[apparmor] [patch] Add severity() to BaseRule class

[Christian Boltz]

Hello,

Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
> On Sun, May 24, 2015 at 05:59:58PM +0200, Christian Boltz wrote:
> > this patch adds severity() to the BaseRule class
> >
> > severity() will, surprise!, return the severity of a rule, or
> > '--' if a *Rule class doesn't implement the severity() function
> 
> This seems like an error state/bug if it's not implemented. Wouldn't
> it be better to raise AppArmorBug() here? We already do this for
> other unimplemented abstract methods (which is also a hint that the
> method should get the FIXME comment like the other abstract methods
> have).

I can imagine why you are asking, but I tend to say no ;-)

Even if it would be nice to have it for all rule types, severity() is an 
optional feature (as opposed to _parse() or _is_covered_localvars()), 
so if we change it to raise an exception, we'll need something like 
*Rule.features = ['severity'] to give the calling code a way to prevent 
calling a non-implemented severity(). That would make the code more 
complex (we need severity() _and_ features[], with the risk that 
features[] gets out of sync) without a real win.

(We might need *Rule.features[]  or *Rule.available_qualifiers[] 
nevertheless for audit and allow/deny so that aa-logprof and aa-
mergeprof can decide which buttons to display, but that's another 
topic.)

> > Also add a test that checks the return value in BaseRule.
> >
> > 
> >
> > [ 19-baserule-add-severity.diff ]


Regards,

Christian Boltz
-- 
> It is funny that most bugs people report here are KDE bugs. I have not
> experienced those either with XFCE nor with GNOME3.
Perhaps that's a corollary of most openSUSE people using KDE. I haven't
seen many Windows bugs reported here either, by your logic we should
just put that on the DVD.
[> Stefan Seyfried and Will Stephenson in opensuse-factory]