[apparmor] [patch] Re: genprof shows strange severity for CAP_SYSLOG

[Christian Boltz]

Hello,

Am Freitag, 16. März 2012 schrieb Steve Beattie:
> It also adds a new make target, check_severity_db, which parses out
> the set of capabilities from /usr/include/linux/capability.h, greps
> the severity.db for the presence of the capability, and issues a
> build time warning if it does not find it. I could be convinced to
> turn this into an error, if it's believed the warnings won't be
> noticed.

Some copy&paste from my "golden rules of bad programming" talk at the 
last openSUSE conference:

    Rule 7:
    Ignore compiler and rpmlint warnings
    • real problems cause errors, not warnings
    • conclusion: warnings are not a problem

So yes, please make this an error!

> +	# The sed statement is based on the one in the parser's makefil
                                                              ^^^^^^^^
                                      Seth already mentioned that typo

> +	for cap in $$(LC_ALL=C sed -n -e "/CAP_EMPTY_SET/d" -e "s/^\#define[
> \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[
> \\t]\\+\\([0-9xa-f]\\+\\)\\(.*\\)\$$/\\UCAP_\\1/p"
> /usr/include/linux/capability.h) ; do \

Which reminds me that apparmor.vim should also get an autogenerated (or 
at least auto-checked) capability list...

(Would it make sense to put this into a small helper script 
"capabilities_list" to avoid duplicate code? Or do you have a better 
idea for apparmor.vim?)


Regards,

Christian Boltz
-- 
Das Wort "WINDOWS" stammt aus einem alten Sioux-Dialekt und bedeutet:
"Weißer Mann starrt durch Glasscheibe auf Sanduhr."(gefunden in d.c.t)