Proposal to remove PCRE support

[Kees Cook]

On Wed, Jun 16, 2010 at 09:01:54AM -0700, John Johansen wrote:
> On 06/16/2010 08:36 AM, Steve Beattie wrote:
> > On Wed, Jun 16, 2010 at 01:06:27AM -0700, John Johansen wrote:
> >> I would like to propose that we remove support for PCRE based policy
> >> from the parser/policy loader.
> >>
> >> The last version of AppArmor to use PCRE based policy was AppArmor 2.0.1,
> >> which was approximately 3 years ago.  The PCRE part of the code has not
> >> been actively maintain and I doubt that it has been tested in the last
> >> 1.5 years.  Dropping PCRE support will also help in the efforts to
> >> cleanup the parsers code base.
> > 
> > Agreed, at this point it seems to me to be just cruft. The only utility
> > that I could have seen in keeping is to have it available for upgrades,
> > where the parser gets upgraded (and policy re-applied) before the kernel
> > gets rebooted.
> > 
> Right, but as I said it has been years the last suse kernel to support
> this was SLES10SP1, SP2 actually uses the dfa, and for Ubuntu it was
> gutsy?, Hardy is using the dfa so I don't believe that its worth holding
> on to for even the upgrade cycle anymore.

+1 to drop PCRE.  As mentioned, it's effectively unused, so we shouldn't
keep it.

-Kees

-- 
Kees Cook
Ubuntu Security Team