[apparmor] [patch 4/9] profiles - fix apparmor_api abstractions
Steve Beattie
steve at nxnw.org
Wed Jan 2 22:52:27 UTC 2013
On Tue, Dec 18, 2012 at 02:39:55PM -0800, John Johansen wrote:
> On 12/18/2012 06:17 AM, Steve Beattie wrote:
> > The apparmor_api abstractions make the mistake of including tunables
> > directly, which is a no-no since the variable definitions in tunables
> > need to occur in the preamble of a profile, not embedded within it.
> > This patch removes those includes, and replaces them documentation of
> > tunables are necessary, as some of the expected ones are not part of
> > tunables/global.
> >
> > It also adjust the kernelvars tunable's definition of the @{pid}
> > regex, as the current parser does not support nesting of {} groupings,
> > which breaks any profile that attempts to use the tunable.
>
> So I'll ack it if you don't object to me reverting it when I fix the
> parser :)
I won't strongly object, but frankly I found the nested alternations
ugly in its own right, if not quite as ugly as the uber-expanded
pattern that I did use. I'm not sure how to do it reasonably, but a
syntax that let us express '[1-9][0-9]{0,5}' (i.e. a non-zero digit
followed by 0 to 5 digits) would be useful.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130102/cd5f1226/attachment.pgp>
More information about the AppArmor
mailing list