[apparmor] [Patch 0/27] kernel rcu locking and aafs profiles introspection

[John Johansen]

So this is the latest iteration of the new profile locking and profile/
namespace directory. There has been some minor reworking of the direcortory
structure since the last iteration.

specifically the profile directory naming has moved away from using the
sid to a per namespace unique number, and instead of preceeding the
profile name it now trails it as in
  <profile_name>.<unique #>

eg.

/sys/kernel/security/apparmor/
  .load
  .remove
  .replace
  features/
  profiles
  policy/				# new policy dir
      profiles				# profiles in the namespace
        usr.bin.foo.9/			# sid-mangled profile name
          name				# profile name
	  mode				# profile mode (enforce, complain)
          attach			# attachment re string
          profiles/			# hats and children profiles
            bar.12/
	      name
	      mode
      namespaces/			# namespaces under root
        ns1/				# example sub ns
          profiles/
          namespaces/


The RCU rework fixes the locking problem with the profile lists, I am
not aware of any other major problems at the moment.

I am going to push this up into a ppa for easier testing, I expect
the builds will be ready some time on wednesday
   https://launchpad.net/~apparmor-dev/+archive/apparmor-devel

Note: that the current patches are exposing a parser bug that keeps it
from being able to load policy.  The easiest work around is to not
apply patch 21/27.


In-Reply-To: