[apparmor] DBus rule syntax for subject and peer components

Tyler Hicks tyhicks at canonical.com
Thu Jun 13 04:12:52 UTC 2013


On 2013-06-12 20:50:05, Jamie Strandboge wrote:
> On 06/12/2013 08:34 PM, Jamie Strandboge wrote:
> 
> > I strongly prefer Proposal #3 over #1, #2 and #4. My personal preference
> > is for 'peer=()' and 'subject=()' instead of 'peer {}' and 'subject {}',
> > but I could live with '{}'. I think I somewhat prefer the access at the
> > front (right after dbus), but am fine at the end as well.
> > 
> 
> In an effort to push this along, I think we were getting close to
> iterating on #3 when #4 came in. Can others express their opinion on #4
> relative to #3?

I like how #4 was so different from anything else that we've considered,
but I have a hard time reading it. It takes a lot more brainpower for me
to grok each rule.

If I were writing new profiles on a daily basis, I would appreciate #4
more because of how it tries to reduce repetitive keywords. But new
profile development doesn't happen that often (at least, in comparison
to developing new code) so being able to quickly and easily understand
an existing profile is most important to me.

My preference is #3, in a single line format, and being careful to make
sure that it is future proof for any type of line wrapping and factoring
that we may want to do down the road.

Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130612/472454ec/attachment.pgp>


More information about the AppArmor mailing list