[apparmor] [PATCH 27/36] apparmor: treat each task as if the label can have mutiple entries
Seth Arnold
seth.arnold at canonical.com
Thu May 30 01:07:43 UTC 2013
On Wed, May 01, 2013 at 02:31:12PM -0700, John Johansen wrote:
> next baby step to labels. Update most code to walk labels as if there
> is multiple entries in a label, even though atm there can only be
> one.
>
> This does not update the domain transitions, exec, change_hat, change_profile
> (separate patch).
>
> Also it bails on first error, where for learning purposes it might be
> desireable to check permission, and log against all profiles before failing.
Or, if not for learning, also auditing purpoess.
I was going to complain about that, but since you addressed it in a
header, I'm not sure what to do. The patch, as described, looked right
to me, but my quibble is with the intention of too-early exits. :)
So, uh, add Acked-by: Seth Arnold <seth.arnold at canonical.com>, but with
the hope that a future patch changes a lot of the logging logic. :)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130529/0bddb326/attachment.pgp>
More information about the AppArmor
mailing list