[Apparmor-dev] [rfr] apparmor_status: report more detailed
information
jesse michael
jmichael at suse.de
Tue May 29 12:48:06 MDT 2007
On Mon, May 28, 2007 at 12:38:34PM -0400, Mathias Gug wrote:
> Hello,
>
> Attached is a patch that improves the information reported by then
> apparmor_status script. It gives more detailed information about loaded
> profiles and their mode, running processes and profiles applied to them.
This looks really nice, thanks.
> if (open(PROFILES, "$mountpoint/profiles")) {
> while(<PROFILES>) {
> - $profiles++;
> - $enforced++ if m/\(enforce\)$/;
> - $complain++ if m/\(complain\)$/;
> + $profiles{$1} = $2 if m/(\S+)\s+\((\w+)\)$/;
> }
> close(PROFILES);
One thing that should be noted is that profile names can currently have
whitespace in them. So if you profile "/usr/bin/my silly program", that
\S+ in the m// won't match things correctly.
Having whitespace in program names is really ugly, but if I remember correctly
we've run into real applications like that. :(
More information about the Apparmor-dev
mailing list