[apparmor] [opensuse-project] Google Summer of Code'13 accepted student

Kshitij Gupta kgupta8592 at gmail.com
Sat Jun 1 19:12:46 UTC 2013


I'm awaiting an approval for my wiki.apparmor account, meanwhile I've
decided to start off with registering the ideas as blueprint on the
launchpad page.

@Christian, about saving the changes idea, do you propose a method to add a
line to the profiles specifying the switch to use (save to profile/add to
local/always ask) ? That could be done by simply adding a top line to each
profile (maybe in a comment?), that way we dont mess with the profile and
if the profile has no option we get to the default.

Also, could you elaborate on:
> Talking about feature ideas - it would be nice to have profile
> modification scriptable. I'm thinking about something like
>    aa-$toolname --profile "/usr/sbin/httpd2-prefork"  \
>        --addhat "vhost_foo"
>    aa-$toolname --profile "/usr/sbin/httpd2-prefork//
> vhost_foo"  \
>        --add '/home/foo/httpdocs/** r'
I understand you wish to allow the user to pass entries to the profile via
the command line. Now, which tool could be used for this purpose
(aa-genprof or aa-easyprof?) ? and what if the user entry contradicts a
previous entry? and does the tool execute after appending the profile
attribute to file or does it exit with a success or failure message?

After I wrote the above part did I notice that John had said something
similar regarding the metatag in comments. And Seth had suggested
aa-easyprof for the tool to use.

As, Seth mentioned there is a default set of profiles and then there are
the user-generated/modified profiles. Now, we could provide for a separate
place to store the user generated/modified profiles and keep the default
ones intact. Sometimes, the user generated profiles may screw up. (I ended
up messing up my Firefox profile while playing with aa-genprof as a
consequence to which my Firefox would never start-up).

Once, I get a better view of the above I'll register that as a blueprint.


On Sat, Jun 1, 2013 at 4:00 PM, Kshitij Gupta <kgupta8592 at gmail.com> wrote:

> Hello,
> Okay, I'm assured that I wont be getting anybody mad my by mails.
> Hopefully I wont make it to 200 mails a day. ;-)
> @Seth @Christian okay, I'll try my hands at the wiki.apparmor.net in a
> day or two and see what I can do to make a suggestion/idea of it.
> @Christian there's the first module [1] I talked about yesterday. I know
> its tiny compared to what I have to write, but I'd still like feedback on
> the style, so I can adjust myself (like your views on docstrings, whether
> you would prefer string.split over the re module etc). I have left a doubt
> as comments in the module maybe somebody can answer that.
> Also, just out of curiosity why was the utility package in perl named
> Immunix? Any specific reasons behind it?
> [ 1 ]-
> http://bazaar.launchpad.net/~kgupta8592/apparmor-profile-tools/trunk/view/head:/lib/config.py
> Regards,
> Kshitij
> <--Sig coming later than thought ;-)-->
> <http://bazaar.launchpad.net/~kgupta8592/apparmor-profile-tools/trunk/view/head:/lib/config.py>
> On Sat, Jun 1, 2013 at 2:13 AM, Christian Boltz <apparmor at cboltz.de>wrote:
>> Hello,
>> Am Freitag, 31. Mai 2013 schrieb Kshitij Gupta:
>> > I just thought some people might get annoyed by the unnecessary mails
>> > piling up in their inbox. We actually had that problem on the GSoC
>> > students mailing list lately, but I'll take your word for it.
>> See Seth's reply - with some filtering, handling large amounts of mails
>> isn't a problem. Just to give you some numbers - some years ago, the
>> german opensuse mailinglist had up to 200 mails per day (!) ;-)
>> > @John, @Seth and @Christian thanks for those ideas about features
>> > (keep them coming :-) ), I'll get back to you about the details on
>> > those ideas in a day or two. Meanwhile, I propose we have a feature
>> > request list type of thing? I'm not sure but would the Blueprint
>> > section of Launchpad be appropriate for it (or any other place that
>> > everyone can view and edit)?
>> Blueprint or wiki.apparmor.net - whatever you prefer ;-)
>> (I'm not sure if Blueprint fits "everyone can [...] edit" - Seth/John?)
>> > Meanwhile, I have been thinking of doing the bottom-up style
>> > development starting from the core libraries moving upwards to the
>> > tools. So, I'll have a basic version of a module out of those for you
>> > guys to review by tomorrow (hopefully).
>> Sounds very promising :-)
>> > I'd love some input in that
>> > direction. Anything about organisation of libraries etc.
>> I'm quite sure you learned those things at university, so you'll be able
>> to come up with a good code layout. In other words: "whatever makes
>> sense" ;-)  We'll of course provide feedback as early as possible.
>> Regards,
>> Christian Boltz
>> --
>> > Und nun rate mal, warum ausgerechnet v.a. Vielschreiber mutt
>> > verwenden. Sicher nicht, weil KMail besser waere.
>> Weil eine Handvoll muttschisten die alle dazu gezwungen hat? ;)
>> [> David Haller und Manfred Misch in suse-linux]
>> --
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130602/7c9e336c/attachment.html>

More information about the AppArmor mailing list