On Fri, May 03, 2013 at 09:43:15PM +0200, Christian Boltz wrote: > Indeed - creating some profiles with genprof and logprof (and at the > same time reading the audit.log and the resulting profile) is the easier > and probably faster way to understand how genprof and logprof work. > > Goal: you should be able to read an audit.log and write a profile in > $EDITOR - at least for a simple application or script.
Yes, this is a far better approach to understanding the tools. > Nevertheless, it might be needed to read the code for some details - but > that should be very targeted at the relevant code section. For the simple cases, the results would be easier studied by cause and effect, rather than code. For complicated cases, the code will be unreadable. (And I say that as a friend. :) > > (You wouldn't want to modify the current tools to do a profile > > repository, it just wouldn't be fun.) > > Nothing is useless - it can still serve as a bad example ;-)) Please, if you use any of my code in your giant list of bad coding practices, feel free to not attribute me. :) > > The repository API may be interesting to review -- if it could be > > found again -- but there was nothing in the API that was especially > > enlightened. (It was just a simple CRUD-style application.) > > Reviewing the API could indeed provide some ideas - but given the fact > that the profile repo is disabled in the tools since years, creating a > completely new API won't do any harm or break anything. Agreed -- I meant the operations that the API enabled, not the exact details _of_ the API. > -- > Perl - the only language that looks the same before and after RSA > encryption. -- Keith Bostic Well-chosen, as always. :) Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
