[apparmor] [patch 08/11] mod_apparmor: convert aa_change_hat()s into single aa_change_hatv() [v2]

John Johansen john.johansen at canonical.com
Thu Jan 23 22:25:25 UTC 2014


On 01/23/2014 02:12 PM, Steve Beattie wrote:
> On Thu, Jan 23, 2014 at 04:00:54AM -0800, John Johansen wrote:
>> So with the aa_change_hat format string bug fixed in another one of your
>> patches do you think its worth converting the
>>   aa_change_hat(NULL, token);
>> calls to
>>   aa_change_hatv(NULL, token);
>> ?
>>
>> This should allow this module to be run with older version of the library
>> installed. Of course with the use of aa_getcon that will require at least
>> a 2.8 install.
> 
> Hrm. On the one hand, I'd hope that an update that incorporated a
> newer mod_apparmor would pull in a newer libapparmor. On the other
> hand, stuff happens. So yeah, I've pulled that change into the patch,
> added a comment, and verified that things work correctly with the
> broken aa_change_hat().
> 

yeah stuff happens, I was thinking along the lines of someone just
pulling the new mod_apparmor into an older release/stable environment,
so they could gain the benefits of the improvements without having to
do major updates on a working machine.

I doubt anyone is suffering enough performance issues that the
change_hatv patch would be the reason but I could see someone wanting
logging and servername changes





More information about the AppArmor mailing list