[apparmor] [patch 06/11] utils: split out aa-enforce function
Steve Beattie
steve at nxnw.org
Thu Mar 6 20:00:32 UTC 2014
On Wed, Mar 05, 2014 at 11:06:21PM -0800, Seth Arnold wrote:
> On Wed, Mar 05, 2014 at 05:44:40PM -0800, Steve Beattie wrote:
> > + apparmor.read_profiles()
> > + output_name = profile if program is None else program
>
> If there's more than one profile returned from get_next_to_profile() this
> will probably be annoyingly expensive. I started reading the depths of
> this and got worried about the action-at-a-distance going on, so, uh, I
> suspect we should leave it alone for now. But next time I'm looking for
> something to do, remind me of this. :)
I'm assuming you're referring to the read_profiles() call here. Yes,
I share a similar concern and didn't do the deep spelunking to ensure
to myself that it was not necessary. I *think* it's not, but didn't
want to break anything. But yeah, it would be nice to eliminate or
mitigate this somehow.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140306/d2c5f787/attachment.pgp>
More information about the AppArmor
mailing list