[apparmor] logprof / genprof - displaying profile diff

[Christian Boltz]

Hello,

I have a little enhancement request for logprof and genprof.

Before saving the profile, you can view the diff to the old profile. 
That's nice, but not really useful if the profile uses hats because you 
usually can't see in which hat the change happened.

I don't know if genprof/logprof are calling "diff" or have internal diff 
routines. In case "diff" is called, the following options should work:
    diff  -u -F '{[^}]*$'  old.profile new.profile

Example output:

--- /etc/apparmor.d/usr.sbin.httpd2-prefork     2010-06-20 
01:31:54.000000000 +0200
+++ /tmp/usr.sbin.httpd2-prefork        2010-06-25 23:30:11.000000000 
+0200
@@ -468,6 +468,7 @@   ^vhost_cboltz {
     /etc/ld.so.cache r,
     /home/www/cboltz.de/httpdocs/cboltz.de/tmp/ rw,
     /home/www/cboltz.de/httpdocs/tmp/ rw,
+    /foo/bar rw,
 
   }

-> notice the "^vhost_cboltz {" in the line starting with @@

The regex might fail in some rare cases (the only one I can think of 
right now: comment in the same line, with a "}" in the comment). That's 
probably fixable with a longer regex that allows '#.*$' instead of only 
'$' - but I'm not sure if it's worth the added complexity.
The worst thing that can happen is that the hat name is not listed in 
the @@ line.


(Sidenote: request based on openSUSE 11.1 / AppArmor 2.3 tools)


Regards,

Christian Boltz
-- 
Die Frage des besten MUA hat bei mir längst die Vernunftebene verlassen.
Dann wäre ich bei Evolution geblieben.   Ich will diese verfluchte Kiste
in die Knie zwingen, Punkt. Koste es, was es wolle. Also mutt. Den Feind
auf seinem eigenen Territorium besiegen.                         [Ratti]