[apparmor] [PATCH v2 00/42] Create libapparmor API for policy cache loading

[John Johansen]

On 03/06/2015 01:48 PM, Tyler Hicks wrote:
> This patch set creates a libapparmor API to allow for in-process AppArmor
> policy cache loading. At the moment, this API will be useful for
> apparmor_parser and systemd.
> 
> I've combined two different proposed patch sets[1][2] into one since they both
> work towards the same goal of providing a policy cache loading API. Sorry for
> the number of patches involved here.
> 
> In this version 2 set, I've addressed a few important feedback items that I got
> from v1 of the two patchsets:
> 
>  * Don't throw away the debug/error logging in the code that is moved from the
>    parser to libapparmor
>    - The "libapparmor: Add basic logging functionality" patch adds equivalent
>      PDEBUG() and PERROR() logging macros to libapparmor
>    - I've went back and reintroduced all of the PDEBUG() and PERROR() calls
>      that were removed in v1
>  * Don't expose anything about the match file support in libapparmor
>    - The "parser: Begin to flesh out library interface for features" patch
>      leaves the match file parsing in parsing_main.c and all related patches to
>      the previously proposed aa_match interface have been dropped
>    - Only apparmor_parser will properly support the match file. Users of the
>      new libapparmor API, such as systemd, will not work with a match file
>      based system.
>  * Create a string based aa_features API rather than using a design that
>    require libapparmor to be updated when the kernel and/or parser receives new
>    features
>    - The "parser: Add functions for features support tests" patch has been
>      rewritten to use a string based API and those changes have been propagated
>      throughout the set
> 
> I left ack's on patches that didn't see much churn and tried to remember to
> drop them if I made any large changes.
> 
So as before I skipped the patches I sent or those that already have an ack