[apparmor] [RFC PATCH 0/1] Kick off discussion around stacking interfaces

[Tyler Hicks]

John has asked me to start the discussion of what the libapparmor and kernel
interfaces will look like for the profile stacking feature that he is working
on. I figured the best way to do so would be to create an initial man page for
what I think that the libapparmor functions ought to look and act like. Note
that the kernel interface is briefly documented in the NOTES section.

This man page does not touch on how these interfaces would interact with
AppArmor profile stacking at the Linux namespace creation boundary. By that, I
mean stacking a new profile when clone(2) or unshare(2) is called with the
necessary flags for creating new namespaces. I need to sync up with John on
what's possible there with new LSM hooks that he's thinking about proposing in
those areas. Maybe this thread is the appropriate place to do that sync up or
perhaps it'll happen in IRC.

Tyler