add scripts
Signed-off-by: Martin Matous <m@matous.dev>
This commit is contained in:
parent
c6c66648ea
commit
5a4419bb4e
GPG key ID:
8BED4CD352953224
12 changed files with 802 additions and 1 deletions
71
sync-apparmor.py
Executable file
71
sync-apparmor.py
Executable file
|
|
@ -0,0 +1,71 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import argparse
|
||||
import os
|
||||
import shutil
|
||||
import sys
|
||||
|
||||
from pathlib import Path
|
||||
|
||||
def prune_unused_profiles(dest_profile_folder: Path) -> None:
|
||||
for root, dirs, files in os.walk(dest_profile_folder):
|
||||
for name in files:
|
||||
target_binary = Path('/' + name.replace('.', '/'))
|
||||
if not target_binary.exists():
|
||||
profile_path = os.path.join(root, name)
|
||||
print(f'Removing {profile_path}')
|
||||
os.remove(profile_path)
|
||||
|
||||
for folder in dirs:
|
||||
fullpath = os.path.join(root, folder)
|
||||
if not os.listdir(fullpath):
|
||||
print(f'Removing empty directory {fullpath}')
|
||||
os.rmdir(fullpath)
|
||||
|
||||
|
||||
def install_profiles(source_folder: Path, dest_profile_folder: Path) -> None:
|
||||
for root, dirs, files in os.walk(source_folder):
|
||||
for name in files:
|
||||
target_binary = Path('/' + name.replace('.', '/'))
|
||||
print(f'Testing {target_binary}')
|
||||
if target_binary.exists():
|
||||
print(f'Adding profile for {target_binary}')
|
||||
profile_path = os.path.join(root, name)
|
||||
shutil.copy2(profile_path, dest_profile_folder)
|
||||
|
||||
parser = argparse.ArgumentParser(
|
||||
description='Install or prune apparmor profiles',
|
||||
usage='/sync-apparmor.py ~/playground/apparmor-profiles/ /etc/apparmor.d/local/',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--dry-run', '-d', action='store_true',
|
||||
help="Don't change files, only output what would be done")
|
||||
parser.add_argument(
|
||||
'--prune-destination', '-r', action='store_true',
|
||||
help="Check whether target binaries for profiles in dest exist. Delete profiles if not.")
|
||||
parser.add_argument(
|
||||
'--sync-source', '-s', action='store_true',
|
||||
help="Check whether target binaries for profiles in dest exist. Copy profiles from source if so.")
|
||||
parser.add_argument(
|
||||
'source_folder', type=Path,
|
||||
help='Folder to copy AppArmor profiles from')
|
||||
parser.add_argument(
|
||||
'dest', type=Path,
|
||||
help='Folder to copy AppArmor profiles to')
|
||||
args = parser.parse_args()
|
||||
|
||||
if Path.home() == Path('/root'):
|
||||
print('$HOME is /root, maybe you forgot to use sudo -E?')
|
||||
|
||||
if args.dry_run:
|
||||
shutil.copy2 = lambda *args: None
|
||||
os.remove = lambda *args: None
|
||||
os.rmdir = lambda *args: None
|
||||
none_defined = not(args.prune_destination and args.sync_source)
|
||||
if none_defined:
|
||||
prune_unused_profiles(args.dest)
|
||||
install_profiles(args.source_folder, args.dest)
|
||||
if args.prune_destination:
|
||||
prune_unused_profiles(args.dest)
|
||||
if args.sync_source:
|
||||
install_profiles(args.source_folder, args.dest)
|
||||
Loading…
Add table
Add a link
Reference in a new issue