[apparmor] [PATCH 2/2] parser: Properly parse named transition targets
Tyler Hicks
tyhicks at canonical.com
Sat Feb 27 00:22:27 UTC 2016
On 2016-02-17 22:47:41, John Johansen wrote:
> On 02/11/2016 01:57 PM, Tyler Hicks wrote:
> > https://launchpad.net/bugs/1540666
> >
> > Reuse the new parse_label() function to initialize named_transition
> > structs so that transition targets, when used with change_profile, are
> > properly seperated into a profile namespace and profile name.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>
> Acked-by: John Johansen <john.johansen at canonical.com>
>
> for 2.10 as well
>
> though we are going to have to do another patch for stacking
> we need to be able to express
>
> change_profile -> A//&:ns://B,
>
> and
> change_profile -> :ns://A//&:ns://B,
The parser doesn't have to do anything special when the '&' is in the
middle of the transition target, right? IIUC, the parser writs that
entire string (":ns://A//&:ns://B") to the binary policy and then kernel
splits it up and makes sense of the '&' characters.
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160226/2be50e51/attachment.pgp>
More information about the AppArmor
mailing list