[apparmor] [PATCH] utils: Don't check for existence of abstraction files in aa-easyprof
Jamie Strandboge
jamie at canonical.com
Mon Nov 30 20:14:07 UTC 2015
On 11/29/2015 10:28 PM, Tyler Hicks wrote:
> aa-easyprof is used to generate profiles and the lack of an abstraction
> file during profile generation should not be an error condition.
>
Why? Or put another way-- why is it any different than a policy group? Is this
just because the parser knows how to deal with it?
> Leave the handling of the abstraction file for the parser. It will fail
> if the file does not exist when the profile is being compiled.
>
> https://launchpad.net/bugs/1521031
>
However, the parser won't be able to give as nice of an error message. It should
be noted that by default easyprof will run apparmor_parser -QTK to verify the
generated profile. If people want this change, perhaps it would make sense to
only skip the check if given --no-verify (idea being, when verifying we can give
better feedback).
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151130/317e3f42/attachment.pgp>
More information about the AppArmor
mailing list