On Thu, May 30, 2013 at 08:31:31PM +0200, Christian Boltz wrote: > Correct - the only missing part is support in the utilities, which is > now on your list of wanted features ;-) > > Talking about feature ideas - it would be nice to have profile > modification scriptable. I'm thinking about something like > > aa-$toolname --profile "/usr/sbin/httpd2-prefork" \ > --addhat "vhost_foo" > aa-$toolname --profile "/usr/sbin/httpd2-prefork//vhost_foo" \ > --add '/home/foo/httpdocs/** r'
Scriptable would be nice, and maybe even an easy fall-out of new tool work. --addhat probably only makes sense if you can easily integrate with templates. Maybe aa-easyprof is useful to consider there. > Can you add this to the "nice-to-have" list? > > > At the time of saving a > > profile, the user can be presented with the same as an option for the > > same. Any other way you'd want it implemented? > > A config option (change main profile / write to local / always ask) > would be nice to avoid the user gets asked every time he runs logprof. > This also implies a commandline switch for logprof to be able to > override the config setting. > > Maybe we should also have a way to set different defaults per profile. > @John, Seth, Steve: do you think this is necessary? If yes, how would > you implement it? I could see a difference for distribution-provided profiles that are being extended vs self-authored profiles that are being modified. I wouldn't really want to have to ask for one behavior or the other -- but I could imagine that aa-genprof could add "created on this machine" profile names into a list, and modify those profiles directly, and profiles that aren't on the list get their <local/foo> files modified. Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
