[apparmor] aa-complain etc. and hats/child profiles
Christian Boltz
apparmor at cboltz.de
Fri Apr 3 15:41:00 UTC 2015
Hello,
since the rewrite to python, aa-complain etc. only changed the flags for
the main profile, but not for hats and child profiles. This was caused
by a totally broken regex, which is commented out since my commit some
minutes ago.
Now the question is - is that a bug or a feature?
It shouldn't be too hard to restore the 2.8 behaviour where aa-complain
etc. set the flags for all hats in a profile, but this would be a
behaviour change when compared to the 2.9.[01] releases.
So the questions are:
- do we want this behaviour change in trunk?
- do we want this behaviour change in the 2.9 branch?
- assuming the answer is yes, should it always be done or do we want
a command-line option to only change the flags of the main profile?
- if we want a command-line option, what should the default behaviour
be?
Regards,
Christian Boltz
--
Das Ziel des Trolls ist [...] der Gegenseite genug Seil zu reichen,
damit sie sich selbst in aller Öffentlichkeit erhängen kann.
[Fefe in http://blog.fefe.de/?ts=b3558afe]
More information about the AppArmor
mailing list