From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor-parser: Support dry-run mode

 This patch adds a -z|--dry-run option to parse the profile but not actually
 load it into the kernel.

 This is useful for testing without root priviledges.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 parser_include.c |    2 +-
 parser_include.h |    1 +
 parser_main.c    |   12 +++++++++---
 3 files changed, 11 insertions(+), 4 deletions(-)

--- a/parser_include.c
+++ b/parser_include.c
@@ -75,7 +75,7 @@ static int stripcomment(char *s);
 static char *stripblanks(char *s);
 static int preprocess(FILE *f, char *name, FILE * out, int nest);
 
-int preprocess_only;
+int preprocess_only, dry_run;
 
 /* default base directory is /etc/subdomain.d, it can be overriden
    with the -b option. */
--- a/parser_include.h
+++ b/parser_include.h
@@ -21,6 +21,7 @@
 #define PARSER_INCLUDE_H
 
 extern int preprocess_only;
+extern int dry_run;
 
 extern int add_search_dir(char *dir);
 extern void init_base_dir(void);
--- a/parser_main.c
+++ b/parser_main.c
@@ -51,7 +51,7 @@
 #define PCRE "pattern=pcre"
 #define AADFA "pattern=aadfa"
 
-#define UNPRIVILEGED_OPS (debug || preprocess_only || option == OPTION_STDOUT || names_only || \
+#define UNPRIVILEGED_OPS (debug || preprocess_only || dry_run || option == OPTION_STDOUT || names_only || \
 			  dump_vars || dump_expanded_vars)
 
 const char *parser_title	= "Novell/SUSE AppArmor parser";
@@ -81,6 +81,7 @@ struct option long_options[] = {
 	{"binary",		0, 0, 'B'},
 	{"base",		1, 0, 'b'},
 	{"debug",		0, 0, 'd'},
+	{"dry-run",		0, 0, 'z'},
 	{"subdomainfs",		0, 0, 'f'},
 	{"help",		0, 0, 'h'},
 	{"replace",		0, 0, 'r'},
@@ -120,6 +121,7 @@ static void display_usage(char *command)
 	       "-C, --Complain		Force the profile into complain mode\n"
 	       "-B, --binary		Input is precompiled profile\n"
 	       "-p, --preprocess	Dump profiles with includes expanded\n"
+	       "-z, --dry-run		Parse profile but don't load it\n"
 	       "-N, --names		Dump names of profiles in input.\n"
 	       "-S, --stdout		Dump compiled profile to stdout\n"
 	       "-b n, --base n		Set base dir and cwd\n"
@@ -161,7 +163,7 @@ static int process_args(int argc, char *
 	int count = 0;
 	option = OPTION_ADD;
 
-	while ((c = getopt_long(argc, argv, "adf:hrRvpI:b:BCNSm:qn:", long_options, &o)) != -1)
+	while ((c = getopt_long(argc, argv, "adzf:hrRvpI:b:BCNSm:qn:", long_options, &o)) != -1)
 	{
 		switch (c) {
 		case 0:
@@ -233,6 +235,9 @@ static int process_args(int argc, char *
 		case 'n':
 			profile_namespace = strdup(optarg);
 			break;
+		case 'z':
+			dry_run = 1;
+			break;
 		default:
 			display_usage(progname);
 			exit(0);
@@ -533,7 +538,8 @@ int process_profile(int option, char *pr
 		die_if_any_regex();
 	}
 
-	retval = load_policy(option);
+	if (!dry_run)
+		retval = load_policy(option);
 
 out:
 	return retval;