Hello community,
here is the log from the commit of package yast2-apparmor
checked in at Sat Nov 4 09:30:30 CET 2006.
--------
--- yast2-apparmor/yast2-apparmor.changes 2006-10-16 19:47:38.000000000 +0200
+++ /mounts/work_src_done/NOARCH/yast2-apparmor/yast2-apparmor.changes 2006-11-04 00:22:27.000000000 +0100
@@ -1,0 +2,6 @@
+Sat Nov 4 00:20:35 CET 2006 - ddrewelow@suse.de
+
+- Add complain/enforce profile state toggle
+ Fate: 300719
+
+-------------------------------------------------------------------
Old:
----
yast2-apparmor-2.0-158.tar.gz
New:
----
yast2-apparmor-2.0-188.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-apparmor.spec ++++++
--- /var/tmp/diff_new_pack.yyjtvb/_old 2006-11-04 09:29:48.000000000 +0100
+++ /var/tmp/diff_new_pack.yyjtvb/_new 2006-11-04 09:29:48.000000000 +0100
@@ -13,10 +13,10 @@
Name: yast2-apparmor
Summary: Yast2 plugins for AppArmor profile management
Version: 2.0
-Release: 38
+Release: 50
Group: Productivity/Security
-Source0: %{name}-%{version}-158.tar.gz
-License: Other License(s), see package, GPL
+Source0: %{name}-%{version}-188.tar.gz
+License: GNU General Public License (GPL) - all versions, Other License(s), see package
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
Requires: yast2 perl-TimeDate
@@ -99,6 +99,9 @@
%preun
%changelog -n yast2-apparmor
+* Sat Nov 04 2006 - ddrewelow@suse.de
+- Add complain/enforce profile state toggle
+ Fate: 300719
* Mon Oct 16 2006 - dreynolds@suse.de
- Add syntax checks for profiles and display error dialogs to user
Fate: 300906
++++++ yast2-apparmor-2.0-158.tar.gz -> yast2-apparmor-2.0-188.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/Make.rules new/yast2-apparmor-2.0/Make.rules
--- old/yast2-apparmor-2.0/Make.rules 2006-10-06 20:08:44.000000000 +0200
+++ new/yast2-apparmor-2.0/Make.rules 2006-11-04 00:15:05.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: Make.rules 11 2006-04-12 21:19:42Z steve-beattie $
+# $Id: Make.rules 191 2006-11-03 10:19:42Z steve-beattie $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -39,7 +39,7 @@
TESTBUILDDIR=$(shell [ -f ${HOME}/.rpmmacros ] && awk '/^%_topdir/ {print $$2}' ${HOME}/.rpmmacros)
ifdef BUILDDIR
#BUILDDIR:=$(BUILDDIR,/=)
-else
+else
BUILDDIR=$(shell if [ -d "${TESTBUILDDIR}" ] ; then \
echo ${TESTBUILDDIR} | sed "s^/$$^^" ; \
elif [ -d "/usr/src/redhat" ] ; then \
@@ -80,6 +80,12 @@
REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
fi)
+REPO_URL=$(shell if [ -x /usr/bin/svn ] ; then \
+ /usr/bin/svn info . 2> /dev/null | grep "^URL:" | sed "s/^URL: //" ; \
+ fi)
+COMMON_REPO_URL=$(shell if [ -x /usr/bin/svn ] ; then \
+ /usr/bin/svn info $(COMMONDIR) 2> /dev/null | grep "^URL:" | sed "s/^URL: //" ; \
+ fi)
ifdef EXTERNAL_PACKAGE
RPMARG+=--define "_sourcedir $(shell pwd)"
@@ -87,11 +93,12 @@
ifndef SPECFILE
SPECFILE = $(NAME).spec
-endif
+endif
RELEASE = $(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} --qf "%{RELEASE}" ${SPECFILE})
RELEASE_DIR = $(NAME)-$(VERSION)
TARBALL = $(NAME)-$(VERSION)-${REPO_VERSION}.tar.gz
-TAR = /bin/tar czvp --exclude .svn --exclude CVS --exclude .cvsignore --exclude ${TARBALL} --exclude ${RELEASE_DIR}/${RELEASE_DIR} $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
+TAR = /bin/tar czvp -h --exclude .svn --exclude CVS --exclude .cvsignore --exclude ${TARBALL} --exclude ${RELEASE_DIR}/${RELEASE_DIR} $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
+LDCONFIG = /sbin/ldconfig
CVSPKG_VERSION=$(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} ${SPECFILE} | head -1 | tr "." "_")
@@ -137,6 +144,15 @@
.PHONY: tarball
tarball: clean $(TARBALL)
+
+.PHONY: dist
+dist: clean $(SPECFILE)
+ -rm -rf $(RELEASE_DIR)
+ svn export $(REPO_URL) $(RELEASE_DIR)
+ svn export $(COMMON_REPO_URL) $(RELEASE_DIR)/common
+ $(TAR) -f $(TARBALL) $(RELEASE_DIR)
+ rm -rf $(RELEASE_DIR)
+
endif
.PHONY: version
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/src/agents/ag_complain new/yast2-apparmor-2.0/src/agents/ag_complain
