[Apparmor-dev] [RFR] add support for lock and append bits to
logprof.
jesse michael
jmichael at suse.de
Mon Jul 23 21:18:04 MDT 2007
On Mon, Jul 23, 2007 at 03:51:27PM -0700, Seth Arnold wrote:
> On Fri, Jul 20, 2007 at 05:06:55PM -0700, jesse michael wrote:
> > On Fri, Jul 20, 2007 at 10:52:08AM -0600, Dominic Reynolds wrote:
> > > Patches refreshed and new ones added to fix bugs and incorporate
> > > feedback (thanks seth, jj, david, jesse for the testing and review)
> >
> > I haven't had a chance to look at these very much yet, but here's an
> > additional patch to support the lock and append bits as well as complain
> > if we run into any new mode specifications in a profile that we don't
> > already know about.
>
> > + if (!validate_mode($mode)) {
> > + fatal_error(sprintf(gettext('Profile %s contains invalid mode %s.', $file, $mode)));
> > + }
> > +
>
> Is a fatal error really a good idea?
Well, it indicates either syntax errors introduced by manually editing
profiles or using profiles with an outdated version of apparmor-utils that
doesn't understand new mode bits that have been added. We used to silently
throw those away, but I think that's a bad idea.
More information about the Apparmor-dev
mailing list