[apparmor] [patch] cleanup aa-disable handling in tools.py

[Christian Boltz]

Hello,

Am Samstag, 7. März 2015 schrieb Steve Beattie:
> On Sat, Feb 28, 2015 at 02:09:30AM +0100, Christian Boltz wrote:

> > BTW: Will this also override --Include (which might have
> > /etc/apparmor.d/abstractions as default if I get parser.conf right)
> > or will the parser still search there if the file doesn't exist in
> > the --base directory?
> 
> No, it will honor passed --Include as well as Include entries listed
> in parser.conf.

That's slightly surprising, but it's documented and therefore ok ;-)

> And uh we should fix parser.conf to point the example include path at
> /etc/apparmor.d/ or some other location, as trying
> /etc/apparmor.d/abstractions ... is likely to leave someone unhappy.
> Maybe like so?
> ---
>  parser/parser.conf |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> Index: b/parser/parser.conf
> ===================================================================
> --- a/parser/parser.conf
> +++ b/parser/parser.conf
> @@ -18,7 +18,10 @@
>  #verbose
> 
>  ## Set include path
> -#Include /etc/apparmor.d/abstractions
> +#Include /etc/apparmor.d/
> +# or
> +#Include /usr/share/apparmor
> +
> 
>  ## Set location of apparmor filesystem
>  #subdomainfs /sys/kernel/security/apparmor

IMHO /etc/apparmor.d/ is enough, but if Ubuntu ships abstractions in 
/usr/share/apparmor, I'm fine with listing both.

Hmm, maybe you should also change
    ## Set include path
to
    ## Set additional include path
?

Acked-by: Christian Boltz <apparmor at cboltz.de> with or without the 
proposed changes ;-)  (trunk only please - I don't want to produce a 
*.rpmnew for a comment change in the next maintenance update ;-)


Regards,

Christian Boltz
-- 
>> vielleicht sollte man die anonymen 9.1er gründen?
> Handelt es sich hier um eine Sucht oder um eine Krankheit?
Also, mich macht die 9.1 nicht suechtig. Eher krank...
[>>Carl A. Schreiber, > Sibylle Koczian & Thomas Hertweck in suse-linux]