Hello, AFAIK the YaST AppArmor module uses the JSON output of aa-status. There are two upcoming changes, and I'd like to point them out so that you can adjust the YaST AppArmor module if needed. a) new profile modes Besides complain and enforce mode, future AppArmor versions (>= 3.0) will also have `unconfined`, `mixed` and `kill`. Technically the structure of the JSON doesn't change, but there will be new values for the status, for example "processes": { "/usr/lib/GConf/2/gconfd-2": [ { "pid": "3899", "profile": "/usr/lib/GConf/2/gconfd-2", "status": "kill" } ] } "profiles": { "/does/not/exist": "kill" } Side question: Do you think this warrants increasing the JSON version number? Quick explanation about the new modes: - unconfined: similar to not having a profile, but when using an unconfined profile, it's possible to replace it with a "real" profile later, so that programs initially running under an unconfined profile get a profile in enforce mode - kill: similar to enforce, but on profile violations, the process will be killed instead of "just" getting EPERM - mixed: when using stacked profiles, this indicates that a program is for example using a stack of two profiles, one in complain and one in enforce mode. (This also means you'll see "mixed" only in aa-status output, but never in a profile's "flags=(...)".) (Extending the aa-* tools to support switching to kill and unconfined mode is still on my TODO list.) b) whitespace changes aa-status was rewritten to C, which results in changed whitespace in the --json output. Currently --pretty-json also results in "compressed" JSON, but I hope that this will change again in the future. I'd guess/hope that whitespace changes shouldn't matter, but please check nevertheless. Currently the new aa-status is only available in upstream git master. If it makes testing easier for you, I can provide the compiled binary or some example output. Regards, Christian Boltz -- Es kann dadurch , daß der Rechner ( wenn er an Trenn - zeichen umbricht [Ratti erklärt ) die falschen Stellen den Begriff erwischt , zu ganz gräß "Plenken" - lichen Effekten kommen in suse-linux] ! -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org