[apparmor] aa-enabled
Christian Boltz
apparmor at cboltz.de
Wed Dec 16 13:07:53 UTC 2015
Hello,
Am Dienstag, 15. Dezember 2015 schrieb Seth Arnold:
> On Tue, Dec 15, 2015 at 06:41:48PM -0600, Tyler Hicks wrote:
> > > + if (!quiet) {
> > > + switch(err) {
> > > + case ENOSYS:
> > > + printf(_("No - not available on this system.\n"));
> > > + break;
> > > + case ECANCELED:
> > > + printf(_("No - disabled at boot.\n"));
> > > + break;
> > > + case ENOENT:
> > > + printf(_("Maybe - policy interface not available.\n"));
> > > + break;
> > > + case EPERM:
> > > + case EACCES:
> > > + printf(_("Maybe - insufficient permissions to determine
> > > availability.\n")); + break;
> > > + default:
> > > + printf(_("Error - '%s'\n"), strerror(err));
> > > + }
> > > + }
> > > +
> > > + return err;
> >
> > Do we really want to return an errno value here? Why not just
> > EXIT_FAILURE?
>
> Sigh, I looked right at this, made suggestions, and missed the point
> entirely -- we have to exit with different exit codes because the exit
> code from aa-status(8) is documented with these descriptions. But we
> can't just return with EPERM, we actually need to map all these to
> 1--4.
I mostly agree, however the description of 1..4 in aa-status(8)
describes only "expected" errors. We might want to use a different value
for unexpected errors (that's the "default:" branch in the code quoted
above), and should of course document that additional exit code in the
manpage. (I'd recommend not to use 5 to have some room reserved if we
ever decide to add another "expected" error.)
Regards,
Christian Boltz
--
> Gibt es eine CPU Beschränkung bei der Prof. Version?
Die gibt es tatsaechlich, hat aber nichts mit der Professional Version
zu tun, sondern mit dem Linux-Kernel selbst. Das Limit liegt aber weit
jenseits von dem, was für Dich vermutlich relevant und bezahlbar ist ;-)
[> Robert und Thomas Hertweck in suse-linux]
More information about the AppArmor
mailing list