[apparmor] [Kerenl Patch 0/32] RCU locking and interface

John Johansen john.johansen at canonical.com
Wed Jan 16 21:28:29 UTC 2013

So this is the latest iteration of the new profile locking and profile/
namespace directory. There has been no changes to the dir layout since
last time but several bug fixes


  policy/			# new policy dir
      profiles			# profiles in the namespace
        usr.bin.foo.9/		# sid-mangled profile name
          name			# profile name
	  mode			# profile mode (enforce, complain)
          attach		# attachment re string
          profiles/		# hats and children profiles
      namespaces/		# namespaces under root
        ns1/			# example sub ns

The RCU patches where reworked fixes several subtle race conditions.

patches 1-16 should already have Acks on them from review, and
patches 28-32 are there to provide a fully functional system, and should
              not be review atm

Some of the new patches are setting up for changes required by the
coming labeling patches (eg. changing how 21/32 changing how profile
replacement is handled)

The other set of new patches are to allow specifying a default profile
from boot which makes doing total system confinement much easier

So once again, the set of patches that a

More information about the AppArmor mailing list