2
# automatically repair apparmor profiles that have had their supporting
3
# infrastructure refactored out from underneath them
5
# note -i in shebang line -- this program will modify in-place
6
# profiles or #include chunks specified on the command line without
7
# backups. Please make some yourself and inspect the changes made by
8
# this tool to ensure they look correct.
10
# It'll try to fix up #include files (supplied by SUSE/Immunix) that have
11
# moved; it will also inspect many #include files that exist solely
12
# for netdomain rule separation, and either remove the #include line
13
# from profiles/includes or suck in the contents of the specific file,
14
# depending if there was any non-netdomain content.
16
# If you haven't modified any of the files listed in the @useless array,
17
# you probably don't have to concern yourself with the complicated part
18
# of the previous paragraph. If you did modify any of those files, this
19
# tool will inspect those for changes, try to update any lines in those
20
# files for correctness, and insert those lines directly into the
21
# referencing profiles.
25
# count the number of 'interesting' lines in the file
29
return $count_cache{$name} if $count_cache{$name};
31
open FH, $name or return 1; # can't tell -> not empty
35
if (m/^[^#]*#include/) {
38
# just a comment, skip it
39
} elsif (m/\s*tcp_/) {
40
# netdomain rules are unenforced, skip it
41
} elsif (m/\s*udp_/) {
42
# netdomain rules are unenforced, skip it
49
$count_cache{$name} = $linecount;
54
# given a single line from a profile, perform some search/replace
55
# operations to reflect new locations for old files.
57
# change #include lines that reference files in the @useless array:
58
# don't print the #include any more, and either suck in the contents of
59
# the referenced file (calling itself recursively to fix up _those_
60
# files) or just leave well enough alone, if the file had no
61
# 'interesting' lines as defined above.
64
# renamed around SuSE 9.3
65
"abstractions/kde3" => "abstractions/kde",
66
"abstractions/user-GTK" => "abstractions/gnome",
67
"abstractions/user-Xauthority" => "abstractions/X",
69
# user-custom -> program-chunks around SHASS 1.1, but these changed dirs
70
"user-custom/fonts" => "abstractions/fonts",
71
"user-custom/kde3" => "abstractions/kde",
72
"user-custom/user-GTK" => "abstractions/gnome",
73
"user-custom/user-mail" => "abstractions/user-mail",
74
"user-custom/user-manpages" => "abstractions/user-manpages",
75
"user-custom/user-Xauthority" => "abstractions/X",
76
"user-custom/user-tmp" => "abstractions/user-tmp",
78
# try to forget the -files
79
"program-chunks/base-files" => "abstractions/base",
80
"program-chunks/nameservice-files" => "abstractions/nameservice",
81
"immunix-standard/base-files" => "abstractions/base",
82
"immunix-standard/nameservice-files" => "abstractions/nameservice",
84
# immunix-standard -> program-chunks
85
"immunix-standard/postfix-bounce" => "program-chunks/postfix-bounce",
86
"immunix-standard/postfix-cleanup" => "program-chunks/postfix-cleanup",
87
"immunix-standard/postfix-common" => "program-chunks/postfix-common",
88
"immunix-standard/postfix-flush" => "program-chunks/postfix-flush",
89
"immunix-standard/postfix-local" => "program-chunks/postfix-local",
90
"immunix-standard/postfix-master" => "program-chunks/postfix-master",
91
"immunix-standard/postfix-nqmgr" => "program-chunks/postfix-nqmgr",
92
"immunix-standard/postfix-pickup" => "program-chunks/postfix-pickup",
93
"immunix-standard/postfix-proxymap" => "program-chunks/postfix-proxymap",
94
"immunix-standard/postfix-qmgr" => "program-chunks/postfix-qmgr",
95
"immunix-standard/postfix-showq" => "program-chunks/postfix-showq",
96
"immunix-standard/postfix-smtp" => "program-chunks/postfix-smtp",
97
"immunix-standard/postfix-smtpd" => "program-chunks/postfix-smtpd",
98
"immunix-standard/postfix-trivial-rewrite" => "program-chunks/postfix-trivial-rewrite",
99
"immunix-standard/apache-default-uri" => "program-chunks/apache-default-uri",
100
"immunix-standard/at" => "program-chunks/at",
103
# chunks that immunix tools never populated -- lets remove the ones that
104
# don't have any useful information
106
program-chunks/base-nd
107
program-chunks/portmap-nd
108
program-chunks/postfix-local-nd
109
program-chunks/postfix-master-nd
110
program-chunks/postfix-proxymap-nd
111
program-chunks/postfix-smtpd-nd
112
program-chunks/postfix-smtp-nd
114
user-custom/portmap-nd
115
user-custom/postfix-local-nd
116
user-custom/postfix-master-nd
117
user-custom/postfix-proxymap-nd
118
user-custom/postfix-smtpd-nd
119
user-custom/postfix-smtp-nd
120
immunix-standard/base-nd
121
immunix-standard/portmap-nd
122
immunix-standard/postfix-local-nd
123
immunix-standard/postfix-master-nd
124
immunix-standard/postfix-proxymap-nd
125
immunix-standard/postfix-smtpd-nd
126
immunix-standard/postfix-smtp-nd
130
program-chunks/identd
132
program-chunks/ipop2d
133
program-chunks/ipop3d
138
program-chunks/ntalkd
140
program-chunks/postgres
141
program-chunks/rpc.lockd
142
program-chunks/rpc.nfsd
143
program-chunks/rpc.statd
145
program-chunks/sendmail.sendmail
146
program-chunks/shells
147
program-chunks/slocate
152
program-chunks/syslogd
157
# create an alternation to speed up the regexp below
158
my $useless = join('|', @useless);
163
$line =~ s/#include\s+<([^>]+)>/$i = (exists $transforms{$1}) ? $transforms{$1} : "$1"; "#include <$i>"/e;
165
if ($line =~ m/\s*#include\s+<($useless)>/) {
167
if (numlines("/etc/subdomain.d/$file") > 0) {
168
my $succ = open INC, "/etc/subdomain.d/$file";
170
print STDERR "Error opening /etc/subdomain.d/$file\n";
172
while(my $included_line = <INC>) {
173
print fixup_loop($included_line);
178
$line = ""; # this line has been handled by the file
184
# call fixup on a single entry repeatedly -- this way, we can encode
185
# 'small' changes in the fixup routine when they are made, rather than
186
# encoding all possible starting points and which specific end point
193
$line = fixup($saved);
194
} until ($line eq $saved);
198
# main entry point; fix each line in every file in argv.
200
print fixup_loop($_);