Hello, John Johansen wrote: > On 08/01/2013 02:59 PM, Christian Boltz wrote:
> ### a check if the hat already exists might be useful to avoid duplicate > hat names (which might get merged on write, but I doubt that's intended > behaviour) > > ### interestingly, the parser does _not_ complain about duplicate hats. > ### John, is this a bug or intentional? > > That should fail, there is an explicit test for this in the parser. And in > my quick testing I get > > Multiple definitions for hat foo in profile (null) exist,bailing out. > > so a bug in the output but the check worked, can you forward an example > where it is not working correctly It happened with some "echo $whatever | apparmor_parser -p /dev/stdin" and checking my bash history showed I accidently deleted the pipe when I hit the so-called bug. In other words: it works as it should (and I get the correct error message for duplicate hat names) - sorry for the false alarm! > + # Below is not required I'd say > > ### hmm, not sure - John? > > + if not do_include: > + for hatglob in cfg['required_hats'].keys(): > + for parsed_prof in sorted(parsed_profiles): > + if re.search(hatglob, parsed_prof): > + for hat in cfg['required_hats'][hatglob].split(): > + if not profile_data[parsed_prof].get(hat, False): > + profile_data[parsed_prof][hat] = hasher() > > err, I am going to have to get back to you on this one. I need to dive > in and get more context first ;-) > ### we should discuss if we want to keep writing in sorted() order (which > can be helpful, but also annoying) > ### or if we want to keep the original order of a profile whenever > possible > ### (see discussion about writing config files) > ### -> topic for the next meeting? > > I prefer original order when possible, possibly with an option to tell it > to order and clean up the profile. Yes, that sounds like a good method, even if it means a bit more work. (Hint: we already do something similar when writing config files ;-) For the clean up option - don't read the old profile while writing the new one ;-) > Basically it comes down to ordering > destroys semantic/logical groupings and commenting. Yes. Regards, Christian Boltz -- Chance is irrelevant. We will succeed. -- Seven of Nine -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
