[apparmor] [PATCH RFC] Add profile-based libapparmor query interface
Seth Arnold
seth.arnold at canonical.com
Thu Mar 7 02:49:42 UTC 2013
On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote:
> * Setting two int return parameters to indicate allow and audit isn't a
> final solution. I was thinking that I'd return a special return code
> that will indicate error or allow and audit statuses. Then define some
> simple macros (aa_query_profile_err(rc), aa_query_profile_allow(rc),
> aa_query_profile_audit(rc)) in apparmor.h that can be used to
> translate the return code. I'm open to other suggestions...
I could imagine a function might want to get the four masks.
I could imagine adding more queries, beyond just "profile\0", and doing
some slight re-factoring of the code to support it.
This current code reads beautifully anyway. It'd be a shame to
over-generalize it before the need is demonstrated. I _assume_ that
those changes can be made later without too much hassle, but I'm afraid
I never learned enough about the library end of things.
> ===================================================================
> --- apparmor-2.8.0.orig/libraries/libapparmor/src/Makefile.am 2013-03-05 16:45:24.411511315 -0800
> +++ apparmor-2.8.0/libraries/libapparmor/src/Makefile.am 2013-03-05 19:55:23.144369240 -0800
> @@ -24,7 +24,7 @@
> noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
>
> libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
> -libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic \
> +libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic -pthread \
> -Wl,--version-script=$(top_srcdir)/src/libapparmor.map -Wl,-soname=libapparmor.so.1
>
> libimmunix_la_SOURCES = kernel_interface.c libimmunix_warning.c
What does this do for callers of the api? Will all programs that use the
library _also_ need -lpthread? Or just ones that use functions that use
the pthread_once functionality? Or will _none_ need to use it, because
it's somewhat hidden in the application?
Thanks Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130306/b44a9ada/attachment.pgp>
More information about the AppArmor
mailing list