[apparmor] [PATCH v2] apparmor: enable raw text policy

Georgia Garcia georgia.garcia at canonical.com
Wed Sep 8 14:43:27 UTC 2021


On Sat, 2021-09-04 at 02:07 +0000, Seth Arnold wrote:
> On Fri, Sep 03, 2021 at 06:31:49PM -0300, Georgia Garcia wrote:
> > +static const struct file_operations rawtext_fops = {
> > +	.open = rawdata_open,
> > +	.read = rawtext_read,
> > +	.llseek = generic_file_llseek,
> > +	.release = rawdata_release,
> > +};
> 
> Hey Georgia, I'm curious if the rawdata_open and rawdata_release here are
> correct. If they are correct, is there any problem if the same process
> opens both the raw_text and the raw_data files? Is there any problem if
> two or more processes open both raw_text and raw_data?
> 
> Thanks

Hi Seth,

When rawdata_open is called, we increase the refcount for loaddata and
decrease it for rawdata_release. The result of the decompression is
stored into a new variable (private), and not loaddata directly. 

So when there's a call for raw_data and raw_text by the same process,
the refcount will be increased twice and loaddata will be decompressed
twice having the result in two different private variables. That
applies for two or more processes as well.

Just to be sure, I tested these scenarios and it worked as expected.

I'm not sure if that's the issues you were concerned about and if I
made myself clear, so please let me know. I could be missing something
too :)

Thanks,
Georgia




More information about the AppArmor mailing list