[apparmor] [PATCH 01/27] apparmor: fix auditing of domain transition failures due to incomplete policy
Steve Beattie
steve at nxnw.org
Wed Nov 21 17:51:26 UTC 2012
On Wed, Nov 21, 2012 at 09:36:24AM -0800, John Johansen wrote:
> On 11/21/2012 06:43 AM, Steve Beattie wrote:
> > Acked-By: Steve Beattie <sbeattie at ubuntu.com> though a comment
> > explaining why you're manipulating perms.allow might be nice.
> >
> sorry that my explanation didn't help. I'll try again
>
> policy granted the exec so the MAY_EXEC in perms.allow is set
> however the search for a matching profile failed, and we of course
> want to reject and audit this.
Sorry, you misunderstand the gist of my remark. I got what was
happening, especially after I went and looked at the aa_audit_file()
implementation; I just wanted a comment in the code to explain it, so
that in six months (hours is probably a more accurate time estimate)
when I've forgotten the reason, an inline explanation as to the
manipulation of allows.perm would make sense.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121121/b0cbb775/attachment.pgp>
More information about the AppArmor
mailing list