[apparmor] [patch] Change aa.py delete_duplicates() to loop over rule classes
Christian Boltz
apparmor at cboltz.de
Fri Jun 19 21:35:01 UTC 2015
Hello,
Am Samstag, 20. Juni 2015 schrieb Kshitij Gupta:
> On Fri, Jun 5, 2015 at 7:15 PM, Christian Boltz wrote:
> > this patch changes aa.py delete_duplicates() to loop over the rule
> > classes.
> >
> > That's better than doing copy&paste for each added rule class ;-)
> >
> >
> > [ 45-delete_duplicates-use-loop.diff ]
> >
> > === modified file utils/apparmor/aa.py
> > --- utils/apparmor/aa.py 2015-06-05 15:19:00.724318954 +0200
> > +++ utils/apparmor/aa.py 2015-06-05 15:40:36.233292517 +0200
> > @@ -2066,20 +2066,18 @@
> >
> > # Allow rules covered by denied rules shouldn't be deleted
> > # only a subset allow rules may actually be denied
> >
> > + ruletypes = ['capability', 'change_profile', 'network',
> > 'rlimit'] +
>
> There is probably a better home for this list than this function where
> it may even be re-used, for now its fine.
Right, I'm fully aware of that.
For now I prefer to have it separate - for example, re-using this list
in ask_the_questions() would cause problems because rlimit doesn't
support the audit and deny modifiers [1] and therefore should not offer
those buttons. I have an idea how to handle this, but nothing I could
send out as patch instantly ;-)
Regards,
Christian Boltz
[1] only relevant for aa-mergeprof because audit.log doesn't contain
anything about rlimit AFAIK.
--
> Genau, Office und M$-Programme haben meist alle den gleichen Stil.
Stimmt, die schaffen das Kammquoting meist besonders gut. *g,d&r*
[> Andre Heine und Florian Gross in suse-linux]
More information about the AppArmor
mailing list