[Reportbug-commits] [reportbug] 19/38: Add AppArmor status in the bug reports (Closes: #773346)

Sandro Tosi morph at moszumanska.debian.org
Fri Dec 29 04:33:44 UTC 2017 

This is an automated email from the git hooks/post-receive script.

morph pushed a commit to branch master
in repository reportbug.

commit f2cc06d6696a35288f109681d57fd313b6334627
Author: intrigeri <intrigeri at debian.org>
Date:   Thu Oct 26 16:18:19 2017 +0000

    Add AppArmor status in the bug reports (Closes: #773346)
    
    …using aa-enabled(1).
    
    aa-enabled is shipped in the apparmor binary package so this check is not 100%
    correct: technically, the AppArmor LSM can be enabled without the apparmor
    package being installed, and in this case we won't tell about it in the
    generated bug report. But for all practical matters, from reportbug's
    perspective, this corner case is equivalent to AppArmor being disabled: without
    apparmor_parser installed one can't compile and load policy into the kernel, so
    the LSM is essentially a no-op.
    
    Other, discarded options:
    
     - LibAppArmor.aa_is_enabled() would work, but it adds a dependency
       for little value; it's still an option on the table if the reportbug
       maintainers prefer not to shell out though.
     - checking /sys/module/apparmor/parameters/enabled would work, but it's too
       low-level for my taste.
---
 reportbug/utils.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/reportbug/utils.py b/reportbug/utils.py
index 532868a..b00610e 100644
--- a/reportbug/utils.py
+++ b/reportbug/utils.py
@@ -1312,8 +1312,16 @@ def get_lsm_info():
     cannot be determined."""
 
     lsminfo = None
+
+    if os.path.exists('/usr/bin/aa-enabled') \
+       and (subprocess.call(['/usr/bin/aa-enabled', '--quiet']) == 0):
+        lsminfo = 'AppArmor: enabled'
+
     if os.path.exists('/usr/sbin/selinuxenabled') and (subprocess.call(['/usr/sbin/selinuxenabled']) == 0):
-        lsminfo = 'SELinux: enabled - '
+        if lsminfo is None:
+            lsminfo = 'SELinux: enabled - '
+        else:
+            lsminfo += '; SELinux: enabled - '
         enforce_status = subprocess.check_output(['/usr/sbin/getenforce']).decode('ascii')
         lsminfo += 'Mode: %s - ' % enforce_status[:-1]
         with open('/etc/selinux/config', 'r') as f:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reportbug/reportbug.git

More information about the Reportbug-commits mailing list