On Wed, May 01, 2013 at 02:30:55PM -0700, John Johansen wrote: > Allow emulating the default profile behavior from boot, by allowing > loading of a profile in the unconfined state into a new NS. > > Signed-off-by: John Johansen <john.johan...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com> ... with the caveat / note that the following hunk _may_ require userspace changes. (Those changes may already have been made.) > index 69894ad..c69f7c4 100644 > --- a/security/apparmor/policy_unpack.c > +++ b/security/apparmor/policy_unpack.c > @@ -510,12 +510,16 @@ static struct aa_profile *unpack_profile(struct aa_ext > *e) > goto fail; > if (!unpack_u32(e, &tmp, NULL)) > goto fail; > - if (tmp) > + if (tmp & PACKED_FLAG_HAT) > profile->flags |= PFLAG_HAT; > if (!unpack_u32(e, &tmp, NULL)) > goto fail; > - if (tmp) > + if (tmp == PACKED_MODE_COMPLAIN) > profile->mode = APPARMOR_COMPLAIN; > + else if (tmp == PACKED_MODE_KILL) > + profile->mode = APPARMOR_KILL; > + else if (tmp == PACKED_MODE_UNCONFINED) > + profile->mode = APPARMOR_UNCONFINED; > if (!unpack_u32(e, &tmp, NULL)) > goto fail; > if (tmp) Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
