[apparmor] profiles - disabling logprof checks by default

John Johansen john.johansen at canonical.com
Thu Jan 3 01:46:39 UTC 2013


On 01/02/2013 02:37 PM, Steve Beattie wrote:
> On Tue, Dec 18, 2012 at 02:34:09PM -0800, John Johansen wrote:
>> On 12/18/2012 06:17 AM, Steve Beattie wrote:
>>> his patch separates out make check in the profiles/ directory into
>>> two sub targets, for checking profiles against the built parser
>>> and aa-logprof respectively. The logprof check currently makes some
>>> assumptions about the environment that make it difficult to run in
>>> a minimal chroot environment.
>>
>> err, While I like the idea I have problems with turning on check-logprof
>> by default. logprof is out of date and needs updating there are several
>> profile elements it just does not handle at the moment.
> 
> Well, while it's true that it's pretty easy to generate profiles that
> break logprof due to its bitrot, we don't currently have any profiles
> in-tree that break logprof parsing, though I'm aware that will likely
> change soon.
>
err define in tree. Ubuntu ships profiles that break logprof, just install
lxc

>> So unless we put the effort into fixing logprof I don't think that check
>> should be on by default
> 
> I'm okay with that, I guess. How's the following look?
> 
> === modified file 'profiles/Makefile'
> --- profiles/Makefile	2013-01-02 22:33:12 +0000
> +++ profiles/Makefile	2013-01-02 22:35:22 +0000
> @@ -84,7 +84,7 @@
>  CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*))
>  
>  .PHONY: check
> -check: check-parser check-logprof
> +check: check-parser
>  
>  .PHONY: check-parser
>  check-parser:
> 
I am fine with this

Acked-by: John Johansen <john.johansen at canonical.com>





More information about the AppArmor mailing list