> It is too bad that all of the > profiles have to be fully parsed just to use basic utilities that don't > necessarily care about the rules inside of a profile.
The main problem is that we allow "random" filenames for the profiles, so we need to check all files for the to-be-changed profile - but you probably already know that. Yes, in theory we could just parse the headers and ignore the profile content, but that would mean that we need a (simplified, but still) copy of the profile parsing code. > While not perfect, I think this is a better approach than refusing to > parse valid profiles that have existed for quite a few years. What do > you think? I'm not the biggest fan of this workaround. Having the tools error out on invalid rules like your example would be much better - especially because such a rule will automagically be changed when saving the profile without any warning. Nevertheless, replacing "break the tools completely" with "unexpected bevaviour on invalid rules" still is a small improvement. FYI: FileRule accepts the permissions in any order, so maybe you could look at how it's done there. (Needless to say that having a list of possible permissions is easier to handle, but maybe it helps nevertheless.) Please don't forget to run "make check" for the utils ;-) BTW: Does your patch also work for something like dbus bus=session bind bus=system, -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628286 Title: [utils] DBus rules enforce stricter ordering of dbus attributes To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1628286/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs