Hello community, here is the log from the commit of package yast2-apparmor for openSUSE:Factory checked in at Sat Mar 7 11:47:51 CET 2009. -------- --- yast2-apparmor/yast2-apparmor.changes 2009-02-11 16:33:03.000000000 +0100 +++ /mounts/work_src_done/STABLE/yast2-apparmor/yast2-apparmor.changes 2009-03-06 18:01:07.844098000 +0100 @@ -1,0 +2,7 @@ +Fri Mar 6 17:50:03 CET 2009 - kmachalkova@suse.cz + +- AA profiles editor adjusted to the new format of parsed profile + data (bnc#480099) +- 2.18.2 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-apparmor-2.18.1.tar.bz2 New: ---- yast2-apparmor-2.18.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-apparmor.spec ++++++ --- /var/tmp/diff_new_pack.y28167/_old 2009-03-07 11:45:44.000000000 +0100 +++ /var/tmp/diff_new_pack.y28167/_new 2009-03-07 11:45:44.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package yast2-apparmor (Version 2.18.1) +# spec file for package yast2-apparmor (Version 2.18.2) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,12 +20,12 @@ Url: http://forge.novell.com/modules/xfmod/project/?apparmor Name: yast2-apparmor -Version: 2.18.1 +Version: 2.18.2 Release: 1 License: GPL v2 or later Group: Productivity/Security BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-apparmor-2.18.1.tar.bz2 +Source0: yast2-apparmor-2.18.2.tar.bz2 Prefix: /usr Summary: YaST2 - Plugins for AppArmor Profile Management Requires: yast2 perl-TimeDate @@ -51,7 +51,7 @@ jmichael@suse.de %prep -%setup -n yast2-apparmor-2.18.1 +%setup -n yast2-apparmor-2.18.2 %build %{prefix}/bin/y2tool y2autoconf @@ -101,6 +101,10 @@ [ -e $REPDIR2 ] || mkdir -p $REPDIR2 [ -e $REPDIR3 ] || mkdir -p $REPDIR3 %changelog +* Fri Mar 06 2009 kmachalkova@suse.cz +- AA profiles editor adjusted to the new format of parsed profile + data (bnc#480099) +- 2.18.2 * Wed Feb 11 2009 kmachalkova@suse.cz - Convert report names and modes to/from human readable strings (bnc#369119, bnc#371072) ++++++ yast2-apparmor-2.18.1.tar.bz2 -> yast2-apparmor-2.18.2.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.18.1/src/agents/ag_subdomain new/yast2-apparmor-2.18.2/src/agents/ag_subdomain --- old/yast2-apparmor-2.18.1/src/agents/ag_subdomain 2008-11-28 17:53:05.000000000 +0100 +++ new/yast2-apparmor-2.18.2/src/agents/ag_subdomain 2009-03-06 17:49:58.000000000 +0100 @@ -80,7 +80,8 @@ $result = Immunix::Notify::getNotifyStatus(); } elsif ( $command eq "Read" and $argument eq 'custom-includes') { my $cfg = Immunix::SubDomain::read_config("logprof.conf"); - ycp::ycpReturn(\@$cfg->{settings}{custom_includes}); + my @ret = split(' ', $cfg->{settings}{custom_includes}); + ycp::ycpReturn(\@ret); $donereturn = 1; } elsif ( $command eq "Execute" and $argument eq 'profile-syntax-check') { $result = profileSyntaxCheck(); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.18.1/src/agents/ag_subdomain_profiles new/yast2-apparmor-2.18.2/src/agents/ag_subdomain_profiles --- old/yast2-apparmor-2.18.1/src/agents/ag_subdomain_profiles 2008-05-29 15:56:01.000000000 +0200 +++ new/yast2-apparmor-2.18.2/src/agents/ag_subdomain_profiles 2009-03-06 17:49:58.000000000 +0100 @@ -68,7 +68,7 @@ my ($command, $path, $argument) = ycp::ParseCommand ($_); $argument = "NONE" if ( ! $argument ); - ycp::y2milestone ("DOM command: $command, path: $path, argument: $argument"); + ycp::y2debug ("DOM command: $command, path: $path, argument: $argument"); my $result = undef; if ( $command && $path && $argument ) { @@ -127,7 +127,15 @@ } ycp::Return( "true" ); } - } + } elsif ( $command eq "Execute") { + if ( $path eq '.mode_to_string') { + my $ret = Immunix::SubDomain::mode_to_str( $argument ); + ycp::Return($ret); + } + elsif ($path eq '.string_to_mode') { + my $ret = Immunix::SubDomain::str_to_mode( $argument ); + ycp::Return($ret); + } } else { #ycpGetCommand and ycpGetArgType is obsolete, we have those #from ycp::ParseCommand @@ -141,5 +149,5 @@ } } exit 0; - +} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.18.1/src/include/subdomain/profile_dialogs.ycp new/yast2-apparmor-2.18.2/src/include/subdomain/profile_dialogs.ycp --- old/yast2-apparmor-2.18.1/src/include/subdomain/profile_dialogs.ycp 2008-11-28 17:53:05.000000000 +0100 +++ new/yast2-apparmor-2.18.2/src/include/subdomain/profile_dialogs.ycp 2009-03-06 17:49:58.000000000 +0100 @@ -11,6 +11,7 @@ import "Wizard"; import "Popup"; import "Label"; +import "Map"; include "subdomain/capabilities.ycp"; textdomain "yast2-apparmor"; @@ -65,7 +66,7 @@ ); if ( linuxcapname != "" ) { - UI::ChangeWidget( `id(`caps), `CurrentValue, linuxcapname ); + UI::ChangeWidget( `id(`caps), `CurrentItem, linuxcapname ); } map event2 = $[]; @@ -85,13 +86,13 @@ } } until ( id2 == `save || id2 == `cancel ); - map<string, integer> newcapmap = $[]; + map<string, map> newcapmap = $[]; if ( id2 == `save ) { list<any> selectedcaps = (list<any>) UI::QueryWidget( `id(`caps), `SelectedItems ); string s = ""; foreach( any cpname, selectedcaps, { s = linnametolp[tostring(cpname)]:""; - newcapmap = add( newcapmap, s, 1); + newcapmap = add( newcapmap, s, $["audit":0, "set":1]); }); } UI::CloseDialog(); @@ -202,7 +203,7 @@ event2 = UI::WaitForEvent( timeout_millisec ); id2 = event2["ID"]:nil; // We'll need this often - cache it if ( id2 == `famItems ) { - if ( tostring(UI::QueryWidget( `famItems, `Value )) == "`allfam" ) { + if ( UI::QueryWidget( `famItems, `Value ) == `allfam ) { UI::ChangeWidget( `typeItems, `Value, `alltype ); UI::ChangeWidget( `typeItems, `Enabled, false ); } else { @@ -212,12 +213,12 @@ } until ( id2 == `save || id2 == `cancel ); if ( id2 == `save ) { rule = "network"; - string famselection = tostring(UI::QueryWidget( `famItems, `Value )); - string typeselection = tostring(UI::QueryWidget( `typeItems, `Value )); - if ( famselection != "`allfam" ) { - rule = rule + " " + regexpsub(famselection, "^`(.+)$", "\\1"); - if ( typeselection != "`alltype" ) { - rule = rule + " " + regexpsub(typeselection, "^`(.+)$", "\\1"); + symbol famselection = (symbol) UI::QueryWidget( `famItems, `Value ); + symbol typeselection = (symbol) UI::QueryWidget( `typeItems, `Value ); + if ( famselection != `allfam ) { + rule = rule + " " + substring( tostring(famselection), 1); + if ( typeselection != `alltype ) { + rule = rule + " " + substring( tostring(typeselection), 1); } } } else { @@ -519,53 +520,69 @@ define map deleteNetworkRule( map netRules, string rule ) { + map audit = netRules["audit"]:$[]; + map rules = netRules["rule"]:$[]; list netlist = splitstring( rule, " " ); integer netrulesize = size( netlist ); string family = ""; string sockettype = ""; if ( netrulesize == 1 ) { - return ( $[] ); + audit = $[]; + rules = $[]; } else if ( netrulesize == 2 ) { family = netlist[1]:""; - netRules = remove( netRules, family ); + audit = remove( audit, family ); + rules = remove( rules, family ); } else if ( netrulesize == 3 ) { family = netlist[1]:""; sockettype = netlist[2]:""; - any fam = netRules[family]:nil; + map a = audit[family]:$[]; + map r = rules[family]:$[]; + a = remove(a, sockettype); + r = remove(r, sockettype); + audit[family] = a; + rules[family] = r; + /*any fam = netRules[family]:nil; if ( is( fam, map ) ) { fam = remove( ((map) fam), sockettype ); netRules[family] = fam; } else { y2warning("deleteNetworkRule: deleting non-existing rule: " + rule); - } + }*/ } - return( netRules ); + return $["audit" : audit, "rule" : rules]; } define map addNetworkRule( map netRules, string rule ) { + map audit = netRules["audit"]:$[]; + map rules = netRules["rule"]:$[]; list netlist = splitstring( rule, " " ); integer netrulesize = size( netlist ); string family = ""; string sockettype = ""; if ( netrulesize == 1 ) { - return ( $["all":1] ); - } else if ( netrulesize == 2 ) { - //string all_net = netRules["all"]:nil; - if ( netRules["all"]:nil != nil ) { - netRules = remove( netRules, "all" ); - } - family = netlist[1]:""; - netRules[family] = "1"; - } else if ( netrulesize == 3 ) { - if ( netRules["all"]:nil != nil ) { - netRules = remove( netRules, "all" ); - } - family = netlist[1]:""; - sockettype = netlist[2]:""; - any any_fam = netRules[family]:nil; + return ( $["audit" : $["all":1], "rule" : $["all" :1] ] ); + } + else{ + if (haskey(audit, "all") && haskey(rules, "all")) { + audit = remove(audit, "all"); + rules = remove(rules, "all"); + } + + if ( netrulesize == 2 ) { + family = netlist[1]:""; + audit[family] = 0; + rules[family] = 1; + } else if ( netrulesize == 3 ) { + family = netlist[1]:""; + sockettype = netlist[2]:""; + audit[family] = add(audit[family]:$[], sockettype,0); + rules[family] = add(rules[family]:$[], sockettype,1); + } + /*any any_fam = netRules[family]:nil; map fam = nil; if ( is( any_fam, map ) ) { fam = (map) any_fam; @@ -574,9 +591,9 @@ fam = $[]; } fam[sockettype] = "1"; - netRules[family] = fam; + netRules[family] = fam;*/ } - return netRules; + return $[ "audit": audit, "rule": rules]; } define map editNetworkRule( map netRules, string old, string new ) { @@ -590,24 +607,30 @@ // define list<term> generateTableContents( map paths, map network, map caps, map includes, map hats ) { - list<term> newlist = []; + list<term> newlist = []; + integer indx = 0; foreach( string hatname, any hat, (map<string,map>) hats, { newlist = add( newlist, `item( `id(indx), "[+] ^"+ hatname, "")); indx = indx+1; }); + foreach( string incname, integer incval, (map<string,integer>) includes, { newlist = add( newlist, `item( `id(indx), "#include " +incname, "")); indx = indx+1; }); - foreach( string capname, integer capval, (map<string,integer>) caps, { + + foreach( string capname, map capval, (map<string,map>) caps, { map capdef = capdefs[capname]:nil; newlist = add( newlist, `item( `id(indx), capdef["name"]:"", "")); indx = indx+1; }); - foreach( string name, string val, (map<string,string>) paths, { - newlist = add( newlist, `item( `id(indx), name, val)); + + foreach( string name, map val, (map<string,map>) paths, { + string mode = (string) SCR::Execute(.subdomain_profiles.mode_to_string, val["mode"]:0); + newlist = add( newlist, `item( `id(indx), name, mode)); indx = indx+1; }); - foreach( string family, any any_fam, (map<string,any>) network, { + map rules = network["rule"]:$[]; + foreach( string family, any any_fam, (map<string,any>) rules, { if ( is( any_fam, map ) ) { foreach( string