[apparmor] [PATCH 1/5] Split aa_query_label into a base aa_query_cmd and it, aa_query_label

Christian Boltz apparmor at cboltz.de
Sun Dec 18 00:03:04 UTC 2016 

Hello,

first of all, I fail to parse the second half of the patch summary 
(subject) - the "and it, aa_query_label" part looks broken.

Am Freitag, 16. Dezember 2016, 09:57:13 CET schrieb John Johansen:
> Split the basic transaction file query out of aa_query_label so that
> it can be reused by other query types.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>


> --- a/libraries/libapparmor/doc/aa_query_label.pod
> +++ b/libraries/libapparmor/doc/aa_query_label.pod
> @@ -32,11 +32,18 @@ aa_query_link_path, aa_query_link_path_len - query
> access permissions of a link
> 
>  B<#include E<lt>sys/apparmor.hE<gt>>
> 
> -B<int aa_query_label(uint32_t mask, char *query, size_t size, int
> *allowed, int *audited);> +B<int aa_query_cmd(const char *cmd, size_t
> cmd_size, char *query, +		size_t size, char *buffer, size_t bsize);>
> 
> -B<int aa_query_file_path(uint32_t mask, const char *label, size_t
> label_len, const char *path, int *allowed, int *audited);> +B<int
> aa_query_label(uint32_t mask, char *query, size_t size, +		int
> *allowed, int *audited);>
> 
> -B<int aa_query_file_path_len(uint32_t mask, const char *label, size_t
> label_len, const char *path, size_t path_len, int *allowed, int
> *audited);> +B<int aa_query_file_path(uint32_t mask, const char
> *label, size_t label_len, +		const char *path, int *allowed, int
> *audited);>
> +
> +B<int aa_query_file_path_len(uint32_t mask, const char *label,
> +		size_t label_len, const char *path, size_t path_len,
> +		int *allowed, int *audited);>

Re-formatting the existing paragraphs *and* adding a new one make the 
patch unreadable (and KMail makes it even worse ;-)

If it isn't too much work, please split off the re-formatting of the 
documentation for existing functions into a separate patch (0.5/5 ;-) or 
outside of this series).

> diff --git a/libraries/libapparmor/src/libapparmor.map
> b/libraries/libapparmor/src/libapparmor.map index 5cbd4e8..69207d3
> 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -95,6 +95,13 @@ APPARMOR_2.11 {
>          *;
>  } APPARMOR_2.10;
> 
> +APPARMOR_2.12 {
> +  global:
> +        aa_query_cmd;
> +  local:
> +        *;
> +} APPARMOR_2.11;

Does this mean you expect this patch to land _after_ the 2.11 release?
(No objections - 2.11 was delayed more than enough ;-)  and I can 
foresee some reasons why this patch series could introduce another 
delay.)


I didn't notice any obvious errors in the code. Either there aren't any, 
or I overlooked them thanks to my limited C knownledge ;-)


Regards,

Christian Boltz
-- 
Pinguine sind picklige Geeks, die sich ihren
Sonnenbrand vorm Monitor holen.      [Ratti]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161218/696834a5/attachment.pgp>

More information about the AppArmor mailing list