[apparmor] Skippable files
John Johansen
john.johansen at canonical.com
Mon May 28 20:07:16 UTC 2012
On 05/28/2012 10:53 AM, Seth Arnold wrote:
> I'd love to see the tools and parser using the exact same code to figure out which files to skip. Is there an exported library call that could be used in the tools to replace this function?
>
Not yet but soon. The chfa match code is going to become part of the library.
At that point we can add a match fn, and provide it with a precompiled
expression (something compiled during the build).
Precompiled because we aren't currently planning on putting the full aare
code into libapparmor (C++ and all its deps), but we will make it available
as a second library. Well that is the current plan anyway, it is possible
we might collapse down to one (libapparmor) or could split into 3 libapparmor,
libaare_match, libaare.
The reason for wanting the split is that the match code is lightweight and
pure C, while the code to compile an expression is C++ and quite heavy.
The match code will uses without being able to compile an expression, as
we will be able to hand it precompiled expressions (policy exported from
kernel, etc). Of course its possible that the split isn't worth doing,
we need to look at it more.
More information about the AppArmor
mailing list