[apparmor] [opensuse-project] Google Summer of Code'13 accepted student

Kshitij Gupta kgupta8592 at gmail.com
Wed Jun 12 16:25:36 UTC 2013


Yesterday, in the meeting we had started a discussion about configprofiler
and the comments, which was abruptly interrupted by my net connection. I
apologise for the same, its very rare for my net connection to behave that

I missed out on parts on part of the conversations, I hope to catchup on it
after the transcript/log of the meeting is published.

Till then, can someone help me out with the use case for the write function
of the profile tools? I'm not sure if I'm thinking in the appropriate way.
How are users expected to modify the config files? I can understand reading
the config files to do some processing such as deciding severity, etc. But
about modifying Im not very sure, any pointers on that will be helpful.


Kshitij Gupta

On Fri, Jun 7, 2013 at 10:56 PM, Kshitij Gupta <kgupta8592 at gmail.com> wrote:

> Hello,
> On Fri, Jun 7, 2013 at 5:54 AM, Christian Boltz <apparmor at cboltz.de>wrote:
>> Hello,
>> Am Freitag, 7. Juni 2013 schrieb Kshitij Gupta:
>> > @John as suggested I used the configparser module and as it turns out
>> > we do have a problem with using it. Actually in the config files at
>> > present the default section is represented by an empty string (for
>> > e.g. in /etc/apparmor/easyprof.conf ), but configparser needs a none
>> > empty section header and hence raises an Error for the same.
>> We have several styles of config files:
>> a) INI-like files (logprof.conf) - configparser can handle them
>> b) shell-style config files (easyprof.conf, notify.conf, subdomain.conf)
>>    with parameter=value or parameter="value" lines
>> c) XML (reports.conf, which isn't used anymore)
>> d) a CSV-line style + comments (severity.db, separated by whitespace)
>> e) a mix of "parameter" and "parameter=value" (parser.conf)
>> Yes, this is what you call "historically grown" :-(
>> The good thing is that we don't have any files which mix those styles in
>> one file.
>> This means you _can_ use configparser - but it will only cover part a)
>> (logprof.conf).
>> If you need to parse the shell-style files from b), shlex might be an
>> option, see http://docs.python.org/2/library/shlex.html
>> (I never tested it, but the description looks good ;-)
>> c) is not relevant (the reporting code isn't maintained since a long
>> time and isn't working anymore because of a changed log format - parts
>> of it are replaced by aa-notify) - actually we should just delete
>> reports.conf ;-)
>> For d) severity.db, you really might need to write your own parser.
>> (Shouldn't be too hard, and read-only is enough IMHO.)
>> e) parser.conf might also need custom code, but I doubt you'll need to
>> read it.
>> To sum it up: Yes, you'll need to write code to parse some of the config
>> files - but if there's an existing module (like logparser) to handle a
>> file, I'd strongly recommend to use it.
>> Okay, so the idea is that depending on which file is being read we use
> the specified parser (configprofiler/shlex/or any other). For writing to
> the config files the same can be done, though we will loose all and any
> comments in the config files.
> I'll work on separate parsers for each of those, I am going through the
> shlex library too. I'll let you know what I come up with.
> BTW, thats even more reason to have wrappers for the read and write
> functions. ;-)
>> > Also, the order in which the config parser writes to output file is
>> > random (expected of a dictionary) and not sorted.
>> This doesn't really matter. The more interesting questions are:
>> - is the order really random? Or is it the order in which you added the
>>   options?
>> - does it keep the order if you modify a config file?
>> - does it keep comments and empty lines?
>> Well the configparser by default has ordered dicts and keeps the entries
> in the order they were read/added.
> No, it simply ignores the comments and empty lines and creates a
> dictionary structure to display.
>> > On Fri, Jun 7, 2013 at 12:17 AM, Kshitij Gupta wrote:
>> > > I've setup the wiki page for the project [
>> > > http://wiki.apparmor.net/index.php/Profile_Management_Tools], it'd
>> > > be
>> > > nice if some-one could just scroll through the page. I'll update the
>> > > blog link once, I have an initial post ready for the project.
>> > >
>> > > @Christian please add your profile link with your name and maybe
>> > > your IRC nick too.
>> It's on my TODO list, but not one of the most urgent things ;-)
> > > @John , @Christian also you can fill out the schedule for weekly
>> > > meetings.
>> See below for a proposal.
>> > > On Thu, Jun 6, 2013 at 12:54 AM, Kshitij Gupta wrote:
>> > >> On Thu, Jun 6, 2013 at 12:12 AM, Christian Boltz wrote:
>> > >>> Am Mittwoch, 5. Juni 2013 schrieb Kshitij Gupta:
>> > >>> > @Christian First off, what mail client do you use? I'd like to
>> > >>> > be able to have my replies like you all do.
>> > >>>
>> > >>> Nearly every mail client supports this style to reply (even
>> > >>> Outlook ;-) The main "trick" is to insert your reply in the
>> > >>> middle of the quoted mail instead of typing at the first line.
>> > >>> Ahh, that trick's pretty neat. I'm on GNOME though I have the
>> > >>> KMail app.>>
>> > >> I'll give it a shot. :-) Meanwhile, lets see if the "trick" works
>> > >> on Gmail. ;-)
>> It works, but you have to make sure to write your text in an empty line,
>> not in a line starting with ">".
>> Another thing you should do is deleting old text you don't need anymore.
>> (If someone really wants to read the full discussion, he/she can easily
>> read the older mails.)
>> > >>> meetings at 20:00 UTC, but 18:30 or 19:00 UTC would also be
>> > >>> possible for me. Would that work better for you?
>> > >>> @John: what about you?
>> > >>>
>> > >>> For our weekly meetings, I'm perfectly okay with anything around
>> > >>> 19:00>>
>> Sounds good. So I'd say:
>> - weekly meetings every tuesday 19:00 UTC
>> - if there is a monthly meeting scheduled, we merge in the weekly
>>   meeting (and still start at 20:00 UTC)
>> Sounds perfect to me. :-)
> Shall we finalise it?
>>  > >> since I dont expect the discussions to last over 2-3 hours, which
>> correct - I'd expect something between 15 minutes and an hour
> > >> isnt that late given my routine.
>> Sounds like you are a "night owl" ;-)  (is this term also used in
>> India?)
>> (Needless to say that it's 2:25 AM here...)
>> Yes, it is and most of the grown-ups call us that (or plain "owl" ),
> though we prefer to call ourselves "nocturnal". ;-)
> Regards,
> Kshitij Gupta
> --
> *Bug 27162* - Wine developers prefer beer
> [cblotz at http://bugs.winehq.org/show_bug.cgi?id=27162]
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130612/0b163bbb/attachment.html>

More information about the AppArmor mailing list