opening error
4383 on Github
lxc-bot at linuxcontainers.org
Tue Feb 12 21:57:33 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 490 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190212/9078b149/attachment.bin>
-------------- next part --------------
From 78b39520f0ea84168d614899476d647c994df296 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Beraud?= <hberaud at redhat.com>
Date: Tue, 12 Feb 2019 22:48:51 +0100
Subject: [PATCH] apparmor: catch config file opening error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Improve config file error opening management
and improve main code block.
Execute this python script during CI to avoid
regressions
Signed-off-by: Hervé Beraud <hberaud at redhat.com>
---
.travis.yml | 2 +
config/apparmor/lxc-generate-aa-rules.py | 75 ++++++++++++++----------
2 files changed, 46 insertions(+), 31 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 9805facc1..4b47a3bee 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,6 +27,8 @@ script:
- ../configure --enable-tests --with-distro=unknown
- make -j4
- make DESTDIR=$TRAVIS_BUILD_DIR/install install
+ - ./config/apparmor/lxc-generate-aa-rules.py config/apparmor/container-rules.base
+
notifications:
email:
recipients:
diff --git a/config/apparmor/lxc-generate-aa-rules.py b/config/apparmor/lxc-generate-aa-rules.py
index d7c9a868e..2f8a5dbb8 100755
--- a/config/apparmor/lxc-generate-aa-rules.py
+++ b/config/apparmor/lxc-generate-aa-rules.py
@@ -3,6 +3,7 @@
import sys
blocks = []
+denies = []
#
# blocks is an array of paths under which we want to block by
@@ -63,28 +64,6 @@ def add_allow(path):
prev.append(n)
prev = n['children']
-config = "config"
-if len(sys.argv) > 1:
- config = sys.argv[1]
-with open(config) as f:
- for x in f.readlines():
- x.strip()
- if x[:1] == '#':
- continue
- try:
- (cmd, path) = x.split(' ')
- except: # blank line
- continue
- if cmd == "block":
- add_block(path)
- elif cmd == "allow":
- add_allow(path)
- else:
- print("Unknown command: %s" % cmd)
- sys.exit(1)
-
-denies = []
-
def collect_chars(children, ref, index):
r = ""
@@ -126,14 +105,48 @@ def gen_denies(pathsofar, children):
newpath = "%s/%s" % (pathsofar, c['path'])
gen_denies(newpath, c['children'])
-for b in blocks:
- gen_denies(b['path'], b['children'])
-denies.sort()
+def main():
+ config = "config"
+ if len(sys.argv) > 1:
+ config = sys.argv[1]
+
+ lines = None
+ try:
+ with open(config) as f:
+ lines = f.readlines()
+ except FileNotFoundError as err:
+ print("Config file not found")
+ print(err)
+ sys.exit(1)
+
+ for line in lines:
+ line.strip()
+ if line.startswith('#'):
+ continue
+ try:
+ (cmd, path) = line.split(' ')
+ except: # blank line
+ continue
+ if cmd == "block":
+ add_block(path)
+ elif cmd == "allow":
+ add_allow(path)
+ else:
+ print("Unknown command: %s" % cmd)
+ sys.exit(1)
+ for block in blocks:
+ gen_denies(block['path'], block['children'])
+
+ denies.sort()
+
+ genby = " # generated by: lxc-generate-aa-rules.py"
+ for a in sys.argv[1:]:
+ genby += " %s" % a
+ print(genby)
+ for d in denies:
+ print(" %s" % d)
+
-genby = " # generated by: lxc-generate-aa-rules.py"
-for a in sys.argv[1:]:
- genby += " %s" % a
-print(genby)
-for d in denies:
- print(" %s" % d)
+if __name__ == "__main__":
+ main()
More information about the lxc-devel
mailing list