On 06/25/2015 03:08 PM, William Hua wrote: > Here's one more pass of the kernel and apparmor patches with all the > changes you requested, John. Thanks for your patch, I copied it into > the old one nearly verbatim without much trouble. > Sorry for the extremely long turn around time on these
I am going to reply with a reworked patch queue, it is not functioning though it shouldn't be too far from working. It reorders and reworks things, and addresses a few bigger issues. Specifically it moves the parsed language back to an apparmor style instead of dconf style. Currently it extracts only a "/" watch point as data for each rule, so the data loaded will only be for "/". I need to finish up the fn to extract the exact/closest approximate watch point from the rule. The data passed in is a set of paths only. It is not split into r, w, rw paths. Again this is circumventing apparmors permission system. This data can only be used to establish the watch points, not what permissions those points have. It is entirely likely the permissions will change over the life of the watch point due to stacking. Library side the patches reorder/rework things to share a little more code and drop splitting the read data back into r, w, rw. Again its just a list of watch point paths. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
