Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On 2013-03-05 22:44:35, Tyler Hicks wrote: I've got an initial libapparmor patch to complement the kernel query interface patch that I recently sent out to the list. It is functional but it is quite ugly so I'm looking for suggestions on how we want this to look since there's not really a

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On 2013-03-06 18:49:42, Seth Arnold wrote: On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote: * Setting two int return parameters to indicate allow and audit isn't a final solution. I was thinking that I'd return a special return code that will indicate error or allow and

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On Thu, Mar 07, 2013 at 03:38:17PM -0800, Tyler Hicks wrote: It sounds like we're both on the same page. Yes. :) $ gcc -Wall -o query-profile query_profile.c -lapparmor $ ldd query-profile linux-vdso.so.1 = (0x7fffe41fe000) libapparmor.so.1 = /usr/lib/libapparmor.so.1

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On Thu, Mar 07, 2013 at 04:17:39PM -0800, Tyler Hicks wrote: Am I just overcomplicating things? No, it is a potentially valid use case but I'm trying to keep this interface simple so that most applications don't have to worry about bitwise operations of four permission masks that come from

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote: I've got an initial libapparmor patch to complement the kernel query interface patch that I recently sent out to the list. It is functional but it is quite ugly so I'm looking for suggestions on how we want this to look since there's

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On 2013-03-07 16:15:19, Seth Arnold wrote: On Thu, Mar 07, 2013 at 03:38:17PM -0800, Tyler Hicks wrote: It sounds like we're both on the same page. Yes. :) $ gcc -Wall -o query-profile query_profile.c -lapparmor $ ldd query-profile linux-vdso.so.1 = (0x7fffe41fe000)

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On 03/07/2013 04:26 PM, Seth Arnold wrote: On Thu, Mar 07, 2013 at 04:17:39PM -0800, Tyler Hicks wrote: Am I just overcomplicating things? No, it is a potentially valid use case but I'm trying to keep this interface simple so that most applications don't have to worry about bitwise

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On 03/07/2013 04:07 PM, Tyler Hicks wrote: On 2013-03-07 00:07:29, John Johansen wrote: snip Description: Add profile-based libapparmor query interface Wrap the apparmorfs profile query interface with a very simple libapparmor interface. This function takes a permission mask and query

Re: [apparmor] [PATCH RFC] Add profile-based libapparmor query interface

On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote: * Setting two int return parameters to indicate allow and audit isn't a final solution. I was thinking that I'd return a special return code that will indicate error or allow and audit statuses. Then define some simple macros