[apparmor] [PATCH 2/5] Only apply disable to operations that actually load to kernel
John Johansen
john.johansen at canonical.com
Wed Dec 28 02:49:32 UTC 2011
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/parser_main.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 721582d..2a39ffc 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -886,7 +886,7 @@ int process_profile(int option, char *profilename)
else
basename = profilename;
- if (test_for_dir_mode(basename, "disable")) {
+ if (PRIVILEGED_OPS && test_for_dir_mode(basename, "disable")) {
if (!conf_quiet)
PERROR("Skipping profile in %s/disable: %s\n", basedir, basename);
goto out;
--
1.7.7.3
More information about the AppArmor
mailing list