[apparmor] [PATCH 5/5] Revise dconf

[Christian Boltz]

Hello,

Am Freitag, 16. Dezember 2016, 10:01:47 CET schrieb John Johansen:
> +verify_binary_equality "dconf read" \
> +       "/t { dconf r /, }" \
> +       "/t { dconf read /, }"
> +
> +verify_binary_equality "dconf read-write" \
> +       "/t { dconf /, }" \
> +       "/t { dconf rw /, }" \
> +       "/t { dconf wr /, }" \
> +       "/t { dconf (read write) /, }" \
> +       "/t { dconf (write read) /, }" \
> +       "/t { dconf (read, write) /, }"

Does it really make sense to allow short and long versions for the 
permissions?

IMHO the only thing we gain is more code to parse it and confusing 
documentation ;-)  so I'd propose to keep it simple and just allow r and 
rw. Mabe even wr if someone wants to be creative ;-)

If we really decide to allow long and short permissions, will

    dconf ( wr )  /,

(with the parenthesis around the permissions) be a valid rule?


Regards,

Christian Boltz
-- 
I just started a little project: the openSUSE Spring of Code.
It has many advantages over similiar projects, most prominently it's
all about honor and you don't have to care how to pay taxes on money.
[Stephan Kulow in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170127/e6467202/attachment.pgp>