[apparmor] query_label regression test failures

Steve Beattie steve at nxnw.org
Mon Jun 29 15:53:41 UTC 2015

On Mon, Jun 29, 2015 at 01:23:40AM -0600, John Johansen wrote:
> > One of the questions I have is that with rev 3081, the macro definitions
> > become part of the library API, which means that it gets harder to
> > change them in the future. Are we sure we want that? (We don't have any
> > releases out there with them visible in the header yet.)
> > 
> It is already being exposed by the kernel and dbus's use. The other types
> can be queried, but there just isn't any library help so you need to know
> how to do it/interpret the returned values.
> I am fine with keeping the defines internal to apparmor but how would you
> propose we export the different permission information being currently
> returned by the kernel.

That's fine, and I recognize the reason we need to expose the
permission bits to userspace mediators (so that we can record and
inform what permissions are missing in log messages), but we need
to recognize that comes at a cost of making harder to change those
defines in the future without requiring a libapparmor so version bump.

Thanks for digging in to this.

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150629/c0f8e607/attachment.pgp>

More information about the AppArmor mailing list