[apparmor] [PATCH 5/5] Revert to using permission hashing as part of dfa minimization.

Tue Nov 23 09:18:55 GMT 2010

This is a short term fix to deal with permission merging in dfa minimization
not handling overlapping x permissions correctly.  Until this is fixed
a profile with overlapping x permissions will have invalid x values which
will either be rejected by the kernel or result in the wrong transition.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser_main.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/parser/parser_main.c b/parser/parser_main.c
index f9b590a..15598eb 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -69,7 +69,7 @@ int binary_input = 0;
 int names_only = 0;
 int dump_vars = 0;
 int dump_expanded_vars = 0;
-dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS;
+dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS | DFA_CONTROL_MINIMIZE_HASH_PERMS;
 int conf_verbose = 0;
 int conf_quiet = 0;
 int kernel_load = 1;
-- 
1.7.1


