On Wed, May 01, 2013 at 02:31:00PM -0700, John Johansen wrote: > Add the dynamic profiles file to the interace, to allow load policy > introspection. > > Signed-off-by: John Johansen <john.johan...@canonical.com> > Acked-by: Kees Cook <k...@ubuntu.com>
> +/** > + * __next_profile - step to the next profile in a profile tree > + * @profile: current profile in tree (NOT NULL) > + * > + * Perform a depth first taversal on the profile tree in a namespace 'taversal' > + * Returns: next profile or NULL if done > + * Requires: profile->ns.lock to be held > + */ > +static struct aa_profile *__next_profile(struct aa_profile *p) > +{ > + struct aa_profile *parent; > + struct aa_namespace *ns = p->ns; > + > + /* is next profile a child */ > + if (!list_empty(&p->base.profiles)) > + return list_first_entry(&p->base.profiles, typeof(*p), > + base.list); > + > + /* is next profile a sibling, parent sibling, gp, subling, .. */ 'subling' > +/** > + * seq_show_profile - show a profile entry > + * @f: seq_file to file > + * @p: current position (profile) (NOT NULL) > + * > + * Returns: error on failure > + */ > +static int seq_show_profile(struct seq_file *f, void *p) > +{ > + struct aa_profile *profile = (struct aa_profile *)p; > + struct aa_namespace *root = f->private; > + > + if (profile->ns != root) > + seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); > + seq_printf(f, "%s (%s)\n", profile->base.hname, > + COMPLAIN_MODE(profile) ? "complain" : "enforce"); Now that unconfined is a mode, should this be made more complicated to reflect (unconfined) as well? Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor