On Wed, Apr 11, 2012 at 10:45:59AM -0700, John Johansen wrote: > On 04/11/2012 10:35 AM, Steve Beattie wrote: > > Wait, the mount options don't accumulate? So > > > > mount options=ro /dev/foo, > > mount options=atime /dev/foo, > > > > would allow > > > > mount -o ro /dev/foo /some/mnt/location/ > > > > and > > > > mount -o atime /dev/foo /some/mnt/location/ > > > > but would not allow > > > > mount -o ro,atime /dev/foo /some/mnt/location/ > > > > ? This is seriously confusing. > > > How so? Within a single rule options set they do accumulate > mount options=ro /dev/foo, > mount options=atime /dev/foo, > > are separate rules > mount options in (ro,atime) /dev/foo, > > is a different rule and it is equivalent to the 3 rules > mount options=ro /dev/foo, > mount options=atime /dev/foo, > mount options=(ro,atime) /dev/foo,
Sorry, my confusion was thinking that mount options in separate rules were or'ed together (accumulation across rules), not treated independently. I.E. I had thought that by stating mount options=ro /dev/foo, mount options=atime /dev/foo, it implicitly overlapped mount options=(ro,atime) /dev/foo, and thus made the last rule redundant. I can see the case for treating these as XOR, eliminating the need to write a deny rule if that's what you want. > not saying we couldn't treat 'in' as a straight up list of single '=' options > but > it always was a set to me. No, I was entirely expecting it to behave as a set. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
