[apparmor] [PATCH] utils: Don't check for existence of abstraction files in aa-easyprof

[Jamie Strandboge]

On 11/30/2015 05:15 PM, Tyler Hicks wrote:
> On 2015-11-30 14:14:07, Jamie Strandboge wrote:
>> On 11/29/2015 10:28 PM, Tyler Hicks wrote:
>>> aa-easyprof is used to generate profiles and the lack of an abstraction
>>> file during profile generation should not be an error condition.
>>>
>> Why? Or put another way-- why is it any different than a policy group? Is this
>> just because the parser knows how to deal with it?
> 
> This patch came about because I was working on some packaging for
> something that ships a new abstraction file and uses aa-easyprof to
> generate a new profile using the new abstraction file at build time.
> aa-easyprof only looks in /etc/apparmor.d/abstraction/ for abstractions
> specified in the manifest file and, since aa-easyprof is invoked during
> package build, the new abstraction file is not yet installed.
> 
> An alternative would be to add a new flag to aa-easyprof to specify an
> additional location to search for abstractions.
> 
> Would adding an --include-abstractions-dir option be preferred instead
> of dropping the existence check?
> 
I don't think I like --include-abstractions-dir as a workaround for this, though
it is possibly interesting otherwise (not asking for you to implement that at
this time).

I still think the check is valuable though. What if instead you added an
'--ignore-missing' (or something) instead and left the default as is? This would
probably be most useful if it applied to policy groups as well.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151217/4c88c70b/attachment.pgp>