[apparmor] [patch] some comments for create-apparmor.vim.py

Mon Mar 26 22:58:54 UTC 2012

Hello,

Am Montag, 26. März 2012 schrieb Steve Beattie:
> On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote:
> > On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> > > +    'FILENAME':         r'(\/|\@\{\S*\})\S*', # just a filename
> > > (taken from @@FILE@@)> 
> > Given the above, it's probably better to make the relation explicit,
> > so that if the pattern needs to change at some point, you only need
> > to change it in one location:

Indeed.

> > Index: b/utils/vim/create-apparmor.vim.py
> > ===================================================================
> > --- a/utils/vim/create-apparmor.vim.py
> > +++ b/utils/vim/create-apparmor.vim.py
> > @@ -28,6 +28,8 @@ aa_network_types=r'\s+tcp|\s+udp|\s+icmp
> > 
> >  aa_flags=r'(complain|audit|attach_disconnect|no_attach_disconnected
> >  |chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)

> > +filename=r'(\/|\@\{\S*\})\S*'

I'd prefer to have this near the definition of aa_regex_map - right now 
it's only used there, so it makes sense to have it nearby.

[...]
> > +                        # (whitespace_+_, owner etc. flag_?_,
> > filename pattern, whitespace_+_) +    'DENYFILE':        
> > r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + '\s+', # deny,
> > otherwise like FILE
> .. and same r'\s+' replacement here.

Now you know why my script used the plain replace tool (too bad it's 
part of the biiiig mysql package) instead of a small perl script which 
would have ended up in an escaping hell ;-)

Anyways - if the script produces the same apparmor.vim before and after 
applying your patch, and you add the comments I added [1], then it is
Acked-By: Christian Boltz <apparmor at cboltz.de>

Regards,

Christian Boltz

[1] the comments are basically copy&paste from the old bash script
-- 
ist eine recht interessante rechnung:
3,5kg linux + bücher für €79,90
180g windows xp home ohne bücher €229,-
kennt jemand den feinunzenpreis von gold? er müßte kanpp unter
dem von windows liegen ....   [Wilhelm Feichter in suse-linux]