[apparmor] [patches] parser stress fixups and var support

Steve Beattie steve at nxnw.org
Mon Mar 28 10:50:11 UTC 2011 

Attached are two patches.

Currently the default settings for the parser's stress testing are
too aggressive for the parser, in that it generates too many profiles
that contain too many rules for the parser to complete on a reasonably
sized system.

The first patch, apparmor-parser-stress_fixes.patch, attempts to
address that by dropping the maximum number of rules each profile
can have, as well as reducing the number of profiles to generate
by default to 50. It also cleans up the emitted profiles a little,
creates the profile names with the suffix .sd [1], fixes stress.sh to
actually honor the -p (alternate parser) argument, fixes the profile
flags generation to not generate duplicates flags, and fixes the file
rules to always start with a constant randomly-generated prefix element
(rather than a regex or variable) to greatly reduce the possibility
of X dominance collisions in the parser.

The second patch, apparmor-parser-stress_add_vars.patch, extends the
stress profile generator to add variable definition and references.
In order for the parser to process the emitted output correctly, the
prior parser patch that I sent to the list needs to be applied.

Eventually, the goal is to get the stress generator to support as much
of the profile language syntax as possible. (This is a nice small fun
project for someone who wants to hack around in some non-critical code
to take on while learning what the policy language can support; yes,
it's in ruby, but conversion to python is not out of the question.)

[1] which is admittedly a historical relic suffix, but used elsewhere,
    and some of us set the apparmor.vim syntax config to apply to
    files with that suffix.



-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor-parser-stress_fixes.patch
Type: text/x-diff
Size: 4473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110328/135f7845/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor-parser-stress_add_vars.patch
Type: text/x-diff
Size: 3775 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110328/135f7845/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110328/135f7845/attachment-0001.pgp>

More information about the AppArmor mailing list