[apparmor] [PATCH 29/31] parser: Finalize the aa_kernel_interface API
Tyler Hicks
tyhicks at canonical.com
Fri Jan 23 03:14:09 UTC 2015
On 2015-01-22 10:16:33, John Johansen wrote:
> On 12/05/2014 04:22 PM, Tyler Hicks wrote:
> > Create new, ref, and unref functions for aa_kernel_interface. The "new"
> > function allows for the caller to pass in an aa_features object that is
> > then used to check if the kernel supports set load operations.
> > Additionally, the "new" function allows for the apparmorfs path to be
> > discovered once instead of during every policy load.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Acked-by: John Johansen <john.johansen at canonical.com>
Thanks!
>
> with note below about another patch we should do
<snip>
> > + if (!(UNPRIVILEGED_OPS) &&
> > + aa_kernel_interface_new(&kernel_interface, features, apparmorfs) == -1) {
> > + PERROR(_("Warning: unable to find a suitable fs in %s, is it "
> > + "mounted?\nUse --subdomainfs to override.\n"),
> > + MOUNTED_FS);
> > + return 1;
> > + }
> > +
> gah --subdomainfs??? this should have died a long time ago
> we should deprecate --subdomainfs and add --apparmorfs option to replace it
Agreed. I can do that in a patch separate from this set.
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150122/f5bad0b6/attachment.pgp>
More information about the AppArmor
mailing list