On 01/02/2013 02:52 PM, Steve Beattie wrote:
> On Tue, Dec 18, 2012 at 02:39:55PM -0800, John Johansen wrote:
>> On 12/18/2012 06:17 AM, Steve Beattie wrote:
>>> The apparmor_api abstractions make the mistake of including tunables
>>> directly, which is a no-no since the variable definitions in tunables
>>> need to occur in the preamble of a profile, not embedded within it.
>>> This patch removes those includes, and replaces them documentation of
>>> tunables are necessary, as some of the expected ones are not part of
>>> tunables/global.
>>>
>>> It also adjust the kernelvars tunable's definition of the @{pid}
>>> regex, as the current parser does not support nesting of {} groupings,
>>> which breaks any profile that attempts to use the tunable.
>>
>> So I'll ack it if you don't object to me reverting it when I fix the
>> parser :)
>
> I won't strongly object, but frankly I found the nested alternations
> ugly in its own right, if not quite as ugly as the uber-expanded
> pattern that I did use. I'm not sure how to do it reasonably, but a
> syntax that let us express '[1-9][0-9]{0,5}' (i.e. a non-zero digit
> followed by 0 to 5 digits) would be useful.
>
yep, that is what I am shooting for, basically I'd like to allow an
escape sequence to enter regex mode, so something like
\X[1-9]{1,6}\Y
where \X and \Y are the yet to be determined escape characters used to
bracket the expression.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
