[apparmor] [yast-devel] apparmor: Texteditor

Kenneth Wimer wimer at suse.com
Tue Apr 4 00:08:03 UTC 2017

>>> On 04/04/2017 at 01:00, in message <22603812.fgmShBOELW at tux.boltz.de.vu>,
Christian Boltz <opensuse at cboltz.de> wrote: 
> Hello, 
> Am Montag, 3. April 2017, 16:58:42 CEST schrieb Kenneth Wimer: 
> > Josef Reidinger <jreidinger at suse.cz> wrote: 
> > >  At second, I am not sure if text editor is good idea. 
> > > Yast goal should be at first to provide easy to setup tool with 
> > > guidance, so it is fine if very expect only options are not in GUI. 
> > > In general I think yast goal is to allows non-expert to do common 
> > > configuration, so support options that majority of users find 
> > > useful. 
> > > Of course, it is not easy to judge what is still common and what is 
> > > expert only, but we should keep common sense.  
> My opinion on this is: 
> With the JSON interface added to the AppArmor tools, YaST will get back  
> the UI for aa-logprof and aa-genprof (for interactively updating and  
> generating profiles). 
> I'd consider manually editing a profile an expert task (not in the sense  
> that it's complicated, but non-experts probably prefer using aa-logprof  
> or the YaST interface of it), so adding a plain editor doesn't make too  
> much sense IMHO ;-) 
> Two crazy ideas: 
> - implement a minimal profile editor in YaST, that can _only_ edit profile 
>   variables in /etc/apparmor.d/tunables/* 
>   That's something that could be useful for non-experts, for example to 
>   set the dovecot mailstore location for the dovecot profiles. 
>   (Be warned that even this isn't as simple as it might look ;-) 
> - implement a profile editor with something like PyQt - it could use the 
>   apparmor.rule.* python classes directly and therefore offer a real  
>   value. (Of course, PyQt would mean that it only works in the graphical 
>   interface.) 
>   Such an editor would live in upstream AppArmor, YaST could just call  
>   it. 
> Note that both ideas (especially the PyQt-based editor) are just ideas.  
> I won't add them to my TODO list - I already have vim ;-) 
> > I would see this as two separate things: 
> >  
> > 1) Editor for file 
> >  - my guess here is that we won't make a better editor than the one 
> > the user is used to using :-)  
> Adding an editor to YaST would offer a completely new option in the  
> editor wars! ;-) 
> On a more serious note: you might want to use vim for AppArmor profiles  
> because it has syntax highlighting. 
> > 2) Validating file 
> > - this sounds like a good first step. Perhaps just offer functionality 
> > to parse said file and present useful feedback to the user? 
> I agree it would be useful, but if there is no "edit profile" button, a  
> "validate profile" button might cause some confusion ("why does YaST  
> offer to validate a profile if I can't edit it in YaST?") 

Maybe something along the lines of the SOC Crowbar barclamp editor? It supports a set of pre-defined options/keys as
well as a simple text editor for the file (raw view).

Kenneth Wimer
UI/UX Team Lead
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) 
Maxfeldstr. 5, D-90409 Nürnberg, Germany
Phone: +49 911 740 53-669

More information about the AppArmor mailing list