[apparmor] [PATCH 3/9] add optional allow prefix to the language
Christian Boltz
apparmor at cboltz.de
Wed Nov 7 22:44:23 UTC 2012
Hello,
Am Mittwoch, 7. November 2012 schrieb John Johansen:
> let allow be used as a prefix in place of deny. Allow is the default
> and is implicit so it is not needed but some user keep tripping over
> it, and it makes the language more symmetric
In other words: the "allow" keyword is purely cosmetics?
I tend to say it's superfluous and useless - why should we add it? ;-)
What about making "allow" more a "don't deny" with the ability to
override an earlier or less specific deny rule? This might be useful for
local/ sniplets or to override a deny from an abstraction.
BTW: does your patch detect conflicting rules like
allow deny /foo rw,
as an error?
Regards,
Christian Boltz
--
Dabei müsste er nur seine Entern-Taste gangbar bekommen, Debian
lauffähig im Grundgerüst bekommt man ja beinahe automatisiert
installiert, wenn man ein Weizenkorn auf die Entertaste malt und
ein Huhn vor seinen Rechner setzt.
[Thorsten von Plotho-Kettner in suse-linux über die Debian-Installation]
More information about the AppArmor
mailing list