> It is too bad that all of the
> profiles have to be fully parsed just to use basic utilities that don't
> necessarily care about the rules inside of a profile.
The main problem is that we allow "random" filenames for the profiles,
so we need to check all files for the to-be-changed profile - but you
probably already know that.
Yes, in theory we could just parse the headers and ignore the profile
content, but that would mean that we need a (simplified, but still) copy
of the profile parsing code.
> While not perfect, I think this is a better approach than refusing to
> parse valid profiles that have existed for quite a few years. What do
> you think?
I'm not the biggest fan of this workaround. Having the tools error out
on invalid rules like your example would be much better - especially
because such a rule will automagically be changed when saving the
profile without any warning. Nevertheless, replacing "break the tools
completely" with "unexpected bevaviour on invalid rules" still is a
small improvement.
FYI: FileRule accepts the permissions in any order, so maybe you could
look at how it's done there. (Needless to say that having a list of
possible permissions is easier to handle, but maybe it helps
nevertheless.)
Please don't forget to run "make check" for the utils ;-)
BTW: Does your patch also work for something like
dbus bus=session bind bus=system,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1628286
Title:
[utils] DBus rules enforce stricter ordering of dbus attributes
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1628286/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
