[apparmor] [Patch 0/27] kernel rcu locking and aafs profiles introspection
John Johansen
john.johansen at canonical.com
Wed Nov 21 09:46:32 UTC 2012
On 11/20/2012 08:39 PM, John Johansen wrote:
> So this is the latest iteration of the new profile locking and profile/
> namespace directory. There has been some minor reworking of the direcortory
> structure since the last iteration.
>
> specifically the profile directory naming has moved away from using the
> sid to a per namespace unique number, and instead of preceeding the
> profile name it now trails it as in
> <profile_name>.<unique #>
>
> eg.
>
> /sys/kernel/security/apparmor/
> .load
> .remove
> .replace
> features/
> profiles
> policy/ # new policy dir
> profiles # profiles in the namespace
> usr.bin.foo.9/ # sid-mangled profile name
> name # profile name
> mode # profile mode (enforce, complain)
> attach # attachment re string
> profiles/ # hats and children profiles
> bar.12/
> name
> mode
> namespaces/ # namespaces under root
> ns1/ # example sub ns
> profiles/
> namespaces/
>
>
I forgot to add that null profiles are not shown under the new interface
but can still be removed or replaced if their names are known.
I am not sure how much of a problem this will be. I would like to avoid
having to create a directory structure for each learning profile, if we
can come up with a way to handle this well
More information about the AppArmor
mailing list