[apparmor] [PATCH] aa-easyprof updates

Jamie Strandboge jamie at canonical.com
Mon Jul 1 22:15:07 UTC 2013 

Hi,

Attached is a patch for aa-easyprof that adds significant functionality over
what is currently in trunk. I could try to break these out in discrete chunks,
but aa-easyprof isn't in widespread use yet, so this seemed simpler. To see a
full list of more discrete changes, feel free to see the bzr repo:

https://code.launchpad.net/~jdstrand/apparmor/apparmor-sdk

aa-easyprof supports the use of templates and policy groups to quickly profile
an application and it is being developed primarily in support of Ubuntu's
application confinement work, but it is intended to be a general purpose tool.

Currently, aa-easyprof takes command line arguments. Highlights of this patchset
include:

 * add -m/--manifest option for specifying a JSON manifest file in lieu of
   using command line arguments. Steve Beattie wrote the initial support, and
   I added to that with fine-tuning the JSON syntax, adding a bunch of tests,
   some bug fixes, refactoring and supporting multiple profiles in one manifest
 * add an --output-format option which is helpful when generating a manifest
   file (--output-file=json)
 * clarify the use of --name. There was confusion on if --name should be meta
   data like --author and --comment or if it should be the profile name used in
   policy. --name is now for meta data exclusively, and --profile-name is used
   for policy
 * allow the following types of profile names and attachment:
   - profile foo /usr/bin/foo {}
   - profile foo {}
   - /usr/bin/foo {}
 * support --policy-vendor and --policy-version. aa-easyprof normally looks in
   /usr/share/apparmor/easyprof/{templates,policygroups} by default, but users
   may now specify '--policy-vendor=distro --policy-version=1.0' and easyprof
   will look in /usr/share/apparmor/easyprof/{templates,policygroups}/distro/1.0
 * add --output-directory option to allow writing files instead of just to
   stdout (pretty much required for multiple profiles in manifest)
 * man page clarifications and additions

Note, for a while, the patchset originally included Ubuntu-specific templates
and policygroups, but these were removed and will be shipped in a separate
package in Ubuntu.


-- 
Jamie Strandboge                 http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-aa-easyprof-additions.patch
Type: text/x-patch
Size: 92935 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130701/aa491931/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130701/aa491931/attachment-0001.pgp>

More information about the AppArmor mailing list