On 13-09-06 02:22 PM, Jamie Strandboge wrote: > In discussing this with others, I prefer '3' over the others. It requires > slightly more work for the porter over '1' and '2', but it is loads better > than what we have now (nothing) and AppArmor syntax for file access is > straightforward and easily covered by documentation. '3' provides the > greatest flexibility and is robust. '2' and '3' allow for us to create > different categories for the devices too-- ie, for the sensor device or > gps we have /etc/apparmor.d/abstractions/hardware/sensors.d/ and > /etc/apparmor.d/abstractions/hardware/gps.d/ and the appropriate policy > groups simply include these directories as needed. In considering '3', we > can also move this outside of /etc completely, and instead ship the policy > in /usr/share/apparmor/hardware/*. > > I'd like to move forward on '3' soon, are there any objections?
I like 3 better also, since it's simple. No races, no issues with possible hot-plug devices, easier to test, easier to audit, etc. +1 on #3. Marc. -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
