[apparmor] [opensuse-project] Google Summer of Code'13 accepted student

Christian Boltz apparmor at cboltz.de
Fri Jun 7 00:24:35 UTC 2013 

Hello,

Am Freitag, 7. Juni 2013 schrieb Kshitij Gupta:
> @John as suggested I used the configparser module and as it turns out
> we do have a problem with using it. Actually in the config files at
> present the default section is represented by an empty string (for
> e.g. in /etc/apparmor/easyprof.conf ), but configparser needs a none
> empty section header and hence raises an Error for the same.

We have several styles of config files:
a) INI-like files (logprof.conf) - configparser can handle them
b) shell-style config files (easyprof.conf, notify.conf, subdomain.conf)
   with parameter=value or parameter="value" lines
c) XML (reports.conf, which isn't used anymore)
d) a CSV-line style + comments (severity.db, separated by whitespace)
e) a mix of "parameter" and "parameter=value" (parser.conf)

Yes, this is what you call "historically grown" :-(

The good thing is that we don't have any files which mix those styles in 
one file.

This means you _can_ use configparser - but it will only cover part a) 
(logprof.conf).

If you need to parse the shell-style files from b), shlex might be an 
option, see http://docs.python.org/2/library/shlex.html
(I never tested it, but the description looks good ;-)

c) is not relevant (the reporting code isn't maintained since a long 
time and isn't working anymore because of a changed log format - parts 
of it are replaced by aa-notify) - actually we should just delete 
reports.conf ;-)

For d) severity.db, you really might need to write your own parser. 
(Shouldn't be too hard, and read-only is enough IMHO.)

e) parser.conf might also need custom code, but I doubt you'll need to 
read it.

To sum it up: Yes, you'll need to write code to parse some of the config 
files - but if there's an existing module (like logparser) to handle a 
file, I'd strongly recommend to use it.

> Also, the order in which the config parser writes to output file is
> random (expected of a dictionary) and not sorted.

This doesn't really matter. The more interesting questions are:
- is the order really random? Or is it the order in which you added the 
  options?
- does it keep the order if you modify a config file?
- does it keep comments and empty lines?


> On Fri, Jun 7, 2013 at 12:17 AM, Kshitij Gupta wrote:
> > I've setup the wiki page for the project [
> > http://wiki.apparmor.net/index.php/Profile_Management_Tools], it'd
> > be
> > nice if some-one could just scroll through the page. I'll update the
> > blog link once, I have an initial post ready for the project.
> > 
> > @Christian please add your profile link with your name and maybe
> > your IRC nick too.

It's on my TODO list, but not one of the most urgent things ;-)

> > @John , @Christian also you can fill out the schedule for weekly
> > meetings.

See below for a proposal.

> > On Thu, Jun 6, 2013 at 12:54 AM, Kshitij Gupta wrote:
> >> On Thu, Jun 6, 2013 at 12:12 AM, Christian Boltz wrote:
> >>> Am Mittwoch, 5. Juni 2013 schrieb Kshitij Gupta:
> >>> > @Christian First off, what mail client do you use? I'd like to
> >>> > be able to have my replies like you all do.
> >>> 
> >>> Nearly every mail client supports this style to reply (even
> >>> Outlook ;-) The main "trick" is to insert your reply in the
> >>> middle of the quoted mail instead of typing at the first line.

> >>> Ahh, that trick's pretty neat. I'm on GNOME though I have the
> >>> KMail app.>> 
> >> I'll give it a shot. :-) Meanwhile, lets see if the "trick" works
> >> on Gmail. ;-)

It works, but you have to make sure to write your text in an empty line, 
not in a line starting with ">".

Another thing you should do is deleting old text you don't need anymore. 
(If someone really wants to read the full discussion, he/she can easily 
read the older mails.)

> >>> meetings at 20:00 UTC, but 18:30 or 19:00 UTC would also be
> >>> possible for me. Would that work better for you?
> >>> @John: what about you?
> >>> 
> >>> For our weekly meetings, I'm perfectly okay with anything around
> >>> 19:00>> 

Sounds good. So I'd say:
- weekly meetings every tuesday 19:00 UTC
- if there is a monthly meeting scheduled, we merge in the weekly 
  meeting (and still start at 20:00 UTC)

> >> since I dont expect the discussions to last over 2-3 hours, which

correct - I'd expect something between 15 minutes and an hour

> >> isnt that late given my routine.

Sounds like you are a "night owl" ;-)  (is this term also used in 
India?)

(Needless to say that it's 2:25 AM here...)


Regards,

Christian Boltz
-- 
[Need tool to uncover Rootkits]
Our approach is not to let rootkits enter the system :)
[Marcus Meissner in https://bugzilla.novell.com/show_bug.cgi?id=199078]

More information about the AppArmor mailing list