--- old/yast2-apparmor-2.0/src/agents/ag_complain 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-apparmor-2.0/src/agents/ag_complain 2006-11-04 00:15:23.000000000 +0100
@@ -0,0 +1,339 @@
+#!/usr/bin/perl
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+################################################################################
+# ag_complain
+#
+# - Generates list of profiles with complain/enforce info
+# - Toggles profiles between complain/enforce modes
+#
+# Requires:
+# - /usr/lib/perl5/vendor_perl/Immunix/SubDomain.pm
+#
+# Input (Optional):
+# - param 'showall' == 1 to change modes for profiles without associated
+# binaries (i.e. 'inactive' profiles), 'showall' effects all of the
+# parameters listed below
+# - param 'all' to change modes for all active profiles
+# - profile names to change, for single profiles
+# - nothing if listing just active profiles
+#
+# - may allow multiple profiles in the future
+#
+################################################################################
+
+use strict;
+use Locale::gettext;
+use POSIX;
+use Immunix::Ycp;
+use Immunix::SubDomain;
+
+setlocale(LC_MESSAGES, "");
+textdomain("apparmor-utils");
+
+our $UI_Mode = "yast-agent";
+
+sub getProfPath ($) {
+
+ my $profName = shift;
+ my $profPath = undef;
+
+ if ( ! -f "$profiledir/$profName" ) {
+
+ Immunix::Ycp::y2milestone("Couldn't find file $profiledir/$profName.");
+
+ } elsif (open PROF, "<$profiledir/$profName") {
+
+ while(<PROF>) {
+ if (/^\/\w+/) {
+ $profPath = (split(/\s+[\{||flag]/, $_))[0];
+ last;
+ }
+ }
+
+ close PROF;
+
+ } else {
+ Immunix::Ycp::y2milestone("Couldn't open $profiledir/$profName for reading.");
+ }
+ return $profPath;
+}
+
+# checks for reasonable filename characteristics
+sub badFileName {
+
+ my $profName = shift;
+ my $profPath = undef;
+ my $allProfs = shift || 0;
+ my $badFileName = 1;
+
+ if ( $profName !~ /^\// ) {
+ $profPath = getProfPath($profName);
+ } else {
+ $profPath = $profName;
+ }
+
+ # Only allow profiles with installed binaries unless specified with $allProfs
+ if ( $allProfs != 1 && ! -f $profPath ) {
+ return $badFileName;
+ }
+ if ( $profPath ) {
+
+ if ( ($profPath !~ /^\./) &&
+ ($profPath !~ /.save$|.new$/) &&
+ ($profPath !~ /\s/) &&
+ ($profPath !~ /([!#-\@\w])\.$/) &&
+ (length($profPath) <= 128) ) {
+
+ $badFileName = 0;
+ }
+ }
+
+ return $badFileName
+}
+
+
+# returns dot-format profile filenames
+sub getProfList {
+
+ my $args = shift;
+ my $allProfs = $args->{'showall'} || 0;
+
+ my @rawList = ();
+ my @profList = ();
+ my $error = undef;
+
+ if ( opendir (MDIR, $profiledir) ) {
+
+ @rawList = grep { ! /^\./ && ! /^lib(\d*)[\.|\/]ld/ && -f "$profiledir/$_"
+ && ! /\.rpm(new|save)$/
+
+ } readdir(MDIR);
+ close MDIR;
+
+ } else {
+ $error = "Couldn't open directory $profiledir. Exiting.";
+ Immunix::Ycp::y2error("$error");
+ exit 1;
+ }
+
+ # Remove profiles without installed binaries by default
+ if ( $allProfs ne '1' ) {
+ for my $prof (@rawList) {
+ if (! badFileName($prof,$allProfs)) {
+ push (@profList, $prof);
+ }
+ }
+ } else {
+ @profList = @rawList;
+ }
+
+ return \@profList;
+}
+
+# returns both the dot-format and pathnames for profiles
+sub getProfHash {
+
+ my $args = shift;
+ my $profList = getProfList($args);
+ my @rawHash = ();
+ my @profHash = ();
+
+ for my $dotProf (@$profList) {
+ if (open PROF, "<$profiledir/$dotProf") {
+ while(<PROF>) {
+ if (/^\/\w+/) {
+ my $prof = undef;
+ $prof->{'dot'} = $dotProf;
+ $prof->{'path'} = (split(/\s+[\{||flag]/, $_))[0];
+ push(@rawHash, $prof);
+ last;
+ }
+ }
+
+ close PROF;
+
+ # Remove profiles without installed binaries by default
+ if ( $args->{'showall'} ne '1' ) {
+ for my $prof (@rawHash) {
+ if (! badFileName($prof->{'path'}, $args->{'showall'})) {
+ push (@profHash, $prof);
+ }
+ }
+ } else {
+ @profHash = @rawHash;
+ }
+
+ } else {
+ Immunix::Ycp::y2error("Couldn't open $profiledir/$dotProf");
+ exit 1;
+ }
+ }
+
+ return \@profHash;
+}
+
+sub getProfModes {
+
+ my $profList = shift;
