[apparmor] [opensuse-project] Google Summer of Code'13 accepted student
Seth Arnold
seth.arnold at canonical.com
Thu May 30 19:14:11 UTC 2013
On Thu, May 30, 2013 at 08:31:31PM +0200, Christian Boltz wrote:
> Correct - the only missing part is support in the utilities, which is
> now on your list of wanted features ;-)
>
> Talking about feature ideas - it would be nice to have profile
> modification scriptable. I'm thinking about something like
>
> aa-$toolname --profile "/usr/sbin/httpd2-prefork" \
> --addhat "vhost_foo"
> aa-$toolname --profile "/usr/sbin/httpd2-prefork//vhost_foo" \
> --add '/home/foo/httpdocs/** r'
Scriptable would be nice, and maybe even an easy fall-out of new tool
work. --addhat probably only makes sense if you can easily integrate
with templates. Maybe aa-easyprof is useful to consider there.
> Can you add this to the "nice-to-have" list?
>
> > At the time of saving a
> > profile, the user can be presented with the same as an option for the
> > same. Any other way you'd want it implemented?
>
> A config option (change main profile / write to local / always ask)
> would be nice to avoid the user gets asked every time he runs logprof.
> This also implies a commandline switch for logprof to be able to
> override the config setting.
>
> Maybe we should also have a way to set different defaults per profile.
> @John, Seth, Steve: do you think this is necessary? If yes, how would
> you implement it?
I could see a difference for distribution-provided profiles that are
being extended vs self-authored profiles that are being modified.
I wouldn't really want to have to ask for one behavior or the other --
but I could imagine that aa-genprof could add "created on this machine"
profile names into a list, and modify those profiles directly, and
profiles that aren't on the list get their <local/foo> files modified.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130530/7ece645f/attachment.pgp>
More information about the AppArmor
mailing list