socktype, any any_type, (map<string,any>) any_fam, { newlist = add( newlist, @@ -725,10 +748,10 @@ if ( !hat ) { hats = collectHats( profile_map, pathname ); } - map paths = (map) profile["path"]:$[]; - map caps = (map) profile["capability"]:$[]; + map paths = (map) profile["allow","path"]:$[]; + map caps = (map) profile["allow","capability"]:$[]; map includes = (map) profile["include"]:$[]; - map netdomain = (map) profile["netdomain"]:$[]; + map netdomain = (map) profile["allow", "netdomain"]:$[]; list<term> profilelist = generateTableContents( paths, netdomain, caps, @@ -828,11 +851,11 @@ { event = UI::WaitForEvent( timeout_millisec ); id = event["ID"]:nil; // We'll need this often - cache it + integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); if ( (( id == `table ) && (event["EventReason"]:nil == "Activated" )) || ( id == `edit) ) { // Widget activated in the table - integer itemselected = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); integer findcap = find( rule, "CAP_"); integer findinc = find( rule, "#include"); @@ -841,7 +864,7 @@ string oldrule = rule; if ( findcap == 0 ) { caps = capabilityEntryPopup( caps, rule, pathname ); - profile["capability"] = caps; + profile["allow", "capability"] = caps; } else if ( findinc == 0 ) { Popup::Error(_("Include entries can not be edited. Please select add or delete to manage Include entries.")); continue; @@ -854,19 +877,19 @@ if ( newrule != "" && newrule != rule ) { netdomain = editNetworkRule( netdomain, rule, newrule ); } - profile["netdomain"] = netdomain; + profile["allow","netdomain"] = netdomain; } else { string perms = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 2, ""); map results = fileEntryPopup( rule, perms, pathname ); - string newperms = ""; - newperms = results["PERM"]:""; + integer newperms = 0; + newperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, results["PERM"]:""); rule = results["FILE"]:""; if ( rule != "" ) { if ( rule != oldrule ) { paths = remove( paths, oldrule ); } - paths = add(paths, rule, newperms ); - profile["path"] = paths; + paths = add(paths, rule, $[ "audit": 0, "mode": newperms]); + profile["allow","path"] = paths; } } profile_map[pathname] = profile; @@ -877,9 +900,9 @@ includes, hats ); UI::ChangeWidget( `id(`table), `Items, profilelist ); + UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); } else if ( id == `delete ) { - integer selectedid = ((integer) UI::QueryWidget(`id(`table), `CurrentItem) ); - string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(selectedid)), 1, ""); + string rule = (string) select((term) UI::QueryWidget(`id(`table), `Item(itemselected)), 1, ""); integer findcap = find( rule, "CAP_"); integer findinc = find( rule, "#include"); integer findhat = find( rule, "[+] ^"); @@ -888,20 +911,21 @@ if ( findcap == 0 ) { string capNameToDelete = linnametolp[rule]:""; caps = remove( caps, capNameToDelete ); - profile["capability"] = caps; + profile["allow", "capability"] = caps; } else if ( findinc == 0 ) { string includeToRemove = substring( rule, 9); includes = remove( includes, includeToRemove ); profile["include"] = includes; } else if ( findhat == 0 ) { string hatToRemove = substring( rule, 5); + hats = remove( hats, hatToRemove); profile_map = remove( profile_map, hatToRemove ); } else if ( findnet == 0 ) { netdomain = deleteNetworkRule( netdomain, rule ); - profile["netdomain"] = netdomain; + profile["allow","netdomain"] = netdomain; } else { paths = remove( paths, rule ); - profile["path"] = paths; + profile["allow","path"] = paths; } profile_map[pathname] = profile; Settings["PROFILE_MAP"] = profile_map; @@ -911,9 +935,10 @@ includes, hats ); UI::ChangeWidget( `id(`table), `Items, profilelist ); + UI::ChangeWidget( `id(`table), `CurrentItem, (itemselected == 0) ? 