[apparmor] [yast-devel] apparmor: Texteditor

Christian Boltz opensuse at cboltz.de
Mon Apr 3 23:00:19 UTC 2017


Am Montag, 3. April 2017, 16:58:42 CEST schrieb Kenneth Wimer:
> Josef Reidinger <jreidinger at suse.cz> wrote:

> >  At second, I am not sure if text editor is good idea.
> > Yast goal should be at first to provide easy to setup tool with
> > guidance, so it is fine if very expect only options are not in GUI.

> > In general I think yast goal is to allows non-expert to do common
> > configuration, so support options that majority of users find
> > useful.
> > Of course, it is not easy to judge what is still common and what is
> > expert only, but we should keep common sense. 

My opinion on this is:

With the JSON interface added to the AppArmor tools, YaST will get back 
the UI for aa-logprof and aa-genprof (for interactively updating and 
generating profiles).

I'd consider manually editing a profile an expert task (not in the sense 
that it's complicated, but non-experts probably prefer using aa-logprof 
or the YaST interface of it), so adding a plain editor doesn't make too 
much sense IMHO ;-)

Two crazy ideas:

- implement a minimal profile editor in YaST, that can _only_ edit profile
  variables in /etc/apparmor.d/tunables/*
  That's something that could be useful for non-experts, for example to
  set the dovecot mailstore location for the dovecot profiles.
  (Be warned that even this isn't as simple as it might look ;-)

- implement a profile editor with something like PyQt - it could use the
  apparmor.rule.* python classes directly and therefore offer a real 
  value. (Of course, PyQt would mean that it only works in the graphical
  Such an editor would live in upstream AppArmor, YaST could just call 

Note that both ideas (especially the PyQt-based editor) are just ideas. 
I won't add them to my TODO list - I already have vim ;-)

> I would see this as two separate things:
> 1) Editor for file
>  - my guess here is that we won't make a better editor than the one
> the user is used to using :-) 

Adding an editor to YaST would offer a completely new option in the 
editor wars! ;-)

On a more serious note: you might want to use vim for AppArmor profiles 
because it has syntax highlighting.

> 2) Validating file
> - this sounds like a good first step. Perhaps just offer functionality
> to parse said file and present useful feedback to the user?

I agree it would be useful, but if there is no "edit profile" button, a 
"validate profile" button might cause some confusion ("why does YaST 
offer to validate a profile if I can't edit it in YaST?")

Yeah, UI design isn't easy ;-)


Christian Boltz
I know I have violated this rule in the past, because of the fun a well
crafted flamewar simply is, but today I mostly try to abide to the motto
"If you don't have anything helpful to say, then stay quiet".
[Stefan Seyfried in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170404/2f3e712b/attachment.pgp>

More information about the AppArmor mailing list