[apparmor] [patch] fix aa-logprof rewrite of PUx modes.
steve at nxnw.org
Tue Apr 24 18:09:16 UTC 2012
On Tue, Apr 24, 2012 at 09:36:50AM -0700, John Johansen wrote:
> On 04/24/2012 09:33 AM, Steve Beattie wrote:
> > The thing I don't like about this approach is that it treats the exec()
> > modes independently when they're not. The other approach I considered
> well currently they aren't as the backend only has a single bit for the safe
> exec flag, but we can revisit that
Yes, there's the issue that if we ever get mixed safe-unsafe exec modes
(e.g. cUx) that the current bitmask in the utils can't represent that.
But I was also concerned whether we have or would get modes where it
was possible to re-order them differently in syntactically legitimate
ways, e.g. hypothetical CPx versus PCx modes, which are unrepresentable
under the current AppArmor.pm bitmask.
 One could even hypothesize about multiple Cx fallbacks as well.
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the AppArmor