2
# ------------------------------------------------------------------
4
# Copyright (C) 2002-2005 Novell/SUSE
6
# This program is free software; you can redistribute it and/or
7
# modify it under the terms of version 2 of the GNU General Public
8
# License published by the Free Software Foundation.
10
# ------------------------------------------------------------------
12
################################################################################
15
# - Generates list of profiles with complain/enforce info
16
# - Toggles profiles between complain/enforce modes
19
# - /usr/lib/perl5/vendor_perl/Immunix/SubDomain.pm
22
# - param 'showall' == 1 to change modes for profiles without associated
23
# binaries (i.e. 'inactive' profiles), 'showall' effects all of the
24
# parameters listed below
25
# - param 'all' to change modes for all active profiles
26
# - profile names to change, for single profiles
27
# - nothing if listing just active profiles
29
# - may allow multiple profiles in the future
31
################################################################################
38
use Immunix::SubDomain;
40
setlocale(LC_MESSAGES, "");
41
textdomain("yast2-apparmor");
43
our $UI_Mode = "yast-agent";
50
if ( ! -f "$profiledir/$profName" ) {
52
ycp::y2milestone("Couldn't find file $profiledir/$profName.");
54
} elsif (open PROF, "<$profiledir/$profName") {
58
$profPath = (split(/\s+[\{||flag]/, $_))[0];
66
ycp::y2milestone("Couldn't open $profiledir/$profName for reading.");
71
# checks for reasonable filename characteristics
76
my $allProfs = shift || 0;
79
if ( $profName !~ /^\// ) {
80
$profPath = getProfPath($profName);
82
$profPath = $profName;
85
# Only allow profiles with installed binaries unless specified with $allProfs
86
if ( $allProfs != 1 && ! -f $profPath ) {
91
if ( ($profPath !~ /^\./) &&
92
($profPath !~ /.save$|.new$/) &&
93
($profPath !~ /\s/) &&
94
($profPath !~ /([!#-\@\w])\.$/) &&
95
(length($profPath) <= 128) ) {
105
# returns dot-format profile filenames
109
my $allProfs = $args->{'showall'} || 0;
115
if ( opendir (MDIR, $profiledir) ) {
117
@rawList = grep { ! /^\./ && ! /^lib(\d*)[\.|\/]ld/ && -f "$profiledir/$_"
118
&& ! /\.rpm(new|save)$/
124
$error = "Couldn't open directory $profiledir. Exiting.";
125
ycp::y2error("$error");
129
# Remove profiles without installed binaries by default
130
if ( $allProfs ne '1' ) {
131
for my $prof (@rawList) {
132
if (! badFileName($prof,$allProfs)) {
133
push (@profList, $prof);
137
@profList = @rawList;
143
# returns both the dot-format and pathnames for profiles
147
my $profList = getProfList($args);
151
for my $dotProf (@$profList) {
152
if (open PROF, "<$profiledir/$dotProf") {
156
$prof->{'dot'} = $dotProf;
157
$prof->{'path'} = (split(/\s+[\{||flag]/, $_))[0];
158
push(@rawHash, $prof);
165
# Remove profiles without installed binaries by default
166
if ( $args->{'showall'} ne '1' ) {
167
for my $prof (@rawHash) {
168
if (! badFileName($prof->{'path'}, $args->{'showall'})) {
169
push (@profHash, $prof);
173
@profHash = @rawHash;
177
ycp::y2error("Couldn't open $profiledir/$dotProf");
187
my $profList = shift;
188
my @profModeList = ();
190
for my $profName (@$profList) {
194
next if (-d $profName);
195
next if ($profName =~ /^\./);
196
next if ($profName =~ /.save$|.new$/);
198
if ( open(PROFILE, "$profiledir/$profName")) {
202
if (m/^\s*\/\S+\s+(flags=\(.+\)\s+)*{\s*$/) {
207
$flag =~ s/flags=\((.+)\)/$1/;
209
last; # only one profile except in /lib*/ld* which is a special case
216
ycp::y2milestone( "Couldn't open profile $profName for reading.");
219
if (! $flag) { $flag = 'enforce'};
226
# Don't add profile entries if the file doesn't exist
227
if ( $prof->{'name'} ) {
228
push(@profModeList, $prof);
233
return \@profModeList;
239
my $profList = getProfList($args);
240
my $profModeList = getProfModes($profList);
242
return $profModeList;
250
my $profMode = undef;
252
if ( $args->{'mode'} eq 'complain' ) {
253
$profMode = 'complain';
258
# Change just the profile listed, if an associated binary exists
259
if ( $args->{'profile'} ) {
260
my $profName = getProfPath("$args->{'profile'}");
262
if ( badFileName($args->{'profile'}, $args->{'showall'} )) {
263
ycp::y2milestone("Bad profile: $profName. Skipping.");
264
} elsif ( $args->{'showall'} && $args->{'showall'} == 1 ) {
265
setprofileflags("$profiledir/$args->{'profile'}", "$profMode");
268
if ($profMode eq 'complain') {
269
Immunix::SubDomain::complain("$profName");
271
Immunix::SubDomain::enforce("$profName");
275
# Change all profiles, regardless of whether the associated binary exists
276
} elsif ( $args->{'showall'} && $args->{'showall'} == 1 ) {
278
my $profHash = getProfHash($args);
279
for my $prof (@$profHash) {
280
setprofileflags("$profiledir/$prof->{'dot'}", "$profMode");
283
# Change all profiles with associated existing binaries
284
} elsif ( $args->{'all'} == 1 ) {
286
my $profHash = getProfHash($args);
288
for my $prof (@$profHash) {
290
if ( badFileName($prof->{'path'}), $args->{'showall'} ) {
291
ycp::y2milestone("Bad profile: $prof->{'path'}. Skipping.");
292
} elsif ($profMode eq 'complain') {
293
Immunix::SubDomain::complain("$prof->{'path'}");
295
Immunix::SubDomain::enforce("$prof->{'path'}");
301
my $error = "ag_complain: Profile name needed for changing complain mode is missing. Exiting.";
302
ycp::y2milestone("$error");
310
################################################################################
313
my ($command, $path, $args) = ycp::ParseCommand ($_);
314
if ($command && $path && $args) {
318
if ($args->{'mode'} && $args->{'mode'} =~ m/^(complain|enforce)$/ ) {
321
$db = getProfStatus($args);
324
if ( defined($db) ) {
331
my $error = "ag_complain: Unknown instruction or argument";
332
ycp::y2milestone("$error");