[apparmor] GSoC review r26 and r27
John Johansen
john.johansen at canonical.com
Sat Jul 27 22:05:07 UTC 2013
On 07/27/2013 10:02 AM, Christian Boltz wrote:
> Hello,
>
> see the attached file for r26 and r27 review notes.
>
> @John: I'm still waiting for your answer about
> # ix implies m, so we don't need to add m if ix is present
>
so ignore this, as we are not doing this
> I have some profiles that contain "mrix" (for example sbin.dhclient and
> usr.sbin.ntpd), so either the old logprof was buggy or the comment is
> wrong ;-)
>
neither, it was actually a change in kernel behavior that affected policy.
It used to be that m was not needed for ix because of where the tests
where done.
A change in that behavior happened 5 or 6 years ago.
so at best the comment should have been changed as this rolled through
More information about the AppArmor
mailing list