[apparmor] [PATCH 6/6] Update documentation for change_hatv, change_hat_varags and change_onexec
Steve Beattie
steve at nxnw.org
Fri Feb 18 04:19:57 UTC 2011
On Thu, Feb 17, 2011 at 05:22:20PM -0800, John Johansen wrote:
> @@ -51,9 +71,6 @@ original profile will not happen, and the current task will be killed.
> If the I<magic_token> matches the original token, then the process will
> change back to the original profile.
>
> -If the program wants to change to a subprofile that it can never
> -change back out of, the application should call aa_change_hat() with a
> -I<magic_token> of I<0>.
Has this behavior changed? While the preferred mechanism for a one-way
transition is to use aa_change_profile(), there is a slight semantic
difference in that aa_change_profile() changes to a separate (global)
profile, while aa_change_hat() can only change to a hat within the
current profile.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110217/a6aaf3d0/attachment.pgp>
More information about the AppArmor
mailing list