[apparmor] [patch 1/3] utils: add base and capability rule classes
Christian Boltz
apparmor at cboltz.de
Wed Dec 3 21:13:41 UTC 2014
Hello,
Am Mittwoch, 3. Dezember 2014 schrieb Steve Beattie:
> This patch adds four classes - two "base" classes and two specific for
> capabilities:
> + def __init__(self, cap_list, audit=False, deny=False,
...
> + if cap_list == CapabilityRule.ALL:
> + self.all_caps = True
> + self.capability = set()
> + else:
> + if type(cap_list) == str:
> + self.capability = {cap_list}
I still think using split() on the string would make sense ;-)
It also gives us some additional safety and flexibility more or less
"for free" (for example, maybe someone uses "capability (.*)," as cheap
parser and hands over the match to __init__())
(Since this is the only to-be-discussed part of the patch, we can
postpone it for some days and do a small separate patch for it.)
> + elif type(cap_list) == list and len(cap_list) > 0:
> + self.capability = set(cap_list)
> + else:
> + raise AppArmorBug('Passed unknown object to
> CapabilityRule: %s' % str(cap_list))
> +def parse_capability(raw_rule):
> + '''parse raw_rule and return CapabilityRule'''
> +
> + matches = RE_PROFILE_CAP.search(raw_rule)
Too much whitespace, please move the code in parse_capability() one
level to the left.
With the whitespace changed and optionally using split() in __init__()
for strings,
Acked-by: Christian Boltz <apparmor at cboltz.de>
Needless to mention that large parts of this patch were originally
written by me, so another review won't hurt ;-)
Regards,
Christian Boltz
--
> Du kennst den Spruch: Nach dem Release. [Ich sage absichtlich nicht,
> wie groß der Zeitabstand zum Release sein wird ;-) ]
In zeitlicher Reihenfolge:
Vor Longhorn,
zwischen Longhorn und der Apokalypse,
zwischen der Apokalypse und Hurd,
oder nach Hurd?
[> Christian Boltz und Ratti in fontlinge-devel]
More information about the AppArmor
mailing list