[apparmor] [PATCH 01/36] apparmor: provide base for multiple profiles to be replaced at once
John Johansen
john.johansen at canonical.com
Thu May 9 03:14:05 UTC 2013
On 05/01/2013 05:05 PM, Seth Arnold wrote:
> On Wed, May 01, 2013 at 02:30:46PM -0700, John Johansen wrote:
>> previously profiles had to be loaded one at a time, which could result
>> in cases where a replacement would partially succeed, and then fail
>> resulting in inconsitent policy.
>>
>> Allow multiple profiles to replaced atomically so that the replacement
>> either succeeeds or fails atomically for the set of profiles.
>>
>> Note: this does not provide multiple load of profiles when adding a parent
>> and its children as an atomic profile set. Because of this limitation
>> the atomic set load of profiles should not be exposed to userspace at this
>> time.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>
> I'm having trouble reviewing this one, it all looks too familiar -- it all
> looks like 'normal', now. The only thing I spotted is that the description
> isn't true now, since you did get child profiles in the atomic load.
>
thats interesting as this patch saw the largest overhaul of all the
previous patches sent.
Anyways thanks for catching the description problem, its fixed now.
More information about the AppArmor
mailing list