[apparmor] [PATCH 1/5] Split aa_query_label into a base aa_query_cmd and it, aa_query_label

Sun Dec 18 00:55:55 UTC 2016

On 12/17/2016 04:03 PM, Christian Boltz wrote:
> Hello,
> 
> first of all, I fail to parse the second half of the patch summary 
> (subject) - the "and it, aa_query_label" part looks broken.
> 
> Am Freitag, 16. Dezember 2016, 09:57:13 CET schrieb John Johansen:
>> Split the basic transaction file query out of aa_query_label so that
>> it can be reused by other query types.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
> 
> 
>> --- a/libraries/libapparmor/doc/aa_query_label.pod
>> +++ b/libraries/libapparmor/doc/aa_query_label.pod
>> @@ -32,11 +32,18 @@ aa_query_link_path, aa_query_link_path_len - query
>> access permissions of a link
>>
>>  B<#include E<lt>sys/apparmor.hE<gt>>
>>
>> -B<int aa_query_label(uint32_t mask, char *query, size_t size, int
>> *allowed, int *audited);> +B<int aa_query_cmd(const char *cmd, size_t
>> cmd_size, char *query, +		size_t size, char *buffer, size_t bsize);>
>>
>> -B<int aa_query_file_path(uint32_t mask, const char *label, size_t
>> label_len, const char *path, int *allowed, int *audited);> +B<int
>> aa_query_label(uint32_t mask, char *query, size_t size, +		int
>> *allowed, int *audited);>
>>
>> -B<int aa_query_file_path_len(uint32_t mask, const char *label, size_t
>> label_len, const char *path, size_t path_len, int *allowed, int
>> *audited);> +B<int aa_query_file_path(uint32_t mask, const char
>> *label, size_t label_len, +		const char *path, int *allowed, int
>> *audited);>
>> +
>> +B<int aa_query_file_path_len(uint32_t mask, const char *label,
>> +		size_t label_len, const char *path, size_t path_len,
>> +		int *allowed, int *audited);>
> 
> Re-formatting the existing paragraphs *and* adding a new one make the 
> patch unreadable (and KMail makes it even worse ;-)
> 
> If it isn't too much work, please split off the re-formatting of the 
> documentation for existing functions into a separate patch (0.5/5 ;-) or 
> outside of this series).
> 
>> diff --git a/libraries/libapparmor/src/libapparmor.map
>> b/libraries/libapparmor/src/libapparmor.map index 5cbd4e8..69207d3
>> 100644
>> --- a/libraries/libapparmor/src/libapparmor.map
>> +++ b/libraries/libapparmor/src/libapparmor.map
>> @@ -95,6 +95,13 @@ APPARMOR_2.11 {
>>          *;
>>  } APPARMOR_2.10;
>>
>> +APPARMOR_2.12 {
>> +  global:
>> +        aa_query_cmd;
>> +  local:
>> +        *;
>> +} APPARMOR_2.11;
> 
> Does this mean you expect this patch to land _after_ the 2.11 release?
> (No objections - 2.11 was delayed more than enough ;-)  and I can 
> foresee some reasons why this patch series could introduce another 
> delay.)
> 
> 
I wasn't planning on landing anything new until 2.11 is out the door.
The only thing I want landing is fixes so we can get 2.11 out.

This is work to unblock further development that will be landed
later, so it needed to get out but will not be landing soon