[apparmor] [PATCH 6/6] Update documentation for change_hatv, change_hat_varags and change_onexec

[John Johansen]

On 02/17/2011 08:19 PM, Steve Beattie wrote:
> On Thu, Feb 17, 2011 at 05:22:20PM -0800, John Johansen wrote:
>> @@ -51,9 +71,6 @@ original profile will not happen, and the current task will be killed.
>>  If the I<magic_token> matches the original token, then the process will
>>  change back to the original profile.
>>  
>> -If the program wants to change to a subprofile that it can never
>> -change back out of, the application should call aa_change_hat() with a
>> -I<magic_token> of I<0>.
> 
> Has this behavior changed? While the preferred mechanism for a one-way
> transition is to use aa_change_profile(), there is a slight semantic
> difference in that aa_change_profile() changes to a separate (global)
> profile, while aa_change_hat() can only change to a hat within the
> current profile.
> 

Yes it changed, with 2.4 (the rewrite that hit Karmic) IIRC.  We discussed
this and it was decided the small semantic change was worth doing as we
had change_profile and none of the consumers of change_hat were coded to
deal with getting a 0 when generating their random token so that it was
possible they would fail due to generating a 0 token.

Its true that change_profile isn't relative to the current profile
like change_hat, but the best I can come up with now is adding a new
fn as this is now what the upstream abi is.