Hi,
today we had meeting about changes in xml schema and also we revisit some topics in XML parser.
Here are conclusions we reach ( do not hesitate to opposite or add anything I miss or forget ):
- allow in schema types everywhere. Current situation is that type string and map is forbidden and rest is mandatory. So newly string and map can be optionally specified in XML.
- allow for backward compatibility type disksize and fallback to string as before. This needs modification in xml parser …
[View More]and also in schema allow beside disksize also string type for given types.
- if no type is specified, use string type ( for backward compatibility it still use hash when there are no value and sub elements ). This simplify situation with implicit type and also helps a lot with backward compatibility.
- when exporting ( aka serializing data ) it won't write type string to make xml smaller as it is now default type. On other hand, map is always written down, so if user edit XML and remove sub elements, it won't be considered as empty string.
- martin propose to have alternative with `t=<type>` syntax as shortcut to `config:type=<type>` and use it by default. Idea looks good for all participants. Martin plan to introduce it for discussion.
- no modification of skelcd will be needed due to changes mentioned above even in post install script of yast2.rpm
- For autoyast profile, we should still work with old profiles. It needs testing if we do not export anywhere empty hash, which in past will be skipped, but newly it will be empty string.
Josef
--
To unsubscribe, e-mail: yast-devel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: yast-devel+owner(a)opensuse.org
[View Less]
Hello,
AFAIK the YaST AppArmor module uses the JSON output of aa-status.
There are two upcoming changes, and I'd like to point them out so that
you can adjust the YaST AppArmor module if needed.
a) new profile modes
Besides complain and enforce mode, future AppArmor versions (>= 3.0)
will also have `unconfined`, `mixed` and `kill`.
Technically the structure of the JSON doesn't change, but there will be
new values for the status, for example
"processes": {
"/usr/lib/GConf/…
[View More]2/gconfd-2": [
{
"pid": "3899",
"profile": "/usr/lib/GConf/2/gconfd-2",
"status": "kill"
}
]
}
"profiles": {
"/does/not/exist": "kill"
}
Side question: Do you think this warrants increasing the JSON version
number?
Quick explanation about the new modes:
- unconfined: similar to not having a profile, but when using an
unconfined profile, it's possible to replace it with a "real" profile
later, so that programs initially running under an unconfined profile
get a profile in enforce mode
- kill: similar to enforce, but on profile violations, the process will
be killed instead of "just" getting EPERM
- mixed: when using stacked profiles, this indicates that a program is
for example using a stack of two profiles, one in complain and one in
enforce mode. (This also means you'll see "mixed" only in aa-status
output, but never in a profile's "flags=(...)".)
(Extending the aa-* tools to support switching to kill and unconfined
mode is still on my TODO list.)
b) whitespace changes
aa-status was rewritten to C, which results in changed whitespace in the
--json output. Currently --pretty-json also results in "compressed"
JSON, but I hope that this will change again in the future.
I'd guess/hope that whitespace changes shouldn't matter, but please
check nevertheless.
Currently the new aa-status is only available in upstream git master.
If it makes testing easier for you, I can provide the compiled binary or
some example output.
Regards,
Christian Boltz
--
Es kann dadurch
, daß der Rechner (
wenn er an Trenn
- zeichen umbricht [Ratti erklärt
) die falschen Stellen den Begriff
erwischt , zu ganz gräß "Plenken"
- lichen Effekten kommen in suse-linux]
!
--
To unsubscribe, e-mail: yast-devel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: yast-devel+owner(a)opensuse.org
[View Less]