+ my @profModeList = ();
+
+ for my $profName (@$profList) {
+
+ my $flag = undef;
+
+ next if (-d $profName);
+ next if ($profName =~ /^\./);
+ next if ($profName =~ /.save$|.new$/);
+
+ if ( open(PROFILE, "$profiledir/$profName")) {
+
+ while(<PROFILE>) {
+
+ if (m/^\s*\/\S+\s+(flags=\(.+\)\s+)*{\s*$/) {
+ $flag = $1;
+ }
+
+ if ($flag) {
+ $flag =~ s/flags=\((.+)\)/$1/;
+ $flag =~ s/\s//g;
+ last; # only one profile except in /lib*/ld* which is a special case
+ }
+ }
+
+ close(PROFILE);
+
+ } else {
+ Immunix::Ycp::y2milestone( "Couldn't open profile $profName for reading.");
+ }
+
+ if (! $flag) { $flag = 'enforce'};
+
+ my $prof = {
+ 'name' => $profName,
+ 'mode' => $flag
+ };
+
+ # Don't add profile entries if the file doesn't exist
+ if ( $prof->{'name'} ) {
+ push(@profModeList, $prof);
+ }
+
+ }
+
+ return \@profModeList;
+}
+
+sub getProfStatus {
+
+ my $args = shift;
+ my $profList = getProfList($args);
+ my $profModeList = getProfModes($profList);
+
+ return $profModeList;
+}
+
+sub setProfMode {
+
+ my $args = shift;
+ my $ret = undef;
+
+ my $profMode = undef;
+
+ if ( $args->{'mode'} eq 'complain' ) {
+ $profMode = 'complain';
+ } else {
+ $profMode = '';
+ }
+
+ # Change just the profile listed, if an associated binary exists
+ if ( $args->{'profile'} ) {
+ my $profName = getProfPath("$args->{'profile'}");
+
+ if ( badFileName($args->{'profile'}, $args->{'showall'} )) {
+ Immunix::Ycp::y2milestone("Bad profile: $profName. Skipping.");
+ } elsif ( $args->{'showall'} && $args->{'showall'} == 1 ) {
+ setprofileflags("$profiledir/$args->{'profile'}", "$profMode");
+ } else {
+
+ if ($profMode eq 'complain') {
+ Immunix::SubDomain::complain("$profName");
+ } else {
+ Immunix::SubDomain::enforce("$profName");
+ }
+ }
+
+ # Change all profiles, regardless of whether the associated binary exists
+ } elsif ( $args->{'showall'} && $args->{'showall'} == 1 ) {
+
+ my $profHash = getProfHash($args);
+ for my $prof (@$profHash) {
+ setprofileflags("$profiledir/$prof->{'dot'}", "$profMode");
+ }
+
+ # Change all profiles with associated existing binaries
+ } elsif ( $args->{'all'} == 1 ) {
+
+ my $profHash = getProfHash($args);
+
+ for my $prof (@$profHash) {
+
+ if ( badFileName($prof->{'path'}), $args->{'showall'} ) {
+ Immunix::Ycp::y2milestone("Bad profile: $prof->{'path'}. Skipping.");
+ } elsif ($profMode eq 'complain') {
+ Immunix::SubDomain::complain("$prof->{'path'}");
+ } else {
+ Immunix::SubDomain::enforce("$prof->{'path'}");
+ }
+ }
+
+
+ } else {
+ my $error = "ag_complain: Profile name needed for changing complain mode is missing. Exiting.";
+ Immunix::Ycp::y2milestone("$error");
+ exit 1;
+ }
+
+ return;
+}
+
+# Main
+################################################################################
+while ( <STDIN> ) {
+
+ my ($command, $path, $args) = Immunix::Ycp::ParseCommand ($_);
+ if ($command && $path && $args) {
+
+ my $db = undef;
+
+ if ($args->{'mode'} && $args->{'mode'} =~ m/^(complain|enforce)$/ ) {
+ setProfMode($args);
+ } else {
+ $db = getProfStatus($args);
+ }
+
+ if ( defined($db) ) {
+ Immunix::Ycp::ycpReturn( $db );
+ } else {
+ Immunix::Ycp::ycpReturn("1");
+ }
+
+ } else {
+ my $error = "ag_complain: Unknown instruction or argument";
+ Immunix::Ycp::y2milestone("$error");
+ Immunix::Ycp::ycpReturn($error);
+ exit 1;
+ }
+
+}
+
+exit 0;
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/src/include/subdomain/config_complain.ycp new/yast2-apparmor-2.0/src/include/subdomain/config_complain.ycp
--- old/yast2-apparmor-2.0/src/include/subdomain/config_complain.ycp 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-apparmor-2.0/src/include/subdomain/config_complain.ycp 2006-11-04 00:15:23.000000000 +0100
@@ -0,0 +1,198 @@
+/* ------------------------------------------------------------------
+*
+* Copyright (C) 2002-2005 Novell/SUSE
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of version 2 of the GNU General Public
+* License published by the Free Software Foundation.
