[apparmor] [PATCH] apparmor: implement profile-based query interface in apparmorfs
John Johansen
john.johansen at canonical.com
Tue Mar 5 21:08:27 UTC 2013
On 03/05/2013 01:01 PM, Tyler Hicks wrote:
<< snip >>
>>> static int aa_fs_seq_show(struct seq_file *seq, void *v)
>>> {
>>> struct aa_fs_entry *fs_file = seq->private;
>>> @@ -787,6 +910,7 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = {
>>> AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
>>> AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
>>> AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
>>> + AA_FS_FILE_FOPS("access", 0666, &aa_fs_access),
>>
>> how about .access so that its hidden by default as its not really meant
>> for command line access
>
> Sure! I just reused the access name that smack and selinux use. Are you
> happy enough with .access or is there something that you feel fits
> better into the apparmorfs naming scheme?
>
.access is fine
We could go with plain access like smack and selinux, but I tend to like
the idea of hiding the files that behave special, and its consistent
with what we have done in the past.
More information about the AppArmor
mailing list