John, separating the compiling and matching into two libraries makes a ton of sense, the whole C++ runtime is pretty heavy. But having both easily available as libraries could provide a great many neat little utilities for us and potentially awesome tools for many other systems.
I guess count this as a vote for splitting, despite the extra work. Thanks! ------Original Message------ From: John Johansen To: Seth Arnold Cc: Nicolas Valcárcel Cc: [email protected] Subject: Re: [apparmor] Skippable files Sent: May 28, 2012 1:07 PM On 05/28/2012 10:53 AM, Seth Arnold wrote: > I'd love to see the tools and parser using the exact same code to figure out > which files to skip. Is there an exported library call that could be used in > the tools to replace this function? > Not yet but soon. The chfa match code is going to become part of the library. At that point we can add a match fn, and provide it with a precompiled expression (something compiled during the build). Precompiled because we aren't currently planning on putting the full aare code into libapparmor (C++ and all its deps), but we will make it available as a second library. Well that is the current plan anyway, it is possible we might collapse down to one (libapparmor) or could split into 3 libapparmor, libaare_match, libaare. The reason for wanting the split is that the match code is lightweight and pure C, while the code to compile an expression is C++ and quite heavy. The match code will uses without being able to compile an expression, as we will be able to hand it precompiled expressions (policy exported from kernel, etc). Of course its possible that the split isn't worth doing, we need to look at it more. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
