[apparmor] replacing unconfined and doing global policy

Seth Arnold seth.arnold at gmail.com
Thu Apr 5 16:27:26 UTC 2012

Would we have to also remove controls like "only unconfined can reload policy"? Or did we do that already when cap mac_admin was introduced? Would we want to add new policy language to provide fine-grain control of cap mac_admin?

More information about the AppArmor mailing list