[apparmor] [PATCH] Check expect profiles are present after load/replace

[John Johansen]

On 08/10/2010 11:44 AM, Steve Beattie wrote:
> On Tue, Aug 10, 2010 at 09:28:29AM -0400, John Johansen wrote:
>> On 08/10/2010 12:31 AM, Kees Cook wrote:
>>> On Sun, Aug 08, 2010 at 03:47:32AM -0700, John Johansen wrote:
>>>> This admittedly hackish bit of bash ensures that the profiles that the
>>>> test suite just loaded are in fact listed as being present in the kernel.
>>>> I don't think this is ready to commit yet as I think it can be improved,
>>>> and am looking for feedback or alternate patches to clean it up.
>>>
>>> This looks fine for the regression test hardness, IMO.
>>>
>>>> +	#check to see if the profiles are actually loaded
>>>> +	for f in `cat $profilenames` ; do
>>>> +		grep -q "^${f} \(.*\)$" ${sys_profiles}
>>>
>>> Maybe improve the grep to:
>>>     grep -Eq ^"$f"' \([^)]+\)$' ${sys_profiles}
>>>
>> done, and I took this as an ack and checked it in.
> 
> That's fine, though I was going to ask if the added uservars.inc entry
> was really necessary. Do you have experimental patches planned that will
> have apparmor profile listings reported in alternate locations?
> 
well no, though profile listings will change completely with new
upstream interfaces.  Basically it was done because its a constant
and I have had it beaten into me to give the constants a single easy
to update location and uservars.inc seemed like the place.