[apparmor] allow to pass custom options to parser

[John Johansen]

On 07/14/2011 12:01 AM, Arkadiusz Miskiewicz wrote:
> 
> I need to pass some options like (-O no-expr-simplify; yeah, parser
> is slow as hell) to parser, so:
> 
> === modified file 'parser/rc.apparmor.functions'
> --- parser/rc.apparmor.functions        2011-06-01 14:52:35 +0000
> +++ parser/rc.apparmor.functions        2011-07-14 06:56:45 +0000
> @@ -206,7 +207,7 @@
>                         if force_complain "${profile}" ; then
>                                 COMPLAIN="-C"
>                         fi
> -                       $PARSER $ABSTRACTIONS $PARSER_ARGS $COMPLAIN "$profile" > /dev/null
> +                       $PARSER $ABSTRACTIONS $PARSER_ARGS $PARSER_CUSTOM_ARGS $COMPLAIN "$profile" > /dev/null
>                         if [ $? -ne 0 ]; then
>                                 aa_log_failure_msg "$profile failed to load"
>                                 STATUS=1
> 
> === modified file 'parser/subdomain.conf'
> --- parser/subdomain.conf       2011-01-13 21:58:26 +0000
> +++ parser/subdomain.conf       2011-07-14 06:59:27 +0000
> @@ -23,6 +23,11 @@
>  # Enable the AppArmor event daemon for reporting?
>  APPARMOR_ENABLE_AAEVENTD="no"
> 
> +## Path:       System/AppArmor
> +## Description: Custom user flags for apparmor profile parser
> +#
> +PARSER_CUSTOM_ARGS=""
> +
>  #SUBDOMAIN_MODULE_PANIC=XXX
>  #This option controls how subdomain behaves when the init script attempts
>  #to load the AppArmor module and fails.  There are 4 options
> 
> 
I am fine with doing this but we are also updating the parser so
it will be able to pull some config info from /etc/apparmor/
so you can put your -O no-expr-simplify in there.

With the parser picking up this ability do you still see a need
for passing PARSER_CUSTOM_ARGS=""?