[apparmor] [patch] Unify code for network and capability rules in aa-mergeprof
Steve Beattie
steve at nxnw.org
Sat May 30 00:27:56 UTC 2015
On Sun, May 24, 2015 at 09:17:16PM +0200, Christian Boltz wrote:
> this patch unifies the code for network and capability rules in aa-mergeprof.
>
> This means:
>
> a) for capability rules:
> - move audit and deny to a new "Qualifier" header (only displayed if
> non-empty)
> - always display options, even if only one is available
> - use available_buttons(), which means to add the CMD_AUDIT_* button
> - add handling for CMD_AUDIT_* button
> - CMD_ALLOW: only add rule_obj if the user didn't select a #include
> - move around some code to get it in sync with network rule handling
>
> b) for network rules
> - move audit and deny to a new "Qualifier" header (only displayed if
> non-empty)
> - call rule_obj.severity() (not implemented for network rules, does
> nothing)
> - change messages to generic 'Adding %s to profile.'
> - move around some code to get it in sync with capability rule handling
>
> This means that the only remaining difference is in q.headers[] and the
> variables feeding it:
> - capability rules show "Capability: foo"
> - network rules show "Network Family: foo" and "Socket type: bar"
>
> [ 22-mergeprof-unify-capability-and-network.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150529/74188548/attachment.pgp>
More information about the AppArmor
mailing list