[apparmor] [Kerenl Patch 0/32] RCU locking and interface
John Johansen
john.johansen at canonical.com
Wed Jan 16 21:28:29 UTC 2013
So this is the latest iteration of the new profile locking and profile/
namespace directory. There has been no changes to the dir layout since
last time but several bug fixes
eg.
/sys/kernel/security/apparmor/
.load
.remove
.replace
features/
profiles
policy/ # new policy dir
profiles # profiles in the namespace
usr.bin.foo.9/ # sid-mangled profile name
name # profile name
mode # profile mode (enforce, complain)
attach # attachment re string
profiles/ # hats and children profiles
bar.12/
name
mode
namespaces/ # namespaces under root
ns1/ # example sub ns
profiles/
namespaces/
The RCU patches where reworked fixes several subtle race conditions.
patches 1-16 should already have Acks on them from review, and
patches 28-32 are there to provide a fully functional system, and should
not be review atm
Some of the new patches are setting up for changes required by the
coming labeling patches (eg. changing how 21/32 changing how profile
replacement is handled)
The other set of new patches are to allow specifying a default profile
from boot which makes doing total system confinement much easier
So once again, the set of patches that a
More information about the AppArmor
mailing list