[apparmor] [patch] cleanup aa-disable handling in tools.py
Steve Beattie
steve at nxnw.org
Sat Mar 7 15:15:14 UTC 2015
On Sat, Feb 28, 2015 at 02:09:30AM +0100, Christian Boltz wrote:
> > caused the parser to abort when trying to operate on my test
> > profile not because it couldn't find the abstractions included
> > within it, but because the system-wide abstractions that it fell
> > back to referenced a policy variable that my test tree's
> > tunables/ did not define. This was not what I was expecting, but I'm
> > not sure that we've defined what we mean by -d/--dir with the utils;
> > my expectation was that it would be the equivalent to setting the
> > --base option in the parser, but maybe that was misguided. My bigger
>
> Sounds like a valid and sane assumption - one of my next patches will
> pass the directory given in -d as --base to the parser.
>
> BTW: Will this also override --Include (which might have
> /etc/apparmor.d/abstractions as default if I get parser.conf right)
> or will the parser still search there if the file doesn't exist in the
> --base directory?
No, it will honor passed --Include as well as Include entries listed in
parser.conf.
And uh we should fix parser.conf to point the example include path at
/etc/apparmor.d/ or some other location, as trying
/etc/apparmor.d/abstractions ... is likely to leave someone unhappy.
Maybe like so?
---
parser/parser.conf | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Index: b/parser/parser.conf
===================================================================
--- a/parser/parser.conf
+++ b/parser/parser.conf
@@ -18,7 +18,10 @@
#verbose
## Set include path
-#Include /etc/apparmor.d/abstractions
+#Include /etc/apparmor.d/
+# or
+#Include /usr/share/apparmor
+
## Set location of apparmor filesystem
#subdomainfs /sys/kernel/security/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150307/4a6ca48f/attachment.pgp>
More information about the AppArmor
mailing list