Hello, Am Freitag, 5. Dezember 2014 schrieb Tyler Hicks: > To kick things off, a library friendly version of is_blacklisted() is > moved into libapparmor. > > The purpose of a private libapparmor API is to prevent duplicated code > between the parser and libapparmor. This becomes an issue as we > prepare to move chunks of the parser into libapparmor.
I'm also looking forward to use this function in the tools :-) (even if I'll probably wait some time to allow using latest tools with an older libapparmor) > diff --git a/libraries/libapparmor/src/private.c > b/libraries/libapparmor/src/private.c new file mode 100644 > index 0000000..f6f40b5 > --- /dev/null > +++ b/libraries/libapparmor/src/private.c > +static struct ignored_suffix_t ignored_suffixes[] = { > + /* Debian packging files, which are in flux during install > + should be silently ignored. */ > + { ".dpkg-new", 9, 1 }, > + { ".dpkg-old", 9, 1 }, > + { ".dpkg-dist", 10, 1 }, > + { ".dpkg-bak", 9, 1 }, > + /* RPM packaging files have traditionally not been silently > + ignored */ > + { ".rpmnew", 7, 0 }, > + { ".rpmsave", 8, 0 }, > + /* patch file backups/conflicts */ > + { ".orig", 5, 0 }, > + { ".rej", 4, 0 }, > + /* Backup files should be mentioned */ > + { "~", 1, 0 }, > + { NULL, 0, 0 } > +}; > + > +int _aa_is_blacklisted(const char *name, const char *path) > +{ > + int name_len; > + struct ignored_suffix_t *suffix; > + > + /* skip dot files and files with no name */ > + if (*name == '.' || !strlen(name)) > + return 1; For comparison - this is what the tools use (from aa.py): # rpm backup files, dotfiles, emacs backup files should not be processed # The skippable files type needs be synced with apparmor initscript def is_skippable_file(path): """Returns True if filename matches something to be skipped""" if (re.search('(^|/)\.[^/]*$', path) or re.search('\.rpm(save|new)$', path) or re.search('\.dpkg-(old|new)$', path) or re.search('\.swp$', path) or path[-1] == '~' or path == 'README'): return True I see some differences here (for example *.dpkg-dist, *.dpkg-bak, *.orig, *.rej) - ignoring those files makes sense, so I'll come up with a patch for aa.py in the next days (which will also make the code a bit more readable ;-) Also note the "needs to be synced with apparmor initscript" comment - it might be a good idea to add this comment also to the C code ;-) Regards, Christian Boltz -- Microsoft is a cross between The Borg and the Ferengi. Unfortunately they use Borg to do their marketing and Ferengi to do their programming. [Simon Slavin in the SDM] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor