[apparmor] [PATCH 12/27] apparmor: remove sid from profiles
Kees Cook
kees at ubuntu.com
Wed Nov 21 16:28:28 UTC 2012
On Tue, Nov 20, 2012 at 08:39:52PM -0800, John Johansen wrote:
> The sid is not going to be a direct property of a profile anymore, instead
> it will be directly related to the label, and the profile will pickup
> a label back reference.
>
> For null-profiles replace the use of sid with a per namespace unique
> id.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
> index 95979c4..aadcbf8 100644
> --- a/security/apparmor/include/policy.h
> +++ b/security/apparmor/include/policy.h
> @@ -127,6 +127,8 @@ struct aa_namespace {
> struct aa_ns_acct acct;
> struct aa_profile *unconfined;
> struct list_head sub_ns;
> +
> + atomic_t uniq_null;
> };
Drop empty line?
After that,
Acked-by: Kees Cook <kees at ubuntu.com>
(Yay, no sid!)
--
Kees Cook
More information about the AppArmor
mailing list