0 : itemselected -1 ); } else if ( id == `file || id == `dir ) { string addfname = ""; - string addperms = ""; + integer addperms = 0; map newentry = nil; if ( id == `dir ) { newentry = dirEntryPopup( "", "", pathname ); @@ -924,10 +949,10 @@ continue; } addfname = newentry["FILE"]:""; - addperms = newentry["PERM"]:""; + addperms = (integer) SCR::Execute(.subdomain_profiles.string_to_mode, newentry["PERM"]:""); // Make sure that the entry doesn't already exist - paths = add( paths, addfname, addperms ); - profile["path"] = paths; + paths = add( paths, addfname, $["audit":0, "mode": addperms] ); + profile["allow","path"] = paths; profile_map[pathname] = profile; Settings["PROFILE_MAP"] = profile_map; list<term> profilelist = generateTableContents( paths, @@ -936,9 +961,10 @@ includes, hats ); UI::ChangeWidget( `id(`table), `Items, profilelist ); + UI::ChangeWidget( `id(`table), `CurrentItem, itemselected ); } else if ( id == `cap ) { caps = capabilityEntryPopup( caps, "", pathname ); - profile["capability"] = caps; + profile["allow","capability"] = caps; profile_map[pathname] = profile; Settings["PROFILE_MAP"] = profile_map; list<term> profilelist = generateTableContents( paths, @@ -956,16 +982,14 @@ return `showhat; } } else if ( id == `include ) { - any ci = SCR::Read(.subdomain, "custom-includes"); - list <any> customIncludes = tolist(ci); + list <string> customIncludes = (list <string>) SCR::Read(.subdomain, "custom-includes"); string newInclude = UI::AskForExistingFile( "/etc/apparmor.d/abstractions", "", _("Select File To Include")); if ( newInclude == nil || (string)newInclude == "" ) { continue; } list <string> validIncludes = [ "/etc/apparmor.d/abstractions", "/etc/apparmor.d/program-chunks", "/etc/apparmor.d/tunables" ]; - foreach( any incPath, (list<any>) customIncludes, { - string incPathStr = tostring(incPath); - validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPathStr); + foreach( string incPath, customIncludes, { + validIncludes = add( validIncludes, "/etc/apparmor.d/" + incPath); }); integer result = 0; @@ -1000,7 +1024,7 @@ string newrule = networkEntryPopup( "" ); if ( newrule != "" ) { netdomain = addNetworkRule( netdomain, newrule ); - profile["netdomain"] = netdomain; + profile["allow","netdomain"] = netdomain; profile_map[pathname] = profile; Settings["PROFILE_MAP"] = profile_map; list<term> profilelist = generateTableContents( paths, @@ -1026,8 +1050,8 @@ } } else { if ( ! haskey(hats, Settings["CURRENT_HAT"]:"") ) { - profile["path"] = paths; - profile["capability"] = caps; + profile["allow","path"] = paths; + profile["allow","capability"] = caps; profile["include"] = includes; profile_map[pathname] = profile; Settings["PROFILE_MAP"] = profile_map; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-apparmor-2.18.1/VERSION new/yast2-apparmor-2.18.2/VERSION --- old/yast2-apparmor-2.18.1/VERSION 2009-02-11 15:29:36.000000000 +0100 +++ new/yast2-apparmor-2.18.2/VERSION 2009-03-06 17:50:55.000000000 +0100 @@ -1 +1 @@ -2.18.1 +2.18.2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org