[apparmor] environment variables
Jamie Strandboge
jamie at canonical.com
Thu Jan 12 09:57:07 UTC 2012
On Thu, 2012-01-12 at 09:34 +0100, John Johansen wrote:
> On 01/11/2012 05:47 PM, Jamie Strandboge wrote:
> > So I started looking into some of my profiling requirements for this a
> > bit more this week and while I think that there are use cases for
> > matching, filtering and pinning, from a profiling perspective I think
> > pinning and filtering (so long as you can filter in such a way as to
> > clear the env var completely) are the most interesting. As an initial
> > implementation, either would be quite useful. As an alternative, simply
> > having the ability to clear/unset an environment variable would be quite
> > useful.
> >
> So from an implementation pov
> - matching is the easiest
> - next by complete variable filtering/unsetting.
> - Partial filtering of a variables values is a little harder, and needs a
> good syntax that can distiguish between which parts of the variable
> are being matched and what part of the value when matched should be
> removed.
> - setting a value would be next and will probably need a userspace helper
> so it can manipulate the env memory
> - and most difficult is pinning as it requires identifying and saving
> off a value, and then setting it if it has changed.
>
> I think a first pass at this will probably get the first two.
Cool, filtering (with the ability to clear) would be very useful and
should allow me to not do weird workarounds like I am now. Would have to
profile more with it, but it may even be good enough for the medium
term.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120112/61a5e0f0/attachment.pgp>
More information about the AppArmor
mailing list