[apparmor] [patch] Improve validate_profile_mode() and drop PROFILE_MODE_NT_RE
steve at nxnw.org
Mon Jul 6 08:03:12 UTC 2015
On Sun, Jul 05, 2015 at 03:53:20PM +0200, Christian Boltz wrote:
> the only difference between PROFILE_MODE_RE and PROFILE_MODE_NT_RE
> was that the latter one additionally allowed 'x', which looks wrong.
> (Standalone 'x' is ok for deny rules, but those are handled by
> This patch completely drops PROFILE_MODE_NT_RE and the related code in
> Also wrap the two remaining regexes in '^(...)+$' instead of doing it
> inside validate_profile_mode(). This makes the code more readable and
> also results in a 2% performance improvement when parsing profiles.
I'm surprised that it was noticeable. Python supposedly caches re match
patterns, so that repeatedly compiling over and over isn't supposed to
take a significant amount of time. Though repeatedly constructing new
strings over and over will take time.
> I propose this patch for trunk and 2.9, even if it's not as important
> for 2.9 as the previous patch.
> [ 64-improve-validate-profile-mode.diff ]
Acked-by: Steve Beattie <steve at nxnw.org> for trunk and 2.9.
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the AppArmor