[Apparmor-dev] Re: patches for profile tools to work with the
latest kernel
Dominic Reynolds
dreynolds at suse.de
Wed Jul 18 19:40:16 MDT 2007
+++ Seth Arnold [18/07/07 15:58 -0700]:
> On Fri, Jul 13, 2007 at 01:09:50PM -0600, Dominic Reynolds wrote:
> > change_hat_syntax.diff
> > * Read and write new change hat profile syntax.
> > Hats are now defined as /PATH/TO/PROG//HATNAME and exist at the top level
> > scope in the file (no longer embedded within the parent profile). The
> > tools will read in old style hats but will only write out new style.
>
> Is this actually what we want?
>
> The // syntax is how we represent these things to the kernel, and how
> the kernel reports them back, but I think we wanted to keep either our
> existing syntax, or move to a "hat blah { ... }" syntax rather than the
> "^blah { ... }" syntax we have now -- but no plans to remove the hat
> contents from the profiles completely..
>
> Thanks
Ugh. Well thats unfortunate ;-)
I was working along the lines of what the parser would load into the kernel -
if this is the case (that it is the desired design) then I'll get that fixed.
-dom
> _______________________________________________
> Apparmor-dev mailing list
> Apparmor-dev at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070718/e0d6c395/attachment.pgp
More information about the Apparmor-dev
mailing list