[apparmor] aa-mergeprof testing results/bugs
Christian Boltz
apparmor at cboltz.de
Tue Jul 29 22:53:51 UTC 2014
Hello,
Am Mittwoch, 30. Juli 2014 schrieb Kshitij Gupta:
> On Jul 29, 2014 4:45 PM, "Christian Boltz" <apparmor at cboltz.de> wrote:
> > While testing aa-mergeprof, I found some issues:
> >
> > - (F)inish does nothing
>
> This was fixed for other tools(aa-genprof and aa-logprof) IIRC to
> provide expected behavior right? Maybe some tweaking is needed to
> propogate the same here.
Indeed. That should be a simple copy&paste fix ;-)
> > - args.dir is ununsed - see my other mail with a 90% patch
> >
> > - even when (I)gnore'ing all changes, mergeprof asks to save the
> > profile>
> > (and behaves like cleanprof)
>
> Hmm.. Probably a simple check if the profile was modified or not
> should suffice for unmodified profiles and Ignore use cases.
Right. (aa-logprof already does that, BTW)
> > - aa-mergeprof sometimes crashes when saving the profile, but I
> > don't
> >
> > have a clear reproducer yet.
>
> Do the crash happen when trying to save unmodified profiles only or
> also when the profile is modified?
IIRC it only happened when saving modified profiles, but I'm not 100%
sure. The worst part is "sometimes" which means I can't give you a
reproducer (yet) :-(
We should probably check if changed[] is set in the correct way for
every modification - I wouldn't be surprised if merging a specific rule
type (abstractions? *x rules?) "forgets" to set changed[].
It would also be a good idea to merge ask_the_questions() in
aa-mergeprof with ask_the_questions() in aa.py. Most things should be
the same, the only exceptions are #include and that *x conflicts are
possible.
Regards,
Christian Boltz
--
Meinem Gefühl nach hat beim systemd SuSE die Bananenpolitik
perfektioniert - nicht mal die Bananen reifen beim Kunden sondern die
Samen für die Pflanzen wurden verteilt [Manfred Kreisl in opensuse-de]
More information about the AppArmor
mailing list