On 01/02/2013 02:52 PM, Steve Beattie wrote: > On Tue, Dec 18, 2012 at 02:39:55PM -0800, John Johansen wrote: >> On 12/18/2012 06:17 AM, Steve Beattie wrote: >>> The apparmor_api abstractions make the mistake of including tunables >>> directly, which is a no-no since the variable definitions in tunables >>> need to occur in the preamble of a profile, not embedded within it. >>> This patch removes those includes, and replaces them documentation of >>> tunables are necessary, as some of the expected ones are not part of >>> tunables/global. >>> >>> It also adjust the kernelvars tunable's definition of the @{pid} >>> regex, as the current parser does not support nesting of {} groupings, >>> which breaks any profile that attempts to use the tunable. >> >> So I'll ack it if you don't object to me reverting it when I fix the >> parser :) > > I won't strongly object, but frankly I found the nested alternations > ugly in its own right, if not quite as ugly as the uber-expanded > pattern that I did use. I'm not sure how to do it reasonably, but a > syntax that let us express '[1-9][0-9]{0,5}' (i.e. a non-zero digit > followed by 0 to 5 digits) would be useful. > yep, that is what I am shooting for, basically I'd like to allow an escape sequence to enter regex mode, so something like
\X[1-9]{1,6}\Y where \X and \Y are the yet to be determined escape characters used to bracket the expression. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor