[apparmor] [patch 4/9] profiles - fix apparmor_api abstractions

Tue Dec 18 22:39:55 UTC 2012

On 12/18/2012 06:17 AM, Steve Beattie wrote:
> The apparmor_api abstractions make the mistake of including tunables
> directly, which is a no-no since the variable definitions in tunables
> need to occur in the preamble of a profile, not embedded within it.
> This patch removes those includes, and replaces them documentation of
> tunables are necessary, as some of the expected ones are not part of
> tunables/global.
> 
> It also adjust the kernelvars tunable's definition of the @{pid}
> regex, as the current parser does not support nesting of {} groupings,
> which breaks any profile that attempts to use the tunable.

So I'll ack it if you don't object to me reverting it when I fix the
parser :)