[apparmor] [patch] [33/38] Add cleanup flag to *Ruleset.add()
Steve Beattie
steve at nxnw.org
Mon Sep 26 22:36:34 UTC 2016
On Fri, Aug 12, 2016 at 11:06:08PM +0200, Christian Boltz wrote:
> adding a rule to *Ruleset means it simply gets added. This also means
> that then-superfluous rules will be kept.
>
> This patch adds an optional cleanup flag to add(). If set, rules covered
> by the new rule will be deleted. The difference to delete_duplicates()
> is that cleanup only deletes rules that are covered by the new rule, but
> keeps other, unrelated superfluous rules.
>
> Also return the number of deleted rules to give the UI a chance to
> report this number.
>
> Finally, adjust the existing tests for FileRuleset to ensure default
> mode (without cleanup) doesn't delete any rules, and add a test using
> the cleanup flag.
>
> [ 33-ruleset-cleanup-duplicates-on-add.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160926/1a5d1e53/attachment.pgp>
More information about the AppArmor
mailing list