[apparmor] [patch][parser] disable downgrade and not enforced rule messages by default

Steve Beattie steve at nxnw.org
Wed Oct 8 17:15:55 UTC 2014 

On Wed, Oct 08, 2014 at 03:32:06AM -0700, John Johansen wrote:
> On 10/07/2014 03:38 PM, Steve Beattie wrote:
> > On Tue, Oct 07, 2014 at 04:00:34AM -0700, John Johansen wrote:
> >> Currently the apparmor parser warns about rules that are not enforced or
> >> downgraded. This is a problem for distros that are not carrying the out of
> >> tree kernel patches, as most profile loads result in warnings.
> >>
> >> Change the behavior to not output a message unless a warn flag is passed.
> >> This patch adds 2 different warn flags
> >>   --warn rule-downgraded		# warn if a rule is downgraded
> >>   --warn rule-not-enforced		# warn if a rule is not enforced at all
> >>
> >> If the warnings are desired by default the flags can be set in the
> >> parser.conf file.
> > 
> > Code mostly looks good; a couple of issues:
> > 
> >   1) needs man page update.
> >   2) the --help=warn is useful, but --warn needs to be part of the main
> >      usage statement:
> > 
> 
> v2.
> - update man page
> - add --warn to usage statement
> - make --quiet clear warn flags
> 
> Currently the apparmor parser warns about rules that are not enforced or
> downgraded. This is a problem for distros that are not carrying the out of
> tree kernel patches, as most profile loads result in warnings.
> 
> Change the behavior to not output a message unless a warn flag is passed.
> This patch adds 2 different warn flags
>   --warn rule-downgraded		# warn if a rule is downgraded
>   --warn rule-not-enforced		# warn if a rule is not enforced at all
> 
> If the warnings are desired by default the flags can be set in the
> parser.conf file.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Steve Beattie <steve at nxnw.org>

Thanks!

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141008/6b5b0c00/attachment.pgp>

More information about the AppArmor mailing list