[apparmor] AppArmor profile name and hard link question
Li, Li
lili at qca.qualcomm.com
Wed Sep 17 00:28:34 UTC 2014
Hello,
I am new to AppArmor. I am trying to port it to an embedded linux platform. One problem I found is related to file system and/or hard link issue.
The platform I have mount system files under /rom using squashfs first. Then mount another file system jffs2 as / and create hard links to all the files under /rom. So it looks to the system everything is under "/". The problem is when I create a profile with '/path/tofile' as name, it cannot be constrained even it detects there's a profile for it.
If I create a profile with '/rom/path/tofile', it can detect it only when I run the file using '/rom/path/tofile', not from the hard link '/path/tofile'.
I understand there's some issues with links for apparmor to work correctly, but is it already fixed? BTW, the kernel I have is 3.4 and I also applied the 3.4 apparmor patches.
Thanks in advance,
Lee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140917/580c80aa/attachment.html>
More information about the AppArmor
mailing list