+*
+ ------------------------------------------------------------------*/
+
+{
+textdomain "yast2-apparmor";
+
+string modeHelp = _("<p><b>Profile Mode Configuration</b><br>This tool allows you to set AppArmor profiles to either complain or enforce mode.</p><p>Complain mode is a profile training state that logs application activity, but does not restrict the application's behavior.</p><p>Profiles in enforce mode are protected by AppArmor.</p>");
+
+boolean showAll = false; // Button for showing active or all profiles
+
+define void updateComplain(any id, string profile, string mode, boolean showAll) {
+
+ boolean error = false;
+ map profCmd = $[ ];
+
+ if (id == `allEnforce || id == `allComplain) {
+ profCmd["all"] = "1";
+ } else if ( profile != "" ) {
+ profCmd["profile"] = profile;
+ } else {
+ Popup::Error( _("Couldn't recognize profile name: ") + profile );
+ return;
+ }
+
+ if ( id == `toggle && mode != "" ) {
+ // Reverse modes for toggling
+ if ( mode == "enforce" ) {
+ profCmd["mode"] = "complain";
+ } else if (mode == "complain") {
+ profCmd["mode"] = "enforce";
+ } else {
+ error = true;
+ Popup::Error( _("Couldn't recognize mode: ") + mode );
+ }
+ } else if ( id != `toggle ) {
+ profCmd["mode"] = mode;
+ }
+
+ if ( showAll == true ) {
+ profCmd["showall"] = "1";
+ } else {
+ profCmd["showall"] = "0";
+ }
+
+ SCR::Write(.complain, profCmd);
+
+ return;
+}
+
+define list<term> getRecordList(boolean showAll) {
+
+ map Settings = $[ ];
+ Settings["list"] = "1";
+
+ if ( showAll == true ) {
+ Settings["showall"] = "1";
+ } else {
+ Settings["showall"] = "0";
+ }
+
+ list<term> recList = [];
+ integer key = 1;
+
+ // restarts ag_complain agent if necessary
+ list <map> db = nil;
+ while ( db == nil ) {
+ db = (list <map>) SCR::Read (.complain, Settings);
+ }
+
+ foreach ( map record, db, {
+ recList = add( recList, `item( `id(key), record["name"]:nil, record["mode"]:nil ));
+ key = key + 1;
+ });
+
+ return recList;
+}
+
+define term getProfModeForm(list<term> recList, boolean showAll ) {
+
+ term allBtn = `PushButton(`id(`showAll), _("Show All Profiles") );
+ string allText = _("Configure Mode for Active Profiles");
+
+ if ( showAll && showAll == true ) {
+ allBtn = `PushButton(`id(`showAct), _("Show Active Profiles") );
+ allText = _("Configure Mode for All Profiles");
+ }
+
+ term modeForm =
+
+ `Frame( `id(`changeMode), allText,
+ //`Frame( `id(`changeMode), _("Configure Profile Mode"),
+ `VBox(
+ `VSpacing(2),
+ `HBox(
+ `VSpacing(10),
+ `Table(`id(`table), `opt(`notify), `header(_("Profile Name"), _("Mode")), recList)
+ ),
+ `VSpacing(0.5),
+ `HBox(
+ allBtn,
+ `PushButton(`id(`toggle), _("Toggle Mode") ),
+ `PushButton(`id(`allEnforce), _("Set All to Enforce") ),
+ `PushButton(`id(`allComplain), _("Set All to Complain") )
+ ))
+ );
+
+ return modeForm;
+}
+
+define term updateModeConfigForm(boolean showAll) {
+
+ list<term> recList = getRecordList(showAll);
+ term newModeForm = getProfModeForm(recList, showAll);
+
+ return newModeForm;
+}
+
+// Profile Mode Configuration -- Sets Complain and Enforce Behavior
+define symbol profileModeConfigForm() {
+
+ list<term> recList = getRecordList(showAll);
+ term modeForm = getProfModeForm(recList, showAll);
+
+ Wizard::SetContentsButtons( _("Profile Mode Configuration"), modeForm, modeHelp, _("Back"), _("&Done") );
+
+ map event = $[];
+ any id = nil;
+
+ while( true ) {
+
+ event = UI::WaitForEvent();
+
+ id = event["ID"]:nil; // We'll need this often - cache it
+ string profile = nil;
+ string mode = nil;
+
+ if ( id == `abort || id == `cancel || id == `next || id == `back ) {
+ break;
+
+ } else if ( id == `showAll ) {
+
+ showAll = true;
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, _("Back"), _("&Done") );
+ continue;
+
+ } else if ( id == `showAct ) {
+
+ showAll = false;
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, _("Back"), _("&Done") );
+ continue;
+
+ } else if ( id == `next || id == `toggle) {
+
+ integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) );
+ profile = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, "");
+ mode = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, "");
+
+ updateComplain(id, profile, mode, showAll);
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, _("Back"), _("&Done") );
+ continue;
+
+ } else if ( id == `allEnforce || id == `allComplain) {
+
+ profile = "";
+
+ if ( id == `allEnforce ) {
+ mode = "enforce";
+ } else {
+ mode = "complain";
+ }
+
+ updateComplain(id, profile, mode, showAll);
+ Wizard::SetContentsButtons( _("Configure Profile Mode"), updateModeConfigForm(showAll), modeHelp, _("Back"), _("&Done") );
+ continue;
+
+ } else if ( id == `table ) {
+
+ Popup::Message( _("Please select an action to perform from the buttons below.") );
+
+ } else {
+ y2error("Unexpected return code: %1", id);
+ break;
+ }
+ }
+
+ Wizard::CloseDialog(); // new
+ return (symbol) id;
+}
+
+/* EOF */
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/src/include/subdomain/sd-config.ycp new/yast2-apparmor-2.0/src/include/subdomain/sd-config.ycp
--- old/yast2-apparmor-2.0/src/include/subdomain/sd-config.ycp 2006-10-06 20:08:55.000000000 +0200
+++ new/yast2-apparmor-2.0/src/include/subdomain/sd-config.ycp 2006-11-04 00:15:23.000000000 +0100
@@ -3,12 +3,13 @@
* Copyright (C) 2002-2005 Novell/SUSE
*
* This program is free software; you can redistribute it and/or
-* modify it under the terms of version 2 of the GNU General Public
+* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
------------------------------------------------------------------*/
{
+include "subdomain/config_complain.ycp";
include "subdomain/event_notification_helptext.ycp";
textdomain "yast2-apparmor";
@@ -36,49 +37,56 @@
/* Network dialog caption */
string caption = _("AppArmor Configuration");
- string help = _("<p><b>AppArmor Status</b><br>This reports whether the AppArmor policy enforcement module is loaded and functioning.</p> <p><b>Security Event Notification</b><br>When an access violation occurs, configure this tool if you want to be notified via email. </p>");
+ string help = _("<p><b>AppArmor Status</b><br>This reports whether the AppArmor policy enforcement module is loaded and functioning.</p> <p><b>Security Event Notification</b><br>Configure this tool if you want to be notified by email when access violations have occurred.</p> <p><b>Profile Modes</b><br>Use this tool to change the way that AppArmor uses individual profiles.</p>");
- term contents = `HVCenter( `HBox(
- `Frame(_("AppArmor Status"), `HBox(
- `VBox(
- `VSpacing(3), `HSpacing(3),
- `HBox (
- //`HSpacing( `opt(`hstretch), 0.15 ),
- `HSpacing( 3 ),
- `VBox(
- `Frame ( _("Enable AppArmor"),
- `HBox(
- //`HVCenter( `Label( `id(`sdlabel), _("AppArmor is ") + subdomain + " ")),
- `HVCenter( `Label( `id(`sdlabel), sdEnStr + " ")),
- `PushButton( `id(`sdconf), _("&Configure") )
- )
- ),
- `VSpacing( 1 ),
- `Frame ( _("Enable Security Event Notification"),
- `HBox(
- //`HVCenter( `Label( `id(`notifyLabel), _("Notification is ") + evnotify )),
- `HVCenter( `Label( `id(`notifyLabel), evEnStr )),
- `PushButton( `id(`ntconf), _("&Configure") )
- )
- )
- ),
- `HSpacing( 3 )
- ),
+ term contents =
+ `HVCenter( `HBox(
+ `Frame(_("AppArmor Status"), `HBox(
+ `VBox(
+ `VSpacing(3), `HSpacing(2),
+ `HBox (
+ `HSpacing( `opt(`hstretch), 4 ),
+ `VBox(
+ `Frame ( _("Enable AppArmor"),
+ `HBox(
+ `HVCenter( `Label( `id(`sdlabel), sdEnStr + " ")),
+ `PushButton( `id(`sdconf), _("&Configure") )
+ )
+ ),
+ `VSpacing( 1 ),
+ `Frame ( _(" Enable Security Event Notification "),
+ `HBox(
+ `HVCenter( `Label( `id(`notifyLabel), evEnStr )),
+ `PushButton( `id(`ntconf), _("C&onfigure") )
+ )
+ ),
+
+ `VSpacing( 1 ),
