[apparmor] [patch] Add debug info to profile_storage()

Christian Boltz apparmor at cboltz.de
Sun Aug 2 23:12:42 UTC 2015


Hello,

Am Montag, 3. August 2015 schrieb Kshitij Gupta:
> On Tue, Jul 21, 2015 at 12:52 AM, Christian Boltz wrote:
> > for debugging, it's helpful to know which part of the code
> > initialized a profile_storage and for which profile and hat this
> > was done.
> > 
> > This patch adds an 'info' array with that information, adds the
> > corresponding parameters to profile_storage() and changes the
> > callers to deliver some useful content.
>
> Should this be limited to debug mode only?
> 
> Also I am not very happy with the idea to modify these functions this
> much for debugging purposes. Most of the time the calls and
> additional data would serve no purpose and would be an overhead
> albeit minute.

This debugging was already useful - while working on the 82-check-for-
duplicate-profiles patch, I got some hats out of thin air in a 
duplicated apache profile (without any hats) and wondered what I'm doing 
wrong. With the debugging in this patch added, I found out that those 
hats get added by the
    # Below is not required I'd say
section in aa.py parse_profile_data(). This means
a) this section _is_ needed ;-) (but should move to another place so 
   that it only runs after parsing all profiles - something for another 
   patch)
b) the debugging code in this patch is useful

I know it's adding some "superfluous" bytes (maybe 200 bytes per 
profile/hat), but that's nothing compared to the profile content. And as 
I described above, those "wasted" bytes already helped me a lot ;-)

Besides that, we'll at least need the profile name if we implement 
proper handling of @{profile_name} one day.

> > [ 81-profile_storage-debug-info.diff ]


Regards,

Christian Boltz
-- 
Dieser Indizierungsmurks. Semantikgefuckel, dass das System
unbenutzbar macht.
Aber gut, dass man zwei Knie hat, in die man sich schießen kann.
[Lars Müller in opensuse-de]




More information about the AppArmor mailing list