[apparmor] [PATCH 00/11] Tweak change_profile rule syntax to include an exec mode

Tyler Hicks tyhicks at canonical.com
Wed May 25 20:59:32 UTC 2016

The purpose of this patch set is to modify the change_profile rule syntax to
allow the policy author to specify if AT_SECURE in the kernel's auxiliary
vector should be set (see the getauxval man page for details). The AT_SECURE
value determines if libc will scrub the newly executed program's environment.

See the following bug for more details:



More information about the AppArmor mailing list