[apparmor] [patch] Change aa-logprof and aa-mergeprof to read the severity from CapabilityRule

Christian Boltz apparmor at cboltz.de
Sun May 31 16:25:26 UTC 2015


Hello,

Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
> On Sun, May 24, 2015 at 06:53:35PM +0200, Christian Boltz wrote:
> > Note: the   != '--'   check in aa-mergeprof is superfluous for
> > capabilities, but will become useful once this code block is used
> > for other rule types.
> > 
> > 
> > [ 21-read-severity-from-capability-rule.diff ]
> 
> Again, I like everything here except for the magic value '--' that
> is yet another representation of 'unknown value'

Yes, but it also shows the difference between '--' and 'unknown':
- 'unknown' (or whatever you tell severity.py to use for unknown) 
  will display "Severity: unknown" in aa-logprof
- '--' means "_not to display_ the "Severity:" line in aa-logprof

It's pointless to do always display "Severity: unknown" for network 
rules (because we don't have severity rating for them). OTOH, displaying 
"Severity: unknown" for a file rule is more valueable because we have 
ratings for some files.


Regards,

Christian Boltz
-- 
Sometimes I feel that using osc (and OBS) is like driving an alien
space ship, full of nice features, but I cannot read the manual ;-)
[Filipe in opensuse-packaging]




More information about the AppArmor mailing list