mirror of
				https://git.proxmox.com/git/mirror_lxc
				synced 2025-10-26 15:22:28 +00:00 
			
		
		
		
	apparmor: catch config file opening error
Improve config file error opening management and improve main code block. Execute this python script during CI to avoid regressions Signed-off-by: Hervé Beraud <hberaud@redhat.com>
This commit is contained in:
		
							parent
							
								
									b091c341d5
								
							
						
					
					
						commit
						c70de0eabb
					
				| @ -27,6 +27,9 @@ script: | |||||||
|  - ../configure --enable-tests --with-distro=unknown |  - ../configure --enable-tests --with-distro=unknown | ||||||
|  - make -j4 |  - make -j4 | ||||||
|  - make DESTDIR=$TRAVIS_BUILD_DIR/install install |  - make DESTDIR=$TRAVIS_BUILD_DIR/install install | ||||||
|  |  - cd .. | ||||||
|  |  - ./config/apparmor/lxc-generate-aa-rules.py config/apparmor/container-rules.base | ||||||
|  | 
 | ||||||
| notifications: | notifications: | ||||||
|   email: |   email: | ||||||
|     recipients: |     recipients: | ||||||
|  | |||||||
| @ -3,6 +3,7 @@ | |||||||
| import sys | import sys | ||||||
| 
 | 
 | ||||||
| blocks = [] | blocks = [] | ||||||
|  | denies = [] | ||||||
| 
 | 
 | ||||||
| # | # | ||||||
| # blocks is an array of paths under which we want to block by | # blocks is an array of paths under which we want to block by | ||||||
| @ -63,28 +64,6 @@ def add_allow(path): | |||||||
|             prev.append(n) |             prev.append(n) | ||||||
|             prev = n['children'] |             prev = n['children'] | ||||||
| 
 | 
 | ||||||
| config = "config" |  | ||||||
| if len(sys.argv) > 1: |  | ||||||
|     config = sys.argv[1] |  | ||||||
| with open(config) as f: |  | ||||||
|     for x in f.readlines(): |  | ||||||
|         x.strip() |  | ||||||
|         if x[:1] == '#': |  | ||||||
|             continue |  | ||||||
|         try: |  | ||||||
|             (cmd, path) = x.split(' ') |  | ||||||
|         except:  # blank line |  | ||||||
|             continue |  | ||||||
|         if cmd == "block": |  | ||||||
|             add_block(path) |  | ||||||
|         elif cmd == "allow": |  | ||||||
|             add_allow(path) |  | ||||||
|         else: |  | ||||||
|             print("Unknown command: %s" % cmd) |  | ||||||
|             sys.exit(1) |  | ||||||
| 
 |  | ||||||
| denies = [] |  | ||||||
| 
 |  | ||||||
| 
 | 
 | ||||||
| def collect_chars(children, ref, index): | def collect_chars(children, ref, index): | ||||||
|     r = "" |     r = "" | ||||||
| @ -126,8 +105,38 @@ def gen_denies(pathsofar, children): | |||||||
|             newpath = "%s/%s" % (pathsofar, c['path']) |             newpath = "%s/%s" % (pathsofar, c['path']) | ||||||
|             gen_denies(newpath, c['children']) |             gen_denies(newpath, c['children']) | ||||||
| 
 | 
 | ||||||
| for b in blocks: | 
 | ||||||
|     gen_denies(b['path'], b['children']) | def main(): | ||||||
|  |     config = "config" | ||||||
|  |     if len(sys.argv) > 1: | ||||||
|  |         config = sys.argv[1] | ||||||
|  | 
 | ||||||
|  |     lines = None | ||||||
|  |     try: | ||||||
|  |         with open(config) as f: | ||||||
|  |             lines = f.readlines() | ||||||
|  |     except FileNotFoundError as err: | ||||||
|  |         print("Config file not found") | ||||||
|  |         print(err) | ||||||
|  |         sys.exit(1) | ||||||
|  | 
 | ||||||
|  |     for line in lines: | ||||||
|  |         line.strip() | ||||||
|  |         if line.startswith('#'): | ||||||
|  |             continue | ||||||
|  |         try: | ||||||
|  |             (cmd, path) = line.split(' ') | ||||||
|  |         except:  # blank line | ||||||
|  |             continue | ||||||
|  |         if cmd == "block": | ||||||
|  |             add_block(path) | ||||||
|  |         elif cmd == "allow": | ||||||
|  |             add_allow(path) | ||||||
|  |         else: | ||||||
|  |             print("Unknown command: %s" % cmd) | ||||||
|  |             sys.exit(1) | ||||||
|  |     for block in blocks: | ||||||
|  |         gen_denies(block['path'], block['children']) | ||||||
| 
 | 
 | ||||||
|     denies.sort() |     denies.sort() | ||||||
| 
 | 
 | ||||||
| @ -137,3 +146,7 @@ for a in sys.argv[1:]: | |||||||
|     print(genby) |     print(genby) | ||||||
|     for d in denies: |     for d in denies: | ||||||
|         print("  %s" % d) |         print("  %s" % d) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | if __name__ == "__main__": | ||||||
|  |     main() | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Hervé Beraud
						Hervé Beraud