[apparmor] [PATCH 0/6] Rewrite aa-exec in C
John Johansen
john.johansen at canonical.com
Tue Dec 15 23:40:33 UTC 2015
On 12/15/2015 12:55 PM, Tyler Hicks wrote:
> This patch set creates regression tests for aa-exec and rewrites aa-exec in C
> rather than Perl. The main reason behind the rewrite is that aa-exec is
> becoming a widely used utility that has its place on even the most minimal of
> Linux images and Perl is falling out of favor in some of those environments.
>
> The rewrite is feature complete with one exception. I did not implement the
> --file option of aa-exec. I feel like it encourages programs to be run as root
> since aa-exec must be run as root in order for the specified profile to be
> loaded and there's no privilege dropping option. Instead of complicating
> aa-exec with a privilege dropping option, I decided to leave it out of the new
> aa-exec. I'm open to tacking on another patch to reintroduce --file if anyone
> feels strongly about it.
>
heck no, that was a convenience thing for hacking on apparmor not something we
really want to support
More information about the AppArmor
mailing list