[Apparmor-dev] [RFR] patches for profile tools to work with the
latest kernel
John Johansen
jjohansen at suse.de
Wed Jul 18 18:25:35 MDT 2007
On Wed, Jul 18, 2007 at 03:58:20PM -0700, Seth Arnold wrote:
> On Fri, Jul 13, 2007 at 01:09:50PM -0600, Dominic Reynolds wrote:
> > change_hat_syntax.diff
> > * Read and write new change hat profile syntax.
> > Hats are now defined as /PATH/TO/PROG//HATNAME and exist at the top level
> > scope in the file (no longer embedded within the parent profile). The
> > tools will read in old style hats but will only write out new style.
>
> Is this actually what we want?
>
> The // syntax is how we represent these things to the kernel, and how
> the kernel reports them back, but I think we wanted to keep either our
> existing syntax, or move to a "hat blah { ... }" syntax rather than the
> "^blah { ... }" syntax we have now -- but no plans to remove the hat
> contents from the profiles completely..
>
thanks for catching this seth. This isn't what we want. Seth is
correct in that this is how hats are represented internally.
At least currently the parser still accepts ^hatname {, or with the
hat name patch, hat hatname {.
It is true that the parser actually accepts this extern hat syntax,
and we can use it if desired.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070718/dc836826/attachment.pgp
More information about the Apparmor-dev
mailing list