+ `Frame ( _("Configure Profile Modes"),
+ `HBox(
+ //`HVCenter( `Label( `id(`notifyLabel), _("Configure Modes") )),
+ `Left(`HVCenter( `Label( `id(`notifyLabel), " " + _("Set Profile Modes") ))),
+ `PushButton( `id(`modeconf), _("Co&nfigure") )
+ )
+ ),
+ `VSpacing(3), `HSpacing( 2 )
+ ),
`VSpacing(3),
- `HSpacing(8)
+ `HSpacing( `opt(`hstretch), 4 )
)))
- ));
+ )));
Wizard::CreateDialog();
Wizard::SetTitleIcon("apparmor/control_panel");
Wizard::SetContentsButtons(caption, contents, help, nil, _("&Done"));
Wizard::DisableBackButton();
- while( true ) {
- symbol ret = (symbol) UI::UserInput();
- if ( ret == `abort || ret == `cancel || ret == `next) {
- break;
- } else if (ret == `sdconf ) {
+ while( true ) {
+ symbol ret = (symbol) UI::UserInput();
+
+ if ( ret == `abort || ret == `cancel || ret == `next) {
+ break;
+ } else if (ret == `sdconf ) {
boolean sdNotEnabled = false;
if (sdIsEnabled == false) {
@@ -100,12 +108,11 @@
)),
`HBox (
`PushButton(`id(`abort), _("&Cancel") ),
- `PushButton(`id(`ok), _("&Ok") )
+ `PushButton(`id(`ok), _("&OK") )
))
);
- /* Not sure if this is the best way to do this */
/* Popup dialog to turn SD on/off */
any sdInput = UI::UserInput();
any scrret = nil;
@@ -253,105 +260,128 @@
);
Wizard::CreateDialog();
- Wizard::SetContentsButtons(_("Security Event Notification"), event_config, EventNotifyHelpText, nil, _("&Ok"));
+ Wizard::SetContentsButtons(_("Security Event Notification"), event_config, EventNotifyHelpText, nil, _("&OK"));
Wizard::DisableBackButton();
- /* Not sure if this is the best way to do this */
-
any ntInput = nil;
string notifyLabelValue = "";
- while( true ) {
- ntInput = UI::UserInput();
- if (ntInput == `next) {
- map answers = $[ ];
-
- t_freq = UI::QueryWidget(`id(`terse_freq), `Value);
- s_freq = UI::QueryWidget(`id(`summary_freq), `Value);
- v_freq = UI::QueryWidget(`id(`verbose_freq), `Value);
-
- answers["sd-set-notify"] = "yes";
- answers["terse_freq"] = tostring(t_freq);
- answers["summary_freq"] = tostring(s_freq);
- answers["verbose_freq"] = tostring(v_freq);
-
- if(t_freq != 0) {
- string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value);
- if ( t_email == nil || t_email == "" ) {
- Popup::Error( _("An email address is required for each selected notification method.") );
- continue;
- }
- answers["enable_terse"] = "yes";
- answers["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value);
- answers["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value));
-
- boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value);
- if(t_unknown == true) {
- answers["terse_unknown"] = "1";
- } else {
- answers["terse_unknown"] = "0";
- }
- } else {
- answers["enable_terse"] = "no";
- }
- if(s_freq != 0) {
- string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value);
- if ( s_email == nil || s_email == "" ) {
- Popup::Error( _("An email address is required for each selected notification method.") );
- continue;
- }
- answers["enable_summary"] = "yes";
- answers["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value);
- answers["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value));
-
- boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value);
- if(s_unknown == true) {
- answers["summary_unknown"] = "1";
- } else {
- answers["summary_unknown"] = "0";
- }
- } else {
- answers["enable_summary"] = "no";
- }
+ while( true ) {
+ ntInput = UI::UserInput();
- if(v_freq != 0) {
- string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value);
- if ( v_email == nil || v_email == "" ) {
- Popup::Error( _("An email address is required for each selected notification method.") );
- continue;
- }
- answers["enable_verbose"] = "yes";
- answers["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value);
- answers["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value));
-
- boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value);
- if(v_unknown == true) {
- answers["verbose_unknown"] = "1";
- } else {
- answers["verbose_unknown"] = "0";
- }
- } else {
- answers["enable_verbose"] = "no";
- }
+ if (ntInput == `next) {
+
+ map answers = $[ ];
+
+ t_freq = UI::QueryWidget(`id(`terse_freq), `Value);
+ s_freq = UI::QueryWidget(`id(`summary_freq), `Value);
+ v_freq = UI::QueryWidget(`id(`verbose_freq), `Value);
+
+ answers["sd-set-notify"] = "yes";
+ answers["terse_freq"] = tostring(t_freq);
+ answers["summary_freq"] = tostring(s_freq);
+ answers["verbose_freq"] = tostring(v_freq);
+
+ if(t_freq != 0) {
+
+ string t_email = (string) UI::QueryWidget(`id(`terse_email), `Value);
+
+ if ( t_email == nil || t_email == "" ) {
+ Popup::Error( _("An email address is required for each selected notification method.") );
+ continue;
+ }
+
+ answers["enable_terse"] = "yes";
+ answers["terse_email"] = (string) UI::QueryWidget(`id(`terse_email), `Value);
+ answers["terse_level"] = (string) tostring(UI::QueryWidget(`id(`terse_level), `Value));
+
+ boolean t_unknown = (boolean) UI::QueryWidget(`id(`terse_unknown), `Value);
+
+ if (t_unknown == true) {
+ answers["terse_unknown"] = "1";
+ } else {
+ answers["terse_unknown"] = "0";
+ }
+
+ } else {
+ answers["enable_terse"] = "no";
+ }
+
+ if (s_freq != 0) {
+
+ string s_email = (string) UI::QueryWidget(`id(`summary_email), `Value);
+ if ( s_email == nil || s_email == "" ) {
+ Popup::Error( _("An email address is required for each selected notification method.") );
+ continue;
+ }
+
+ answers["enable_summary"] = "yes";
+ answers["summary_email"] = (string) UI::QueryWidget(`id(`summary_email), `Value);
+ answers["summary_level"] = (string) tostring(UI::QueryWidget(`id(`summary_level), `Value));
+
+ boolean s_unknown = (boolean) UI::QueryWidget(`id(`summary_unknown), `Value);
+
+ if (s_unknown == true) {
+ answers["summary_unknown"] = "1";
+ } else {
+ answers["summary_unknown"] = "0";
+ }
+
+ } else {
+ answers["enable_summary"] = "no";
+ }
+
+ if (v_freq != 0) {
+ string v_email = (string) UI::QueryWidget(`id(`verbose_email), `Value);
+ if ( v_email == nil || v_email == "" ) {
+ Popup::Error( _("An email address is required for each selected notification method.") );
+ continue;
+ }
+
+ answers["enable_verbose"] = "yes";
+ answers["verbose_email"] = (string) UI::QueryWidget(`id(`verbose_email), `Value);
+ answers["verbose_level"] = (string) tostring(UI::QueryWidget(`id(`verbose_level), `Value));
+
+ boolean v_unknown = (boolean) UI::QueryWidget(`id(`verbose_unknown), `Value);
+
+ if (v_unknown == true) {
+ answers["verbose_unknown"] = "1";
+ } else {
+ answers["verbose_unknown"] = "0";
+ }
+ } else {
+ answers["enable_verbose"] = "no";
+ }
+
+ SCR::Execute(.sdconf, answers);
+
+ if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) {
+ notifyLabelValue = _("Notification is enabled");
+ } else {
+ notifyLabelValue = _("Notification is disabled");
+ }
+ }
+
+ Wizard::CloseDialog();
+ if ( (ntInput == `ok) || (ntInput == `next) ) {
+ UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue );
+ }
+ break;
+ }
+
+ } else if (ret == `modeconf ) {
+
+ ret = profileModeConfigForm();
+ if ( ret == `back ) {
+ displayAppArmorConfig();
+ }
+
+ break;
- SCR::Execute(.sdconf, answers);
- //Popup::Message("w00t!");
- if ( t_freq != 0 || s_freq != 0 || v_freq != 0 ) {
- notifyLabelValue = _("Notification is enabled");
- } else {
- notifyLabelValue = _("Notification is disabled");
- }
- }
- Wizard::CloseDialog();
- if ( (ntInput == `ok) || (ntInput == `next) ) {
- UI::ChangeWidget( `id(`notifyLabel), `Value, notifyLabelValue );
- }
- break;
- }
} else {
y2milestone("Weird dialogue close--incl." + tostring(ret));
}
- }
+ }
UI::CloseDialog();
/* Finish */
y2milestone("AppArmor config module finished");
