[apparmor] WTF changed in latest aa-enforce?!
Seth Arnold
seth.arnold at canonical.com
Thu Aug 14 00:47:25 UTC 2014
On Thu, Aug 14, 2014 at 08:30:29AM +0800, Aaron Lewis wrote:
> Okay, Thanks Seth. So
>
> 1. A comma is needed even if it's the last line before the ending '}'
> -- That's a change
The trailing comma on every rule has been part of AppArmor since I
started working on it back in 2000. It's one of the few things that
hasn't changed, for better or for worse. :)
> 2. The error message does not show which line has the syntax error --
> All I see is a stack trace, a python one, no line-number of the parsed
> rule file
This bit is true. The Python parsing is based on the old pile
of Perl-based regex heuristics rather than on the flex/bison that
apparmor_parser uses. Error messages are even harder to construct with
pile of regexs than with real parsing tools. We ought to be able to do
better than a stacktrace of course.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140813/8480f0a4/attachment.pgp>
More information about the AppArmor
mailing list