Hello, this patch changes aa.py delete_duplicates() to loop over the rule classes.
That's better than doing copy&paste for each added rule class ;-) [ 45-delete_duplicates-use-loop.diff ] === modified file utils/apparmor/aa.py --- utils/apparmor/aa.py 2015-06-05 15:19:00.724318954 +0200 +++ utils/apparmor/aa.py 2015-06-05 15:40:36.233292517 +0200 @@ -2066,20 +2066,18 @@ # Allow rules covered by denied rules shouldn't be deleted # only a subset allow rules may actually be denied + ruletypes = ['capability', 'change_profile', 'network', 'rlimit'] + if include.get(incname, False): - deleted += profile['network'].delete_duplicates(include[incname][incname]['network']) - deleted += profile['capability'].delete_duplicates(include[incname][incname]['capability']) - deleted += profile['change_profile'].delete_duplicates(include[incname][incname]['change_profile']) - deleted += profile['rlimit'].delete_duplicates(include[incname][incname]['rlimit']) + for rule_type in ruletypes: + deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type]) deleted += delete_path_duplicates(profile, incname, 'allow') deleted += delete_path_duplicates(profile, incname, 'deny') elif filelist.get(incname, False): - deleted += profile['network'].delete_duplicates(filelist[incname][incname]['network']) - deleted += profile['capability'].delete_duplicates(filelist[incname][incname]['capability']) - deleted += profile['change_profile'].delete_duplicates(filelist[incname][incname]['change_profile']) - deleted += profile['rlimit'].delete_duplicates(filelist[incname][incname]['rlimit']) + for rule_type in ruletypes: + deleted += profile[rule_type].delete_duplicates(filelist[incname][incname][rule_type]) deleted += delete_path_duplicates(profile, incname, 'allow') deleted += delete_path_duplicates(profile, incname, 'deny') Regards, Christian Boltz -- And in those years, you have never had a bigger issue than a tray icon not working? - Damn! KDE team must be doing one fantastic job! [Bjørn Lie in opensuse-factory] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor