One thing that comes to mind is that any check that doesn't actually carry out the intended action (such as opening a file) is subject to race conditions. Ideallly, what I would like to say is "open this file for me as if I had the following privileges". As is, I think all I can say is "would I be allowed to open this file with the following privileges?" If the answer is "yes", by the time I actually go an open the file, it may not be the same file anymore. This seems exactly analogous to access(2).
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381713 Title: Support policy query interface for file To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1381713/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
