[apparmor] [PATCH] Convert aa-status to Python
John Johansen
john.johansen at canonical.com
Thu May 26 18:27:18 UTC 2011
On 05/26/2011 11:08 AM, Seth Arnold wrote:
> You might want to profile boottimes with this change. I can't blame you for wanting to migrate tools away from Perl :) but aa-status is called in several startup scripts to see if apparmor profiles for those specific services should be loaded. Throwing python into boot sequence too might introduce significant costs compared to Perl.
>
Well part of the problem with testing the boot sequence as suggested, is that it is some what distro specific. The cost won't be nearly as bad for distros that already have python in the boot sequence (Ubuntu), but for others ...
My concern for this is what happens for distros that don't ship python as part of the base? Are there any of those? Then we end up dragging in python as a dependency instead of perl modules.
> C or sh would make me happier.
>
sadly yes and no, C would make this a pita (this coming from a C junkie) and sh is just to ugly. I can't see this being nice in sh either, it could be done okay with bash but then there is the dependency on bash, which isn't univeral either.
> But maybe finding a better tool than aa-status for those startup scripts would be a better idea -- aa-status breaks pretty bad on upstream-kernel apparmor support.
>
That is a possibility too.
/me laments that python, perl, etc. don't share a common universal backend
More information about the AppArmor
mailing list