Merge lp://qastaging/~jdstrand/snap-confine/preprocessor into lp://qastaging/~snappy-dev/snap-confine/trunk

There's one serious bug that needs fixing (mentioned inline).

I'm having a little trouble understanding the bigger picture of why we need to preprocess. The card corresponding to this MP suggests that it us for @deny and I don't know exactly what @deny will do so could you briefly explain why preprocessing is needed for @deny?

Nice catch on the sizeof; that is annoying. I'm going to cleanup those sizeof()s so this won't happen again and also add a test that is close to the max line length to catch this in the future.

The reason for the preprocessing is threefold:
 * Seth mentioned he didn't like that we started to setup the seccomp filter then just bailed. Preprocessing addresses that
 * We are going to need to support complain mode and I was going to introduce @complain for this. With preprocessing I can detect @complain easily and then set seccomp_init() appropriately rather than having to undo stuff
 * I wanted to support deny rules and have deny rules behave like apparmor for policy writers. Ie, if you have a deny rule, any allow rules are ignored. I was going to implement this using '@deny foo' (I chose '@deny' in case 'deny' was ever added as a syscall and to continue with the '@' directives). I was going to preprocess and find all the deny rules, then in postprocess I would check to see if I already saw a deny rule, if I did, then I would skip adding the rule

All combined, preprocessing seemed to be the simplest and easiest to understand method to implement.

Thanks for the explanation. That makes sense.

Note that the sizeof() in preprocess_filter() is fine since the buf array is declared in scope.

Feel free to merge after you've adjusted read_line() to have a 'size_t buf_len' argument.