Hi John, What's the reasoning here? "disable" is to avoid processing at all. It doesn't make sense to me to not skip disabled profiles here. What use-case am I overlooking?
-Kees On Tue, Dec 27, 2011 at 06:49:32PM -0800, John Johansen wrote: > Signed-off-by: John Johansen <[email protected]> > --- > parser/parser_main.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/parser/parser_main.c b/parser/parser_main.c > index 721582d..2a39ffc 100644 > --- a/parser/parser_main.c > +++ b/parser/parser_main.c > @@ -886,7 +886,7 @@ int process_profile(int option, char *profilename) > else > basename = profilename; > > - if (test_for_dir_mode(basename, "disable")) { > + if (PRIVILEGED_OPS && test_for_dir_mode(basename, "disable")) { > if (!conf_quiet) > PERROR("Skipping profile in %s/disable: %s\n", > basedir, basename); > goto out; > -- > 1.7.7.3 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor -- Kees Cook -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
