[apparmor] [PATCH 10/11] Add the safe xtransition key word
Seth Arnold
seth.arnold at gmail.com
Tue Dec 14 17:10:07 GMT 2010
Please forgive my inability to properly quote messages on BlackBerry.
> opt_unsafe: { /* nothing */ $$ = 0; }
> | TOK_UNSAFE { $$ = 1; };
>+| TOK_SAFE { $$ = 2; };
>
>-rule: opt_unsafe file_mode opt_subset_flag id_or_var >opt_named_transition TOK_END_OF_RULE
>+rule:opt_unsafe frule
> {
>-int mode = $2;
> if ($1) {
>-if (!($2 & AA_EXEC_BITS))
>+if (!($2->mode & AA_EXEC_BITS))
> yyerror(_("unsafe rule missing exec permissions"));
This could be a safe or unsafe rule; I don't care for this message much as it is, so now may be a good chance to change it to "'safe' and 'unsafe' can only be used with execute permissions". Or something more friendly. :)
Thanks!
More information about the AppArmor
mailing list