[apparmor] [PATCH 4/5] And the ability to specify the name andattachment of the profile separately. It does not allow for the attachmentspecification to begin with a variable however since variables in profilenames is not currently support this should

[Seth Arnold]

Something I've never understood about the namespaces is how they would be used.

Would they be used for openvz or vservers instances? Explicit names in profiles would seem counter-productive at first, you wouldn't want processes in the WebServer namespace to load policies in the DataBase namespace just by using a keyword...

Would they be used for user profiles? Again, I don't see how explicit names in the profiles would help; whichever euid loads the profiles seems a better choice.

Or is it for libvert, and the profiles aren't really supposed to be mutable from inside the guests?

Thanks