[apparmor] [PATCH] apparmor: add the ability to report a crypto hash of loaded policy
Steve Beattie
steve at nxnw.org
Tue Aug 13 00:00:56 UTC 2013
On Thu, Aug 08, 2013 at 05:41:31PM -0700, John Johansen wrote:
> Provide userspace the ability to validate what policy is loaded via
> an exported crypto hash value.
To be clear, the hash value is of the profile blob minus the header,
which means skipping the protocol blob version and the namespace, if
any, correct? At least, that's based on my incomplete understanding
and read of the policy_unpack code this would apply against.
I guess it's okay that the same policy under multiple namespaces
results in the same hash (just trying to understand the implications
thereof).
Acked-by: Steve Beattie <sbeattie at ubuntu.com>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130812/880b97c9/attachment-0001.pgp>
More information about the AppArmor
mailing list