[apparmor] [PATCH 00/11] Tweak change_profile rule syntax to include an exec mode

Tyler Hicks tyhicks at canonical.com
Wed May 25 21:09:58 UTC 2016


On 05/25/2016 03:59 PM, Tyler Hicks wrote:
> The purpose of this patch set is to modify the change_profile rule syntax to
> allow the policy author to specify if AT_SECURE in the kernel's auxiliary
> vector should be set (see the getauxval man page for details). The AT_SECURE
> value determines if libc will scrub the newly executed program's environment.
> 
> See the following bug for more details:
> 
>   https://launchpad.net/bugs/1584069

As mentioned in the bug, these changes need accompanying utils/ updates.
I haven't looked at the utils/ in quite some time and wanted to go ahead
and get the lower level changes out for review. I also still cannot
successfully run `make check` in utils/ so I'm hesitant to try to make
any changes to that code.

Tyler


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160525/a407ecbc/attachment.pgp>


More information about the AppArmor mailing list