Re: [apparmor] [PATCH] utils: Don't check for existence of abstraction files in aa-easyprof

2015-11-30 Thread Christian Boltz
Hello, Am Sonntag, 29. November 2015 schrieb Tyler Hicks: > aa-easyprof is used to generate profiles and the lack of an > abstraction file during profile generation should not be an error > condition. > > Leave the handling of the abstraction file for the parser. It will > fail if the file does

Re: [apparmor] [PATCH] utils: Don't check for existence of abstraction files in aa-easyprof

2015-11-30 Thread Jamie Strandboge
On 11/29/2015 10:28 PM, Tyler Hicks wrote: > aa-easyprof is used to generate profiles and the lack of an abstraction > file during profile generation should not be an error condition. > Why? Or put another way-- why is it any different than a policy group? Is this just because the parser knows

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread Seth Arnold
On Sat, Nov 28, 2015 at 11:08:05AM -0800, John Johansen wrote: > +static void setup_parallel_compile(void) > +{ > + /* jobs_count and paralell_max set by default, config or args */ > + long n = sysconf(_SC_NPROCESSORS_ONLN); We should handle an error return here .. > + if (jobs_count

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread Seth Arnold
On Sat, Nov 28, 2015 at 09:02:18PM -0800, John Johansen wrote: > This check is well above the range of values I would recommend (some > where between 1-2x the number of cpus. More jobs can help with smaller Two times makes more sense for most CPUs but eight may be more appropriate for e.g. POWER8

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread John Johansen
On 11/30/2015 12:41 PM, Seth Arnold wrote: > On Sat, Nov 28, 2015 at 11:08:05AM -0800, John Johansen wrote: >> +static void setup_parallel_compile(void) >> +{ >> +/* jobs_count and paralell_max set by default, config or args */ >> +long n = sysconf(_SC_NPROCESSORS_ONLN); > > We should

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread John Johansen
On 11/30/2015 12:48 PM, Seth Arnold wrote: > On Sat, Nov 28, 2015 at 09:02:18PM -0800, John Johansen wrote: >> This check is well above the range of values I would recommend (some >> where between 1-2x the number of cpus. More jobs can help with smaller > > Two times makes more sense for most

Re: [apparmor] [PATCH] utils: Don't check for existence of abstraction files in aa-easyprof

2015-11-30 Thread Tyler Hicks
On 2015-11-30 14:14:07, Jamie Strandboge wrote: > On 11/29/2015 10:28 PM, Tyler Hicks wrote: > > aa-easyprof is used to generate profiles and the lack of an abstraction > > file during profile generation should not be an error condition. > > > Why? Or put another way-- why is it any different

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread John Johansen
On 11/29/2015 03:11 PM, Christian Boltz wrote: > Hello, > > Am Samstag, 28. November 2015 schrieb John Johansen: >> On 11/28/2015 01:54 PM, Christian Boltz wrote: >>> Am Samstag, 28. November 2015 schrieb John Johansen: > ... >>> So the parser will error out if a too big job number is given _and_

Re: [apparmor] [PATCH] utils: Don't check for existence of abstraction files in aa-easyprof

2015-11-30 Thread Tyler Hicks
On 2015-11-30 20:18:10, Christian Boltz wrote: > Hello, > > Am Sonntag, 29. November 2015 schrieb Tyler Hicks: > > aa-easyprof is used to generate profiles and the lack of an > > abstraction file during profile generation should not be an error > > condition. > > > > Leave the handling of the

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread apparmor
appar...@raf.org wrote: > Seth Arnold wrote: > > > On Sat, Nov 28, 2015 at 09:02:18PM -0800, John Johansen wrote: > > > This check is well above the range of values I would recommend (some > > > where between 1-2x the number of cpus. More jobs can help with smaller > > > > Two times makes more

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread apparmor
Seth Arnold wrote: > On Sat, Nov 28, 2015 at 09:02:18PM -0800, John Johansen wrote: > > This check is well above the range of values I would recommend (some > > where between 1-2x the number of cpus. More jobs can help with smaller > > Two times makes more sense for most CPUs but eight may be

Re: [apparmor] [PATCH] parser: add basic support for parallel compiles and loads

2015-11-30 Thread John Johansen
On 11/30/2015 02:42 PM, appar...@raf.org wrote: > appar...@raf.org wrote: > >> Seth Arnold wrote: >> >>> On Sat, Nov 28, 2015 at 09:02:18PM -0800, John Johansen wrote: This check is well above the range of values I would recommend (some where between 1-2x the number of cpus. More jobs

[apparmor] [PATCH] utils: Print aa-easyprof error to stderr upon manifest parsing error

2015-11-30 Thread Tyler Hicks
A common usage of aa-easyprof is to pipe its stdout to a file representing an AppArmor profile. Errors must go to stderr. https://launchpad.net/bugs/1521400 Signed-off-by: Tyler Hicks --- utils/aa-easyprof | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff