On Wed, May 01, 2013 at 02:31:00PM -0700, John Johansen wrote: > Add the dynamic profiles file to the interace, to allow load policy > introspection. > > Signed-off-by: John Johansen <john.johan...@canonical.com> > Acked-by: Kees Cook <k...@ubuntu.com>
> +/**
> + * __next_profile - step to the next profile in a profile tree
> + * @profile: current profile in tree (NOT NULL)
> + *
> + * Perform a depth first taversal on the profile tree in a namespace
'taversal'
> + * Returns: next profile or NULL if done
> + * Requires: profile->ns.lock to be held
> + */
> +static struct aa_profile *__next_profile(struct aa_profile *p)
> +{
> + struct aa_profile *parent;
> + struct aa_namespace *ns = p->ns;
> +
> + /* is next profile a child */
> + if (!list_empty(&p->base.profiles))
> + return list_first_entry(&p->base.profiles, typeof(*p),
> + base.list);
> +
> + /* is next profile a sibling, parent sibling, gp, subling, .. */
'subling'
> +/**
> + * seq_show_profile - show a profile entry
> + * @f: seq_file to file
> + * @p: current position (profile) (NOT NULL)
> + *
> + * Returns: error on failure
> + */
> +static int seq_show_profile(struct seq_file *f, void *p)
> +{
> + struct aa_profile *profile = (struct aa_profile *)p;
> + struct aa_namespace *root = f->private;
> +
> + if (profile->ns != root)
> + seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
> + seq_printf(f, "%s (%s)\n", profile->base.hname,
> + COMPLAIN_MODE(profile) ? "complain" : "enforce");
Now that unconfined is a mode, should this be made more complicated to
reflect (unconfined) as well?
Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
