[PATCH 2/4] virt-aa-helper: Add new purge (-P) option
Currently there is no way to remove the profile file.
This commit provides this functionality (required for next commit).
Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki(a)canonical.com>
---
src/security/virt-aa-helper.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 269c372704..5ec0fb8807 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -101,6 +101,7 @@ vah_usage(void)
" -a | --add load profile\n"
" -c | --create create profile from
template\n"
" -D | --delete unload profile and delete generated
rules\n"
+ " -P | --purge purge profile\n"
" -r | --replace reload profile\n"
" -R | --remove unload profile\n"
" Options:\n"
@@ -1361,13 +1362,14 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
{"add-file", 0, 0, 'f'},
{"append-file", 0, 0, 'F'},
{"help", 0, 0, 'h'},
+ {"purge", 0, 0, 'P'},
{"replace", 0, 0, 'r'},
{"remove", 0, 0, 'R'},
{"uuid", 1, 0, 'u'},
{0, 0, 0, 0}
};
- while ((arg = getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:", opt,
+ while ((arg = getopt_long(argc, argv, "acdDhPrRH:b:u:p:f:F:", opt,
&idx)) != -1) {
switch (arg) {
case 'a':
@@ -1391,6 +1393,9 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
vah_usage();
exit(EXIT_SUCCESS);
break;
+ case 'P':
+ ctl->cmd = 'P';
+ break;
case 'r':
ctl->cmd = 'r';
break;
@@ -1456,7 +1461,7 @@ static int create_profile(vahControl *ctl, char *profile, char
*include_file)
return rc;
}
-static int remove_profile(vahControl *ctl, char *include_file)
+static int remove_profile(vahControl *ctl, char *profile, char *include_file)
{
int rc = 0;
@@ -1464,6 +1469,8 @@ static int remove_profile(vahControl *ctl, char *include_file)
return rc;
if (ctl->cmd == 'D')
unlink(include_file);
+ if (ctl->cmd == 'P')
+ unlink(profile);
return rc;
}
@@ -1519,7 +1526,7 @@ main(int argc, char **argv)
if (ctl->cmd == 'a') {
rc = parserLoad(ctl->uuid);
} else if (ctl->cmd == 'R' || ctl->cmd == 'D') {
- rc = remove_profile(ctl, include_file);
+ rc = remove_profile(ctl, profile, include_file);
} else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
char *included_files = NULL;
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
--
2.17.1