[apparmor] [PATCH 4/4] dconf patch

John Johansen john.johansen at canonical.com
Tue Oct 6 18:26:39 UTC 2015 

On 10/06/2015 11:05 AM, Christian Boltz wrote:
> Hello,
> 
> Am Dienstag, 6. Oktober 2015 schrieb John Johansen:
>> diff --git a/parser/Makefile b/parser/Makefile
>> index 1f0db8d..ec54f96 100644
>> --- a/parser/Makefile
>> +++ b/parser/Makefile
>> @@ -74,11 +74,11 @@ SRCS = parser_common.c parser_include.c
>> parser_interface.c parser_lex.c \ parser_main.c parser_misc.c
>> parser_merge.c parser_symtab.c \ parser_yacc.c parser_regex.c
>> parser_variable.c parser_policy.c \ parser_alias.c common_optarg.c
>> lib.c network.c \
>> -       mount.cc dbus.cc profile.cc rule.cc signal.cc ptrace.cc \
>> +       mount.cc dbus.cc dconf.cc profile.cc rule.cc signal.cc
>> ptrace.cc \ af_rule.cc af_unix.cc policy_cache.c
>> -HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h
>> profile.h \ -       rule.h common_optarg.h signal.h ptrace.h
>> network.h af_rule.h af_unix.h \ -       policy_cache.h
>> +HDRS = parser.h parser_include.h immunix.h mount.h dbus.h dconf.h
>> lib.h \ +       profile.h rule.h common_optarg.h signal.h ptrace.h
>> network.h af_rule.h \ +       af_unix.h policy_cache.h
> 
> I know that list is chaotic already (probably for historical reasons?), 
> but what about sorting the HDRS files by alphabet? (same question for 
> SRCS and maybe some other file lists in the Makefile)

yeah we can get to doing something like that, once my make file patches
land. This is based on work William did months ago and I am only now
getting a reply out to.

> 
>> --- a/parser/tst/equality.sh
>> +++ b/parser/tst/equality.sh
> 
>> +verify_binary_equality "dconf read" \
>> +	"/t { dconf / r, }" \
>> +	"/t { dconf / read, }"
>> +
>> +verify_binary_equality "dconf write" \
>> +	"/t { dconf / w, }" \
>> +	"/t { dconf / write, }"
>> +
>> +verify_binary_equality "dconf read-write" \
>> +	"/t { dconf / rw, }" \
>> +	"/t { dconf / wr, }" \
>> +	"/t { dconf / readwrite, }" \
>> +	"/t { dconf / writeread, }" \
>> +	"/t { dconf / read-write, }" \
>> +	"/t { dconf / write-read, }" \
>> +	"/t { dconf / read_write, }" \
>> +	"/t { dconf / write_read, }"
> 
> Seriously?
> 
> I have to admit that I don't really know dconf, but having 8 different 
> ways to allow read and write (one letter vs. word, no separator vs - vs. 
> _) is too much. We don't win anything with it, but it makes 
> implementation of the parser and the tools more difficult than needed.
> 
> IMHO the single-letter syntax we already use in file rules ("rw" or 
> "wr") is enough and will save us some headache.
> 
gah, no that was supposed to be cut out, notice in my intro reply that
I moved it back to an apparmor style syntax. I must have either missed
this block or missed git adding the change back into the patch

More information about the AppArmor mailing list