[apparmor] [opensuse-project] Google Summer of Code'13 accepted student

Kshitij Gupta kgupta8592 at gmail.com
Wed Jun 5 17:43:21 UTC 2013


@Christian First off, what mail client do you use? I'd like to be able to
have my replies like you all do.

Back to topic at hand, the config wrapper has two additional functions
besides the read and write (which also sets the permissions for the
profiles). So, for the time being I'll keep redo the config file with the
configprofiler module and if later on I can rather easily do-away with the
config library file if its not needed (though I'll note down this point
because I might forget it later on).

Okay, I'll go through the roadmap once again and then setup the wikipage
for my roadmap. (Any naming ideas for the wikipage?) Also, a new name for
the library tools package (If we're moving away from Immunix)? ;-)

As, for the code review John went into the docstrings and comments which I
quite agree too, since Python code in general is pretty readable in general
so a few explanatory comments should be sufficient. But I suppose a few
lines of docstring will not harm (and will be useful when importing the
modules, since AppArmor.py will be pretty long). Also, I agree with John
whatever seems more "obvious/Pythonic way" to do it should be adopted.
Apart from the commenting, I'll take that the coding style for those few
lines was okay to everyone?  ;-)

I think I love the blogpost about the weekly progress idea, so hopefully
I'll try to follow that (Does anyone want me to setup a new blog for the

Looks good enough to me, I'll setup my IRC client for that. We have a
variety of timezones (mine being UTC+5:30), though gladly I don't quite
have issues with time since, I spend much of my day (and night) near my
computer. :-D

You and John can decide on the schedule for weekly meetings, I'll let you
know if the schedule does not suit me (that'd be highly unlikely though).

I'll try to be present in the next meeting. BTW, anything on the agenda
requiring my presence?

@Christian Sorry for the sig, I wasnt aware of the extra space and I'm glad
you liked my first sig. :-) I'll probably build myself a collection of
those too.


Software efficiency halves every 18 months, compensating Moore's Law.
[May's Law]

On Wed, Jun 5, 2013 at 5:17 AM, John Johansen
<john.johansen at canonical.com>wrote:

> On 06/04/2013 04:21 PM, Christian Boltz wrote:
> > Hello,
> >
> > Am Mittwoch, 5. Juni 2013 schrieb Kshitij Gupta:
> >> @John thanks confirming the account. Also I studied the documentation
> >> for the configprofiler and I find it perfectly suitable for
> >> manipulating the config files. I can quite easily write a new may
> >> module using this library.
> >
> > Or you use it directly if it does what you need.
> >
> > There's nothing wrong with wrappers, but if you don't need one, don't
> > write one ;-)
> >
> >> While I was thinking of setting up a page for the purpose I came
> >> across this [wiki.apparmor.net/index.php/DevelopmentRoadmap#Tools]. I
> >> see quite a lot of things on the roadmap, but the question is if the
> >> page is up-to-date or not.
> >
> > I'm afraid the only wiki page that is really up to date is the page
> > about IRC meetings ;-)
> >
> Sadly this is true, some parts are more up to date than others, if you
> aren't sure about something just ask.
> > From reading the roadmap page, I see that for example "sandbox
> > generation tool" is somewhat outdated - at least the "basic profile
> > setup" part is covered by aa-easyprof.
> >
> well actually aa-sandbox covers more of that, but aa-easyprof is part
> of the solution
> aa-exec - is a tool to launch an application confined by a specific
>           profile.
> aa-easyprof - is a templating tool that provides the ability to
>   generate a profile from a template.
> aa-sandbox - is a sandbox setup tool, which will use existing or
>   dynamically generated profiles.
> >> In the roadmap (under Tools) I see things
> >> like profile merge tool (one of the things we intend to do), new
> >> learning tools, basic profile setup, split into separate tools (not
> >> sure if the latter is a thing I am supposed to do),etc.
> >
> > "split into separate tools" is listed for the parser (apparmor_parser
> > binary, which (simplified summary) reads the profiles and loads them
> > into the kernel).
> >
> > That's different from the profile generation tools, and therefore not an
> > area you'll be working on. (Nevertheless, if you notice an issue with
> > it, a bugreport or a patch is always welcome.)
> >
> Right the plan has been to split the parser into a couple of libraries
> and a few separate tools.
> aa-compiler - only does policy compilation
> aa-loader - handles loading
> apparmor_parser - current tool as wrapper around the compiler and loader
> While it would be nice if we had the parsing front end split out so you
> could just plug-in to that for the profile development tool we don't
> yet.
> >> So, I believe
> >> this can be a starting point and hence based on these and additional
> >> ideas for the roadmap I can setup a wikipage for it.
> >
> > I have a feeling that your GSoC proposal is better, more detailed and
> > more up-to-date than the roadmap page - you should probably copy it to
> > the wiki (on a new page) so that additional ideas can be included.
> >
> think of the road map page as a place to crib ideas from. Its just not
> up to date
> >> @Christian, I think you might have skipped a mail in between. If you
> >> could take out some time I'd like some code review before I step
> >> ahead into other tools. :)
> >
> > I skipped that mail because John's reply covered it completely.
> >
> > I also reviewed the code, but my reply would have been very similar to
> > what John wrote. Writing the same stuff is also known as superfluous ;-)
> >
> >> Also I suppose we should setup a schedule for interacting, like I
> >> understand that you take breathers during weekends. Maybe we can come
> >> up on a weekly schedule when we'll be present on IRC so we or anybody
> >> else can interact.
> >
> > Weekly meetings are a good idea - we just need to find a good time (see
> > below).
> >
> > BTW: openSUSE also has a tradition to have short weekly reports as blog
> > post and/or sent to the mailinglist. It would be nice if you can also do
> > that. (The mails should go to the apparmor and the opensuse-project
> > mailinglists.)
> >
> >
> > Back to IRC - the best thing would be to "always" join the #apparmor IRC
> > channel. There's no need to keep the IRC client active while you are
> > sleeping ;-) but it's a good idea to have the IRC client automatically
> > starting and joining the #apparmor channel when you login on your
> > computer.
> >
> > This doesn't mean we have to do daily meetings, but if you have
> > questions, you'll usually get a fast answer on IRC.
> >
> > I'm usually online in the evenings (CET timezone) - something like 17:00
> > UTC to 23:00 UTC. Often I'm also online on the weekend, but sometimes
> > (not only on weekends) real life brings some more important stuff ;-)
> >
> > John is usually available at work hours (in USA), which roughly
> > translates to CET late afternoon until very late ;-) evening.
> >
> The best way to see if I am online is to just ping me, my hours are
> weird
> > Does this match the time when you are typically near your computer?
> > If yes, just regularly join the #apparmor channel.
> >
> > Nevertheless, wel should find a good time for regular (weekly?)
> > meetings.
> >
> >
> > BTW: The next meeting is already scheduled for next tuesday.
> > http://wiki.apparmor.net/index.php/MeetingAgenda
> >
> yes and that would be a good place to catch up for next week.
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130605/913f0ebf/attachment.html>

More information about the AppArmor mailing list