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/src/locale/Make.rules new/yast2-apparmor-2.0/src/locale/Make.rules
--- old/yast2-apparmor-2.0/src/locale/Make.rules 2006-10-06 20:08:44.000000000 +0200
+++ new/yast2-apparmor-2.0/src/locale/Make.rules 2006-11-04 00:15:05.000000000 +0100
@@ -14,7 +14,7 @@
# exist
LOCALEDIR=/usr/share/locale
-XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --from-code=perl --msgid-bugs-address=apparmor-general@forge.novell.com -d ${NAME}
+XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor-general@forge.novell.com -d ${NAME}
# When making the .pot file, it's expected that the parent Makefile will
# pass in the list of sources in the SOURCES variable
@@ -28,9 +28,6 @@
${NAME}.pot: ${PARENT_SOURCES}
xgettext ${XGETTEXT_ARGS} ${PARENT_SOURCES} -o $@
-apparmor-parser.pot: ${PARENT_SOURCES}
- xgettext ${XGETTEXT_ARGS} ${PARENT_SOURCES} -o $@
-
%.mo: %.po
msgfmt -c -o $@ $<
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/src/po/Make.rules new/yast2-apparmor-2.0/src/po/Make.rules
--- old/yast2-apparmor-2.0/src/po/Make.rules 2006-10-06 20:08:44.000000000 +0200
+++ new/yast2-apparmor-2.0/src/po/Make.rules 2006-11-04 00:15:05.000000000 +0100
@@ -14,7 +14,7 @@
# exist
LOCALEDIR=/usr/share/locale
-XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --from-code=perl --msgid-bugs-address=apparmor-general@forge.novell.com -d ${NAME}
+XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor-general@forge.novell.com -d ${NAME}
# When making the .pot file, it's expected that the parent Makefile will
# pass in the list of sources in the SOURCES variable
@@ -28,9 +28,6 @@
${NAME}.pot: ${PARENT_SOURCES}
xgettext ${XGETTEXT_ARGS} ${PARENT_SOURCES} -o $@
-apparmor-parser.pot: ${PARENT_SOURCES}
- xgettext ${XGETTEXT_ARGS} ${PARENT_SOURCES} -o $@
-
%.mo: %.po
msgfmt -c -o $@ $<
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/yast2-apparmor.spec new/yast2-apparmor-2.0/yast2-apparmor.spec
--- old/yast2-apparmor-2.0/yast2-apparmor.spec 2006-10-16 18:55:09.000000000 +0200
+++ new/yast2-apparmor-2.0/yast2-apparmor.spec 2006-11-04 00:15:38.000000000 +0100
@@ -17,9 +17,9 @@
Summary: Yast2 plugins for AppArmor management
Name: yast2-apparmor
Version: 2.0
-Release: 7.11
+Release: 188
Group: Productivity/Security
-Source0: %{name}-%{version}-158.tar.gz
+Source0: %{name}-%{version}-188.tar.gz
License: GPL and LGPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -101,7 +101,7 @@
- Fixes for https://bugzilla.novell.com/show_bug.cgi?id=175388,
https://bugzilla.novell.com/show_bug.cgi?id=172061. Added support
for new profile syntax Px/Ux/m.
-* Sub Apr 2 2006 Dominic Reynolds 2.0-7.9
+* Sun Apr 2 2006 Dominic Reynolds 2.0-7.9
- Fix typo regression in profile_dialogs.ycp
* Wed Mar 30 2006 Dominic Reynolds 2.0-7.9
- Remove libapparmor as a dependency for all yast wizards (#160518)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.0/yast2-apparmor.spec.in new/yast2-apparmor-2.0/yast2-apparmor.spec.in
--- old/yast2-apparmor-2.0/yast2-apparmor.spec.in 2006-10-16 18:54:33.000000000 +0200
+++ new/yast2-apparmor-2.0/yast2-apparmor.spec.in 2006-11-04 00:15:23.000000000 +0100
@@ -17,7 +17,7 @@
Summary: Yast2 plugins for AppArmor management
Name: yast2-apparmor
Version: @@immunix_version@@
-Release: 7.11
+Release: @@repo_version@@
Group: Productivity/Security
Source0: %{name}-%{version}-@@repo_version@@.tar.gz
License: GPL and LGPL
@@ -101,7 +101,7 @@
- Fixes for https://bugzilla.novell.com/show_bug.cgi?id=175388,
https://bugzilla.novell.com/show_bug.cgi?id=172061. Added support
for new profile syntax Px/Ux/m.
-* Sub Apr 2 2006 Dominic Reynolds 2.0-7.9
+* Sun Apr 2 2006 Dominic Reynolds 2.0-7.9
- Fix typo regression in profile_dialogs.ycp
* Wed Mar 30 2006 Dominic Reynolds 2.0-7.9
- Remove libapparmor as a dependency for all yast wizards (#160518)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org