Re: [apparmor] [patch] Drop seen_events counter from aa.py

2016-10-14 Thread Christian Boltz 
Hello,

Am Freitag, 14. Oktober 2016, 12:16:52 CEST schrieb Steve Beattie:
> On Fri, Oct 14, 2016 at 12:43:19AM +0200, Christian Boltz wrote:
> > seen_events is a global variable in aa.py that gets increased at
> > several places, but isn't used (read or printed) anywhere. Since I
> > can't imagine how it could become useful, simply drop it.
> 
> I've no problem dropping this variable if we're not using it anywhere.
> 
> That said, I know previously in the development of the perl version
> of the tools, there was some experimentation with showing things like
> progress bars or information like e.g. "37 of 146 pending rejections
> would be covered by adding this rule". I think there's a place for
> indicators that show contextual information about the current run of
> whatever tool is being used, and this variable may have been added
> as a data gathering element to support that.

That sounds like an interesting idea, but I doubt a simple counter (like 
the two I dropped) would provide this information ;-)

What you propose would be more or less easy when adding the specific rule 
type (like a file rule for file events) - we'd just need to check 
is_covered() of the pending file events [1]. Things become slightly more 
interesting (and possibly a bit slower) when counting for an include file 
because we'd need to check all event types, not only file events, and 
check against all rules in the include.

I'm not saying it's impossible, "just" more interesting ;-)

Feel free to open a feature request to make sure this idea doesn't get 
lost, but I probably don't need to mention that we have more urgent 
things on the TODO list ;-)


Regards,

Christian Boltz

[1] Currently we don't delete the events from the log queue because the
for loop makes sure to hit them only once, but that would be an easy 
fix.
-- 
> [qpopper] Jepp. Den einzurichten, dauert max. 10 Min. Und ist absolut
> pflegeleicht. ;)
Hm... womit verbringst Du denn die letzten neun Minuten? Oder kommt hier
ein 286er zum Einsatz?  [> Michael Raab und Andreas Feile in suse-linux]


signature.asc
Description: This is a digitally signed message part.
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] Drop seen_events counter from aa.py

2016-10-13 Thread Christian Boltz 
Hello,

seen_events is a global variable in aa.py that gets increased at several
places, but isn't used (read or printed) anywhere. Since I can't imagine
how it could become useful, simply drop it.

Also drop an outdated comment in handle_children that lived next to a
seen_events line.


[ 01-drop-seen_events.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py2016-10-14 00:35:27.514276563 +0200
+++ utils/apparmor/aa.py2016-10-14 00:34:20.802587963 +0200
@@ -95,7 +95,6 @@
 
 existing_profiles = dict()
 
-seen_events = 0  # was our
 # To store the globs entered by users so they can be provided again
 # format: user_globs['/foo*'] = AARE('/foo*')
 user_globs = {}
@@ -1056,7 +1055,6 @@
 family = None
 sock_type = None
 protocol = None
-global seen_events
 regex_nullcomplain = re.compile('^null(-complain)*-profile$')
 
 for entry in entries:
@@ -1114,8 +1112,6 @@
 if aamode == 'PERMITTING':
 q.default = 'CMD_ADDHAT'
 
-seen_events += 1
-
 ans = q.promptUser()[0]
 
 if ans == 'CMD_FINISHED':
@@ -1283,9 +1279,6 @@
 exec_toggle = False
 q.functions += build_x_functions(default, options, 
exec_toggle)
 
-# options = '|'.join(options)
-seen_events += 1
-
 # ask user about the exec mode to use
 ans = ''
 # unused: 'CMD_px_safe', 'CMD_cx_safe', 'CMD_nx_safe', 
'CMD_pix_safe', 'CMD_cix_safe', 'CMD_nix_safe', 'CMD_ux_safe', 'CMD_EXEC_TOGGLE'
@@ -1525,7 +1518,6 @@
 
 def ask_the_questions():
 found = 0
-global seen_events
 for aamode in sorted(log_dict.keys()):
 # Describe the type of changes
 if aamode == 'PERMITTING':
@@ -1580,8 +1572,6 @@
 else:
 options.append(rule_obj.get_clean())
 
-seen_events += 1
-
 done = False
 while not done:
 q.options = options




Regards,

Christian Boltz
-- 
Mach halt nicht.  Viel Glueck fuer die naechsten Jahre noch ein System
mit 2.95 zu finden.  Sogar debian hat gcc 3 in unstable.  Okay, das
dauert noch, ehmm ... 10 Jahre, bis das stable wird, aber immerhin.
[Michael Matz in suse-programming]


signature.asc
Description: This is a digitally signed message part.
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor