proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-12 06:51:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

apparmor: catch config file opening error

Browse Source 
Improve config file error opening management
and improve main code block.

Execute this python script during CI to avoid
regressions

Signed-off-by: Hervé Beraud <hberaud@redhat.com>
This commit is contained in:
Hervé Beraud 2019-02-12 22:48:51 +01:00
parent b091c341d5
commit c70de0eabb
2 changed files with 47 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.travis.yml
View File

@ -27,6 +27,9 @@ script:
- ../configure --enable-tests --with-distro=unknown - ../configure --enable-tests --with-distro=unknown
- make -j4 - make -j4
- make DESTDIR=$TRAVIS_BUILD_DIR/install install - make DESTDIR=$TRAVIS_BUILD_DIR/install install
- cd ..
- ./config/apparmor/lxc-generate-aa-rules.py config/apparmor/container-rules.base
notifications: notifications:
email: email:
recipients: recipients:

75
config/apparmor/lxc-generate-aa-rules.py
View File

@ -3,6 +3,7 @@
import sys import sys
blocks = [] blocks = []
denies = []
# #
# blocks is an array of paths under which we want to block by # blocks is an array of paths under which we want to block by
@ -63,28 +64,6 @@ def add_allow(path):
prev.append(n) prev.append(n)
prev = n['children'] prev = n['children']
config = "config"
if len(sys.argv) > 1:
config = sys.argv[1]
with open(config) as f:
for x in f.readlines():
x.strip()
if x[:1] == '#':
continue
try:
(cmd, path) = x.split(' ')
except: # blank line
continue
if cmd == "block":
add_block(path)
elif cmd == "allow":
add_allow(path)
else:
print("Unknown command: %s" % cmd)
sys.exit(1)
denies = []
def collect_chars(children, ref, index): def collect_chars(children, ref, index):
r = "" r = ""
@ -126,14 +105,48 @@ def gen_denies(pathsofar, children):
newpath = "%s/%s" % (pathsofar, c['path']) newpath = "%s/%s" % (pathsofar, c['path'])
gen_denies(newpath, c['children']) gen_denies(newpath, c['children'])
for b in blocks:
gen_denies(b['path'], b['children'])
denies.sort() def main():
config = "config"
if len(sys.argv) > 1:
config = sys.argv[1]
genby = " # generated by: lxc-generate-aa-rules.py" lines = None
for a in sys.argv[1:]: try:
genby += " %s" % a with open(config) as f:
print(genby) lines = f.readlines()
for d in denies: except FileNotFoundError as err:
print(" %s" % d) print("Config file not found")
print(err)
sys.exit(1)
for line in lines:
line.strip()
if line.startswith('#'):
continue
try:
(cmd, path) = line.split(' ')
except: # blank line
continue
if cmd == "block":
add_block(path)
elif cmd == "allow":
add_allow(path)
else:
print("Unknown command: %s" % cmd)
sys.exit(1)
for block in blocks:
gen_denies(block['path'], block['children'])
denies.sort()
genby = " # generated by: lxc-generate-aa-rules.py"
for a in sys.argv[1:]:
genby += " %s" % a
print(genby)
for d in denies:
print(" %s" % d)
if __name__ == "__main__":
main()