[apparmor] [PATCH 9/9] Require matched mode strings to terminate

[Seth Arnold]

> yes it would be, whether we want to change this, so that abstractions can
> end their file on the same line as a MODE I am unsure.

It's a definite corner case -- not too many people are going to be using
echo -n to append lines to abstractions...

> For various reasons I favor not having the include be just a text dump,
> but perhaps that isn't what other people want.

I've still got a moderate hope that we can improve parsing speeds for some
of our long run times by scanning each included file at most once --
though the variables definitely complicate this.

>> Also, be very careful with the variable-length trailing context: flex
>> runtime goes to hell in a hurry when trailing context isn't a fixed, known
>> length: http://flex.sourceforge.net/manual/Performance.html
>>
> yes, but this case is a fixed length with a fixed number of characters.

It _looks_ that way, but I think flex is being annoying here:

     For some trailing context rules, parts which  are  actually  fixed-length
     are  not  recognized  as  such, leading to the abovementioned performance
     loss.  In particular, parts using '|'  or  {n}  (such  as  "foo{3}")  are
     always considered variable-length.

I think /[[:blank:]\n,] would be sufficient to replace the three
alternating rules. It's unfortunate that this duplicates all three
patterns but it does remove the alternation.