Hi,
thank you very much for taking the time to answering my questions about AAREs
and also for going to update the man page of apparmor.d! These upcoming changes
help a lot in order to make the link between AAREs and globbing, as well as
variable substitution.
What might (still) be left are the grammar definitions for FILEGLOB and AARE;
are they actually the same or is AARE the "superset" of FILEGLOB due to it
allowing for VARIABLE? If FILEGLOB and AARE actually are the same, would it
make sense to then boil them down into a single grammar element, preferably
AARE? Why AARE: because of VARIABLE, to distinguish from "plain" FILEGLOB.
In consequence, it would also help to specifically reference the "Globbing
(AARE)" section from the "Format" section:
AARE = ?*[]{}^ See section "Globbing (AARE)" below for meanings.
Now, that begs for expanding on AARE grammar, which admittedly is a gory issue,
try finding a proper globbing grammar :/
But one important aspect here is that contrary to (sh?) range negation "[!]",
AppArmor uses [^] similar to typical regex'es.
Another question here is: does AppArmor AARE explicitly support character
classes, or is this an undocumented and un-guaranteed side-effect of the
Python-based implementation of the parser?
With best regards,
Harald
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
