Proposal to remove PCRE support
Steve Beattie
steve at nxnw.org
Wed Jun 16 16:49:49 BST 2010
[Sorry, due to an insufficient coffee error, I didn't finish what I was
trying to say.]
On Wed, Jun 16, 2010 at 08:36:10AM -0700, Steve Beattie wrote:
> On Wed, Jun 16, 2010 at 01:06:27AM -0700, John Johansen wrote:
> > I would like to propose that we remove support for PCRE based policy
> > from the parser/policy loader.
> >
> > The last version of AppArmor to use PCRE based policy was AppArmor 2.0.1,
> > which was approximately 3 years ago. The PCRE part of the code has not
> > been actively maintain and I doubt that it has been tested in the last
> > 1.5 years. Dropping PCRE support will also help in the efforts to
> > cleanup the parsers code base.
>
> Agreed, at this point it seems to me to be just cruft. The only utility
> that I could have seen in keeping is to have it available for upgrades,
> where the parser gets upgraded (and policy re-applied) before the kernel
> gets rebooted.
However, as the last apparmor kernel patch to support PCRE was such a
significant time ago, it's extremely unlikely they'd be doing a live
upgrade from that old code to the current code; and even if they did,
it's not an upgrade path that's been tested at all and there would
probably be other issues that would cause problems as well.
I've been meaning to do a similar cruft-ectomy to the shell helper
functions that get used by the sysv init scripts, as there's even
older junk in there (though in Ubuntu-land, I doubt that will help
the upstart-ification process).
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100616/5686993c/attachment.pgp
More information about the AppArmor
mailing list