[apparmor] [patch] fix aa-logprof rewrite of PUx modes.
Steve Beattie
steve at nxnw.org
Tue Apr 24 18:09:16 UTC 2012
On Tue, Apr 24, 2012 at 09:36:50AM -0700, John Johansen wrote:
> On 04/24/2012 09:33 AM, Steve Beattie wrote:
> > The thing I don't like about this approach is that it treats the exec()
> > modes independently when they're not. The other approach I considered
> well currently they aren't as the backend only has a single bit for the safe
> exec flag, but we can revisit that
Yes, there's the issue that if we ever get mixed safe-unsafe exec modes
(e.g. cUx) that the current bitmask in the utils can't represent that.
But I was also concerned whether we have or would get modes where it
was possible to re-order them differently in syntactically legitimate
ways, e.g. hypothetical CPx versus PCx modes[1], which are unrepresentable
under the current AppArmor.pm bitmask.
[1] One could even hypothesize about multiple Cx fallbacks as well.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120424/5420df5a/attachment.pgp>
More information about the AppArmor
mailing list