[apparmor] [patch 12/12] map the net permission set into a form compatible with the old dfa table
Steve Beattie
steve at nxnw.org
Wed Sep 3 21:45:23 UTC 2014
On Mon, Aug 25, 2014 at 05:06:17PM -0700, john.johansen at canonical.com wrote:
> The old dfa table format has 2 64 bit permission field used to store
> all of allow, quiet, audit, owner/!owner and transition mask. This leaves
> 7 bits for entry + a few other special bits.
>
> Since policydb entries when using old style dfa permission format
> don't use support the !owner permission entries we can map, the
> high net work permission bits to these entries.
>
> This allows us to enforce base network permissions on system with
> only support for the old dfa table format.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>
Thanks (and to Seth as well for the skepticism around the bit
shifting).
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140903/af43926c/attachment-0001.pgp>
More information about the AppArmor
mailing list