[apparmor] [patch 08/11] mod_apparmor: convert aa_change_hat()s into single aa_change_hatv() [v2]
John Johansen
john.johansen at canonical.com
Thu Jan 23 22:25:25 UTC 2014
On 01/23/2014 02:12 PM, Steve Beattie wrote:
> On Thu, Jan 23, 2014 at 04:00:54AM -0800, John Johansen wrote:
>> So with the aa_change_hat format string bug fixed in another one of your
>> patches do you think its worth converting the
>> aa_change_hat(NULL, token);
>> calls to
>> aa_change_hatv(NULL, token);
>> ?
>>
>> This should allow this module to be run with older version of the library
>> installed. Of course with the use of aa_getcon that will require at least
>> a 2.8 install.
>
> Hrm. On the one hand, I'd hope that an update that incorporated a
> newer mod_apparmor would pull in a newer libapparmor. On the other
> hand, stuff happens. So yeah, I've pulled that change into the patch,
> added a comment, and verified that things work correctly with the
> broken aa_change_hat().
>
yeah stuff happens, I was thinking along the lines of someone just
pulling the new mod_apparmor into an older release/stable environment,
so they could gain the benefits of the improvements without having to
do major updates on a working machine.
I doubt anyone is suffering enough performance issues that the
change_hatv patch would be the reason but I could see someone wanting
logging and servername changes
More information about the AppArmor
mailing list