[apparmor] [patch] Change aa-logprof and aa-mergeprof to read the severity from CapabilityRule
Christian Boltz
apparmor at cboltz.de
Sun May 31 16:25:26 UTC 2015
Hello,
Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
> On Sun, May 24, 2015 at 06:53:35PM +0200, Christian Boltz wrote:
> > Note: the != '--' check in aa-mergeprof is superfluous for
> > capabilities, but will become useful once this code block is used
> > for other rule types.
> >
> >
> > [ 21-read-severity-from-capability-rule.diff ]
>
> Again, I like everything here except for the magic value '--' that
> is yet another representation of 'unknown value'
Yes, but it also shows the difference between '--' and 'unknown':
- 'unknown' (or whatever you tell severity.py to use for unknown)
will display "Severity: unknown" in aa-logprof
- '--' means "_not to display_ the "Severity:" line in aa-logprof
It's pointless to do always display "Severity: unknown" for network
rules (because we don't have severity rating for them). OTOH, displaying
"Severity: unknown" for a file rule is more valueable because we have
ratings for some files.
Regards,
Christian Boltz
--
Sometimes I feel that using osc (and OBS) is like driving an alien
space ship, full of nice features, but I cannot read the manual ;-)
[Filipe in opensuse-packaging]
More information about the AppArmor
mailing list