the former isn't supported on glibc before glibc 2.4 (SL10.0 and prior,
Annvix, etc.). I dislike the change because fdopendir() does exactly
what I want, and converting to straight opendir() introduces a small
race window, though paths in question should be under administrator
control anyway.
by naming the directory (e.g. #include </etc/apparmor.d/abstractions>).
It will skip over dotfiles and as well as subdirectories. It is intended
to make scripting and packaging easier, as the including profile will
not need to know explicitly all of the names to include.
Long term, rather than hardcode that dotfiles will be skipped, it should
be configurable via /etc/apparmor.d/subdomain what patterns of files
should be skipped; genprof/logprof should also honor this setting. The
code could be reused as I'd like to make the parser just take a directory
on the command line rather than being fed profiles one at a time; again
it would skip files based on these same patterns.
This patch also eliminates some dead code in the include processing, as
well as replaces a couple of undersized fixed-size buffer (PATH_MAX is
4095 on linux, buffer is not overflowable due to use of strncpy/snprintf)
with dynamically allocated ones.
This patch prevents the parser from segv'ing if neither of the expected
default profile directories exist (/etc/subdomain.d, /etc/apparmor.d).
A profile passed on the command line or via stdin will still load, so
long as -I/path/to/includes is passed for any relevant includes files.
