On Tue, Dec 18, 2012 at 02:39:55PM -0800, John Johansen wrote:
> On 12/18/2012 06:17 AM, Steve Beattie wrote:
> > The apparmor_api abstractions make the mistake of including tunables
> > directly, which is a no-no since the variable definitions in tunables
> > need to occur in the preamble of a profile, not embedded within it.
> > This patch removes those includes, and replaces them documentation of
> > tunables are necessary, as some of the expected ones are not part of
> > tunables/global.
> >
> > It also adjust the kernelvars tunable's definition of the @{pid}
> > regex, as the current parser does not support nesting of {} groupings,
> > which breaks any profile that attempts to use the tunable.
>
> So I'll ack it if you don't object to me reverting it when I fix the
> parser :)
I won't strongly object, but frankly I found the nested alternations
ugly in its own right, if not quite as ugly as the uber-expanded
pattern that I did use. I'm not sure how to do it reasonably, but a
syntax that let us express '[1-9][0-9]{0,5}' (i.e. a non-zero digit
followed by 0 to 5 digits) would be useful.
--
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
