[apparmor] [PATCH 5/5] Function to test if apparmor support isenabled.

Fri Jul 22 21:05:34 UTC 2011

On 07/22/2011 07:52 AM, Kees Cook wrote:
> On Thu, Jul 21, 2011 at 01:38:28PM -0700, John Johansen wrote:
>> +int aa_is_enabled(void)
>> +{
>> +	int rc;
>> +
>> +	if (aa_state == 1) {
>> +		return 1;
>> +	} else if (aa_state != -1) {
>> +		errno = aa_state;
>> +		return 0;
>> +	}
>> +
>> +	rc = aa_is_enabled_raw();
>> +	aa_state = errno;
>> +	return rc;
>> +}
>
> I'm not sure if I like the idea of this always being cached. Couldn't the
> state change during execution, potentially? If using the cached value is
originally I was thinking it wouldn't but, it is possible if securityfs
isn't mounted by the time the first check is done.

> the way forward, maybe change _raw to _uncached ?
>
yeah uncached is better or flipping the naming and have a _cached
fn.  I debated about providing a cached version of the function
because it is easy for applications to just cache the value themselves.
I am on the fence on whether we need the cached version at all