[apparmor] [PATCH 1/3] Add the aa-exec command line utility
John Johansen
john.johansen at canonical.com
Thu Jan 12 11:02:42 UTC 2012
On 01/12/2012 11:54 AM, Seth Arnold wrote:
> Sorry for rubbish blackberry quoting...
>
> I don't think -F should unload when finished -- during execution the profile might be updated or removed via another mechanism, it might be used to confine other running processes, or the command might start a daemon which does the usual double-fork routine.
>
> If you want the feature (I can almost see it..) then please do so through yet another command line option.
>
yeah I don't think auto remove belongs at this level, in fact I am not
even sure -f belongs here. What I would like to get to for auto remove
is a flag on the profile that causes it to be unloaded when its no
longer in use. This would avoid all the potential problems Seth brought
up.
More information about the AppArmor
mailing list