Merge pull request #2847 from 4383/improve-lxc-generator

apparmor: catch config file opening error

Merge pull request #2847 from 4383/improve-lxc-generator
1530ced3 · Stéphane Graber · GitHub · b091c341 · c70de0ea · 1530ced3
Unverified Commit 1530ced3 authored Feb 12, 2019 by Stéphane Graber Committed by GitHub Feb 12, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 31 deletions

.travis.yml .travis.yml +3 -0

lxc-generate-aa-rules.py config/apparmor/lxc-generate-aa-rules.py +44 -31

No files found.
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,6 +27,9 @@ script:
 - ../configure --enable-tests --with-distro=unknown
 - make -j4
 - make DESTDIR=$TRAVIS_BUILD_DIR/install install
+ - cd ..
+ - ./config/apparmor/lxc-generate-aa-rules.py config/apparmor/container-rules.base
+
 notifications:
  email:
    recipients:

--- a/config/apparmor/lxc-generate-aa-rules.py
+++ b/config/apparmor/lxc-generate-aa-rules.py
@@ -3,6 +3,7 @@
 import sys

 blocks = []
+denies = []

 #
 # blocks is an array of paths under which we want to block by
@@ -63,28 +64,6 @@ def add_allow(path):
            prev.append(n)
            prev = n['children']

-config = "config"
-if len(sys.argv) > 1:
-    config = sys.argv[1]
-with open(config) as f:
-    for x in f.readlines():
-        x.strip()
-        if x[:1] == '#':
-            continue
-        try:
-            (cmd, path) = x.split(' ')
-        except:  # blank line
-            continue
-        if cmd == "block":
-            add_block(path)
-        elif cmd == "allow":
-            add_allow(path)
-        else:
-            print("Unknown command: %s" % cmd)
-            sys.exit(1)
-
-denies = []
-

 def collect_chars(children, ref, index):
    r = ""
@@ -126,14 +105,48 @@ def gen_denies(pathsofar, children):
            newpath = "%s/%s" % (pathsofar, c['path'])
            gen_denies(newpath, c['children'])

-for b in blocks:
-    gen_denies(b['path'], b['children'])

-denies.sort()
+def main():
+    config = "config"
+    if len(sys.argv) > 1:
+        config = sys.argv[1]
+
+    lines = None
+    try:
+        with open(config) as f:
+            lines = f.readlines()
+    except FileNotFoundError as err:
+        print("Config file not found")
+        print(err)
+        sys.exit(1)
+
+    for line in lines:
+        line.strip()
+        if line.startswith('#'):
+            continue
+        try:
+            (cmd, path) = line.split(' ')
+        except:  # blank line
+            continue
+        if cmd == "block":
+            add_block(path)
+        elif cmd == "allow":
+            add_allow(path)
+        else:
+            print("Unknown command: %s" % cmd)
+            sys.exit(1)
+    for block in blocks:
+        gen_denies(block['path'], block['children'])
+
+    denies.sort()
+
+    genby = "  # generated by: lxc-generate-aa-rules.py"
+    for a in sys.argv[1:]:
+        genby += " %s" % a
+    print(genby)
+    for d in denies:
+        print("  %s" % d)
+

-genby = "  # generated by: lxc-generate-aa-rules.py"
-for a in sys.argv[1:]:
-    genby += " %s" % a
-print(genby)
-for d in denies:
-    print("  %s" % d)
+if __name__ == "__main__":
+    main()