[apparmor] [PATCH] aa-disable

Jamie Strandboge jamie at canonical.com
Mon Feb 7 23:47:08 UTC 2011


aa-enforce and aa-complain exist to put a profile into enforce or
complain mode respectively. The /etc/apparmor.d/disable directory
already exists to drop files into it to disable profile load via
apparmor_parser (and therefore via the apparmor initscript). What
doesn't exist is aa-disable to add a file to the disable/ directory and
unload the profile. This patch does that. This version of aa-disable is
based on aa-complain (in fact doing a diff between aa-complain and
aa-disable might make review easier) and works as well as aa-enforce and
aa-complain. In other words, aa-disable has the same limitations of not
handling the specified binary properly if the specified attachment does
not match the path naming scheme (eg, the profile doesn't use the
conventional path.to.binary naming scheme, globbing is used for
attachment within the profile, etc).

aa-disable.patch:
* add aa-disable
* add aa-disable.pod
* update utils/Makefile

aa-disable_docs.patch:
* update various utils/*.pod files to also reference aa-disable, if they
already referenced aa-enforce and/or aa-complain

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aa-disable.patch
Type: text/x-patch
Size: 7570 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110207/3abfe309/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aa-disable_docs.patch
Type: text/x-patch
Size: 4439 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110207/3abfe309/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110207/3abfe309/attachment.pgp>


More information about the AppArmor mailing list