[apparmor] [PATCH 1/3] Add the aa-exec command line utility
Seth Arnold
seth.arnold at gmail.com
Thu Jan 12 11:04:49 UTC 2012
Ooh, unload when refcount hits zero makes much more sense to me.
------Original Message------
From: John Johansen
To: Seth Arnold
Cc: Steve Beattie
Cc: apparmor at lists.ubuntu.com
Subject: Re: [apparmor] [PATCH 1/3] Add the aa-exec command line utility
Sent: Jan 12, 2012 3:02 AM
On 01/12/2012 11:54 AM, Seth Arnold wrote:
> Sorry for rubbish blackberry quoting...
>
> I don't think -F should unload when finished -- during execution the profile might be updated or removed via another mechanism, it might be used to confine other running processes, or the command might start a daemon which does the usual double-fork routine.
>
> If you want the feature (I can almost see it..) then please do so through yet another command line option.
>
yeah I don't think auto remove belongs at this level, in fact I am not
even sure -f belongs here. What I would like to get to for auto remove
is a flag on the profile that causes it to be unloaded when its no
longer in use. This would avoid all the potential problems Seth brought
up.
More information about the AppArmor
mailing list