[apparmor] [PATCH] aa-keywords: Expose parser keywords
Seth Arnold
seth.arnold at canonical.com
Tue Feb 28 04:42:51 UTC 2017
On Mon, Feb 27, 2017 at 08:39:40PM -0600, Goldwyn Rodrigues wrote:
> From: Goldwyn Rodrigues <rgoldwyn at suse.com>
>
> A simple utility to return the keywords used in apparmor.d profile
> files.
>
> This would enable utilities such as yast to create apparmor
> profiles without the need to cross-checking and verifying
> the syntax.
>
> While there is nothing fancy about the tool, if you think this needs
> more command-line arguments, I will be happy to put them in.
What's the intention of the tool?
A full understanding of AppArmor profiles is well beyond what this patch
enables; the Python-based tools offer a good subset of what's legal, but
still don't understand a great many legal (and useful) profiles.
So I'm hesitant to suggest that the YaST front end should try to reproduce
the parser -- it would be extremely complicated work and trying to reach
parity would be an immense undertaking, and the end results might still
be very frustrating to users ("yast says its valid so why did it fail?";
"this parses just fine at the command line but yast says it's invalid?";
etc.) At some point, providing a dumb text window without help may be
friendlier than a text widget that gets things wrong.
But if there's reason enough to keep the tool, the changes look good, and
probably having the descriptions around as online-help in the tool would
be a vast usability improvement. I'd like to keep that part. :)
There's more than a few missing keywords though: link, audit, dbus
and its many keywords. (I one day tried to collate all the keywords
we support for AFL fuzzing. It took a lot longer than I expected and I
accidentally destroyed the list when I reclaimed the VM. Finding them
all takes a while.)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170227/bf32f14c/attachment.pgp>
More information about the AppArmor
mailing list