Hello,
Am Donnerstag, 30. Mai 2013 schrieb Kshitij Gupta:
> I believe we can discuss project related specifics on personal mails
> and not clutter the mailing list. However, when we need reviews or
> ideas we can get to the mailing list. :-)
I'd prefer to have everything on the apparmor mailinglist.
We might get more reviews or ideas (even on topics where we don't really
expect them ;-) ) and also better and faster answers on questions
because more people can answer them.
Besides that, I wouldn't call it "clutter the mailing list" ;-)
BTW: The mailinglist survived the last set of kernel patches (> 60 mails
+ replies), so it will also survive GSoC ;-)
> 1) I'm on openSUSE 12.3 64-bit (x86_64) release. I'm actually looking
> forward to those bindings. (too see how much they're gonna save me ;-)
I sent you the packages with private mail some hours ago. Just install
them and check what they provide ;-) (Basically they are just a wrapper
around libapparmor.)
(I hope the packages work with the AppArmor packages from openSUSE 12.3
because my version is slightly newer - if something breaks, please tell
me and you'll get the complete set of packages.)
If you have any questions about libapparmor or the python bindings, ask
on the mailinglist - libapparmor is an area I personally don't really
know.
> 2) From what I understand you wish to store the additions for existing
> profiles into the local/* . From the README, it seems the directory
> was for that purpose (if I'm not mistaken).
Correct - the only missing part is support in the utilities, which is
now on your list of wanted features ;-)
Talking about feature ideas - it would be nice to have profile
modification scriptable. I'm thinking about something like
aa-$toolname --profile "/usr/sbin/httpd2-prefork" \
--addhat "vhost_foo"
aa-$toolname --profile "/usr/sbin/httpd2-prefork//vhost_foo" \
--add '/home/foo/httpdocs/** r'
Can you add this to the "nice-to-have" list?
> At the time of saving a
> profile, the user can be presented with the same as an option for the
> same. Any other way you'd want it implemented?
A config option (change main profile / write to local / always ask)
would be nice to avoid the user gets asked every time he runs logprof.
This also implies a commandline switch for logprof to be able to
override the config setting.
Maybe we should also have a way to set different defaults per profile.
@John, Seth, Steve: do you think this is necessary? If yes, how would
you implement it?
I noticed you created https://launchpad.net/~apparmor-profile-tools
I assume you want to use that as development place, right?
(and BTW, I changed the title from "dev" to "AppArmor profile tools" ;-)
@John: is it easily possible to move the code including version history
to the apparmor repo later? I'd guess it is, but I'm not familiar enough
with bzr...
Regards,
Christian Boltz
--
[scrolling with synaptics touchpad] I'm sorry, I couldn't realise
this feature automatically because of my sausage fingers :-D
[Tob Sch on https://bugzilla.novell.com/show_bug.cgi?id=168295]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
