[apparmor] [PATCH 10/11] Add the safe xtransition key word
John Johansen
john.johansen at canonical.com
Tue Dec 14 22:44:02 GMT 2010
On 12/14/2010 09:10 AM, Seth Arnold wrote:
> Please forgive my inability to properly quote messages on BlackBerry.
>
>> opt_unsafe: { /* nothing */ $$ = 0; }
>> | TOK_UNSAFE { $$ = 1; };
>> +| TOK_SAFE { $$ = 2; };
>>
>> -rule: opt_unsafe file_mode opt_subset_flag id_or_var >opt_named_transition TOK_END_OF_RULE
>> +rule:opt_unsafe frule
>> {
>> -int mode = $2;
>> if ($1) {
>> -if (!($2 & AA_EXEC_BITS))
>> +if (!($2->mode & AA_EXEC_BITS))
>> yyerror(_("unsafe rule missing exec permissions"));
>
> This could be a safe or unsafe rule; I don't care for this message much as it is, so now may be a good chance to change it to "'safe' and 'unsafe' can only be used with execute permissions". Or something more friendly. :)
>
sure that makes sense
More information about the AppArmor
mailing list