[apparmor] [PATCH 00/11] Tweak change_profile rule syntax to include an exec mode
tyhicks at canonical.com
Wed May 25 21:09:58 UTC 2016
On 05/25/2016 03:59 PM, Tyler Hicks wrote:
> The purpose of this patch set is to modify the change_profile rule syntax to
> allow the policy author to specify if AT_SECURE in the kernel's auxiliary
> vector should be set (see the getauxval man page for details). The AT_SECURE
> value determines if libc will scrub the newly executed program's environment.
> See the following bug for more details:
As mentioned in the bug, these changes need accompanying utils/ updates.
I haven't looked at the utils/ in quite some time and wanted to go ahead
and get the lower level changes out for review. I also still cannot
successfully run `make check` in utils/ so I'm hesitant to try to make
any changes to that code.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the AppArmor