[apparmor] [PATCH 11/36] apparmor: Add interface files for profiles and namespaces
John Johansen
john.johansen at canonical.com
Thu May 9 09:58:40 UTC 2013
On 05/08/2013 08:13 PM, Seth Arnold wrote:
> On Wed, May 01, 2013 at 02:30:56PM -0700, John Johansen wrote:
>> Add basic interface files to access namespace and profile information.
>> The interface files are created when a profile is loaded and removed
>> when the profile or namespace is removed.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>
>> @@ -220,8 +509,10 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = {
>> { }
>> };
>>
>> -static struct aa_fs_entry aa_fs_entry =
>> - AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
>> +static struct aa_fs_entry aa_fs_entry[] = {
>> + AA_FS_DIR("apparmor", aa_fs_entry_apparmor),
>> + { }
>> +};
>
> I didn't see the reasoning behind this change.. nothing really wrong
> with it, but it appeared to just complicate nearly every line of code
> that touched aa_fs_entry, except one..
>
the { } entry is needed otherwise we can walk off the end of the array in
some of the loop code. ie its a necessary terminator
>> @@ -1149,7 +1162,33 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
>> }
>> }
>>
>> - /* do actual replacement */
>> + /* create new fs entries for introspection if needed */
>> + list_for_each_entry(ent, &lh, list) {
>> + if (ent->old) {
>> + if (ent->rename) {
>> + // ???
>> + }
>> + } else if (ent->rename) {
>> + // ????
>> + } else {
>
> These might need some fleshing out :) but I don't know what goes there..
>
> How well does the filesystem work without the corresponding code?
>
yes renaming replace is still a case I am slowly working on. Its not a
priority atm and its tricky. Sorry you will get the patches for this at
some point.
More information about the AppArmor
mailing list