[apparmor] [PATCH 01/36] apparmor: provide base for multiple profiles to be replaced at once
Seth Arnold
seth.arnold at canonical.com
Thu May 2 00:05:18 UTC 2013
On Wed, May 01, 2013 at 02:30:46PM -0700, John Johansen wrote:
> previously profiles had to be loaded one at a time, which could result
> in cases where a replacement would partially succeed, and then fail
> resulting in inconsitent policy.
>
> Allow multiple profiles to replaced atomically so that the replacement
> either succeeeds or fails atomically for the set of profiles.
>
> Note: this does not provide multiple load of profiles when adding a parent
> and its children as an atomic profile set. Because of this limitation
> the atomic set load of profiles should not be exposed to userspace at this
> time.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
I'm having trouble reviewing this one, it all looks too familiar -- it all
looks like 'normal', now. The only thing I spotted is that the description
isn't true now, since you did get child profiles in the atomic load.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130501/0b4620af/attachment.pgp>
More information about the AppArmor
mailing list