[apparmor] [yast-devel] apparmor: Texteditor
opensuse at cboltz.de
Mon Apr 3 23:00:19 UTC 2017
Am Montag, 3. April 2017, 16:58:42 CEST schrieb Kenneth Wimer:
> Josef Reidinger <jreidinger at suse.cz> wrote:
> > At second, I am not sure if text editor is good idea.
> > Yast goal should be at first to provide easy to setup tool with
> > guidance, so it is fine if very expect only options are not in GUI.
> > In general I think yast goal is to allows non-expert to do common
> > configuration, so support options that majority of users find
> > useful.
> > Of course, it is not easy to judge what is still common and what is
> > expert only, but we should keep common sense.
My opinion on this is:
With the JSON interface added to the AppArmor tools, YaST will get back
the UI for aa-logprof and aa-genprof (for interactively updating and
I'd consider manually editing a profile an expert task (not in the sense
that it's complicated, but non-experts probably prefer using aa-logprof
or the YaST interface of it), so adding a plain editor doesn't make too
much sense IMHO ;-)
Two crazy ideas:
- implement a minimal profile editor in YaST, that can _only_ edit profile
variables in /etc/apparmor.d/tunables/*
That's something that could be useful for non-experts, for example to
set the dovecot mailstore location for the dovecot profiles.
(Be warned that even this isn't as simple as it might look ;-)
- implement a profile editor with something like PyQt - it could use the
apparmor.rule.* python classes directly and therefore offer a real
value. (Of course, PyQt would mean that it only works in the graphical
Such an editor would live in upstream AppArmor, YaST could just call
Note that both ideas (especially the PyQt-based editor) are just ideas.
I won't add them to my TODO list - I already have vim ;-)
> I would see this as two separate things:
> 1) Editor for file
> - my guess here is that we won't make a better editor than the one
> the user is used to using :-)
Adding an editor to YaST would offer a completely new option in the
editor wars! ;-)
On a more serious note: you might want to use vim for AppArmor profiles
because it has syntax highlighting.
> 2) Validating file
> - this sounds like a good first step. Perhaps just offer functionality
> to parse said file and present useful feedback to the user?
I agree it would be useful, but if there is no "edit profile" button, a
"validate profile" button might cause some confusion ("why does YaST
offer to validate a profile if I can't edit it in YaST?")
Yeah, UI design isn't easy ;-)
I know I have violated this rule in the past, because of the fun a well
crafted flamewar simply is, but today I mostly try to abide to the motto
"If you don't have anything helpful to say, then stay quiet".
[Stefan Seyfried in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the AppArmor