[apparmor] [PATCH 3/3] Make second minimization pass optional
Kees Cook
kees at ubuntu.com
Tue Feb 14 19:43:16 UTC 2012
On Tue, Feb 14, 2012 at 09:57:28AM -0800, John Johansen wrote:
> The removal of deny information is a one way operation, that can result
> in a smaller dfa, but also results in a dfa that should not be used in
> future operations because the deny rules from the precomputed dfa would
> not get applied.
>
> For now default filtering out of deny information to off, as it takes
> extra time and seldom results in further state reduction.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Kees Cook <kees at ubuntu.com>
--
Kees Cook
More information about the AppArmor
mailing list