[apparmor] [PATCH 0/6] Rewrite aa-exec in C
Tyler Hicks
tyhicks at canonical.com
Tue Dec 15 20:55:55 UTC 2015
This patch set creates regression tests for aa-exec and rewrites aa-exec in C
rather than Perl. The main reason behind the rewrite is that aa-exec is
becoming a widely used utility that has its place on even the most minimal of
Linux images and Perl is falling out of favor in some of those environments.
The rewrite is feature complete with one exception. I did not implement the
--file option of aa-exec. I feel like it encourages programs to be run as root
since aa-exec must be run as root in order for the specified profile to be
loaded and there's no privilege dropping option. Instead of complicating
aa-exec with a privilege dropping option, I decided to leave it out of the new
aa-exec. I'm open to tacking on another patch to reintroduce --file if anyone
feels strongly about it.
Tyler
More information about the AppArmor
mailing list