[apparmor] [PATCH 0/12] Move aa_{match, features, kernel_interface, policy_cache} APIs
Seth Arnold
seth.arnold at canonical.com
Fri Dec 12 19:25:12 UTC 2014
On Wed, Dec 10, 2014 at 04:12:21PM -0600, Tyler Hicks wrote:
> This set of patches moves the previously proposed[1] APIs to
> libapparmor. It feels a little like jumping the gun since the proposed
> if (aa_policy_cache_new(&policy_cache, features,
> "/etc/apparmor.d/cache", false) == -1) {
> perror("Failed to find a valid AppArmor policy cache");
> goto out;
> }
>
> if (aa_policy_cache_replace_all(policy_cache, NULL) == -1) {
> perror("Failed to reload cached AppArmor policies");
> goto out;
> }
With the recent-ish move to multiple profile caches (at least on Ubuntu)
for different purposes, I'm curious how these caches will interact with
each other when using this library. One thing our init script has done in
the past is remove profiles from the kernel when their corresponding
source files have been deleted from the source directories.
I suspect that mechanism is no longer a good idea for the library (or
initscript); I'm curious if there are similar issues.
I haven't looked through the API enough yet to ask intelligent questions,
but I wanted to make sure I didn't forget entirely...
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141212/12f70bad/attachment.pgp>
More information about the AppArmor
mailing list