[Apparmor-dev] [RFR] patches for profile tools to work with the latest kernel

[Christian Boltz]

Hello,

Am Donnerstag, 19. Juli 2007 schrieb Seth Arnold:
> On Fri, Jul 13, 2007 at 01:09:50PM -0600, Dominic Reynolds wrote:
> >  change_hat_syntax.diff
> >    * Read and write new change hat profile syntax.
> >      Hats are now defined as /PATH/TO/PROG//HATNAME and exist at
> > the top level scope in the file (no longer embedded within the
> > parent profile). The tools will read in old style hats but will
> > only write out new style.
>
> Is this actually what we want?

From my POV: Yes, I would really want this!

Background: I'm auto-generating hats for Apache vHosts using a script, 
and it isn't fun to include them inside the main profile. Basically I'm 
doing this with the following code:

sed '/^}/ d' < "$apacheprofile" > "$tmpprofile" || exit 2
echo "
  ^vhost_$username {
    #include <abstractions/vhost_$username>
  }
}" >> "$tmpprofile" || exit 3
mv "$tmpprofile" "$apacheprofile" || exit 4

(This means: Remove the last "}", add the hat, re-add the closing "}" 
and copy the profile back to its original name.)

It would be ways easier if I could just call

echo "
/usr/sbin/httpd2-prefork//vhost_$username {
  #include <abstractions/vhost_$username>
}
" >> "$apacheprofile" || exit 3


(Needless to say that logprof doesn't work with complete hats in 
abstractions/* files :-/ )


Regards,

Christian Boltz
-- 
Erstes Gesetz WWW: 
 Du mögest trennen die Spinnen und Indianer von den Usern und jedem
 sein eigen Grund und Heim zuteilen auf das der eine nicht neidisch
 werde auf den anderen und begehre dessen Heim und Gut. *lach*
                                     [Thomas Templin in suse-linux]