[apparmor] [RFC PATCH 1/1] libapparmor: Create man page for aa_stack_profile()/aa_stack_onexec()
John Johansen
john.johansen at canonical.com
Wed Jan 27 07:12:08 UTC 2016
On 01/26/2016 07:54 PM, Seth Arnold wrote:
> On Tue, Jan 26, 2016 at 03:17:19PM -0600, Tyler Hicks wrote:
>>>> 2. stack_onexec, stack delayed until exec applied pre-exec transitions
>>>> A -- stack_onexec B -- exec apply stack -- A//&B -- exec trans --> C//&D
>
>> Do you feel like #2 is still useful? I don't want to put words in John's
>> mouth (so correct me if I'm wrong, John) but I feel like he and I were
>> focusing on #1 and #3.
>
> No, I don't think #2 is worth keeping. It feels too confusing. If the
> program author wants this behaviour, aa_stack_profile() would allow the
> B -> D transition at exec time, though the intermediate behaviour would
> be different.
>
Right. I don't think #2 is viable, we are focusing on #1 and #3
More information about the AppArmor
mailing list