On Mon, May 20, 2013 at 02:49:50PM -0700, John Johansen wrote: > On 05/20/2013 02:16 PM, Seth Arnold wrote: > > On Sun, May 19, 2013 at 05:07:16AM -0700, John Johansen wrote: > >> - the default profile will be exposed to userspace via a file under > >> its namespace in aafs > >> - we could allow this file to be written to allow manually > >> switching the default profile > > > > Is there anything wrong with just trying for specified only in policy > > for a little while first? It doesn't seem like it'd be hard to write nor > > hard to use, but I'm not quickly seeing the problem it solves and the > > complexity of profiles not matching the kernel's view is potential for > > misunderstanding. > > > no that was my plan, start with in policy only + file to introspect, but > not change, and we can extend it later if need be.
I am in favor of in-policy definitions for this and I'm okay with your plan; however, the thought I had was that it might ease initial development and testing if the aafs files were writable, rather than depending on the parser being updated to support the new policy language. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
