fix: Make the parser behave the same as when driven with xargs -n1

Currently the parser is bailing when it fails to load a profile, not processing any potential subsequent profiles in the dir or passed in list. This results in all policy after the first error failing to load, instead of just the profile(s) with the error. This is a different behavior than what has been done by initscripts that have driven it with xargs -n1, passing it a single profile at a time. Fix this so that the parser only exits on first error if specifically told to do so. Note: this does not fix the various failure points in the parser that call exit, instead of returning an error. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>, thanks.
2025-08-31 06:16:03 +00:00 · 2014-09-23 14:24:40 -07:00
parent 8b030e8877
commit 8fb91c8e9d
2 changed files with 34 additions and 13 deletions
--- a/parser/apparmor_parser.pod
+++ b/parser/apparmor_parser.pod
@@ -271,6 +271,12 @@ of time to complete.
 Use --help=optimize to see a full list of which optimization flags are
 supported.

+=item --abort-on-error
+Abort processing of profiles on the first error encountered, otherwise
+the parser will continue to try to compile other profiles if specified.
+
+Note: If an error is encountered while processing profiles the last error
+encountered will be used to set the exit code.
 =back

 =head1 CONFIG FILE