[apparmor] [PATCH v2 0/6] Rewrite aa-exec in C
Tyler Hicks
tyhicks at canonical.com
Thu Dec 17 03:25:01 UTC 2015
This patch set creates regression tests for aa-exec and rewrites aa-exec
in C rather than Perl. The main reason behind the rewrite is that aa-exec
is becoming a widely used utility that has its place on even the most
minimal of Linux images and Perl is falling out of favor in some of those
environments.
The rewrite is feature complete with one exception. I did not implement
the --file option of aa-exec. I feel like it encourages programs to be run
as root since aa-exec must be run as root in order for the specified
profile to be loaded and there's no privilege dropping option.
* Changes since v1:
- Move the new aa-exec to binutils/
- Add internationalization support
- Move the aa-exec(8) man page to binutils/
- Adjust the regression tests, in patch 5, to use the binutils/aa-exec
when USE_SYSTEM=1 is not specified
Tyler
More information about the AppArmor
mailing list